Dynmon_injector tool + example dataplanes

michelsciortino · michelsciortino · commit c007a340b98c · 2020-03-17T05:03:53.000+01:00
diff --git a/src/services/pcn-dynmon/examples/README.md b/src/services/pcn-dynmon/examples/README.md
@@ -0,0 +1,20 @@
+# Monitoring examples
+
+This folder contains a set of monitoring dataplanes, which can be used as examples for the Dynamic Monitoring service.
+
+- [packet_counter.json](packet_counter.json):
+  - the `packets_total` metric represents the number of packets that have traversed the attached network interface
+
+- [ntp_packets_counter.json](ntp_packets_counter.json):
+  - the `ntp_packets_total` metric represents the number of NTP packets that have traversed the attached network interface
+
+- [ntp_packets_ntp_mode_private_counters.json](ntp_packets_ntp_mode_private_counters.json):
+  - the `ntp_packets_total` metric represents the number of NTP packets that have traversed the attached network interface;
+  - the `ntp_mode_private_packets_total` metric represents the number of NTP packets with NTP_MODE = 7 (MODE_PRIVATE) that have traversed the attached network interface
+
+All counters are *incremental*, hence their values are monotonically increasing.
+
+
+Unfortunately the dataplane code (eBPF restricted C) contained in the above JSONs is not easy to read for a human, due to the formatting limitations of the JSON format. A more human friendly version can be produced by unescaping the code by using [this online free tool](https://www.freeformatter.com/json-escape.html).
+
+The same tool can be used also to escape any multiline code strings in order to create new valid injectable dataplanes.
diff --git a/src/services/pcn-dynmon/examples/ntp_packets_counter.json b/src/services/pcn-dynmon/examples/ntp_packets_counter.json
@@ -0,0 +1,24 @@
+{
+    "name": "NTP Amplification BUA probe",
+    "code": "\r\n#include <uapi/linux/ip.h>\r\n#include <uapi/linux/udp.h>\r\n\r\n#define IP_PROTO_UDP 17\r\n#define NTP_PORT 123\r\n\r\nstruct eth_hdr {\r\n    __be64 dst : 48;\r\n    __be64 src : 48;\r\n    __be16 proto;\r\n} __attribute__((packed));\r\n\r\nBPF_ARRAY(NTP_PACKETS_COUNTER, uint64_t,1);\r\n\r\nstatic __always_inline\r\nint handle_rx(struct CTXTYPE *ctx, struct pkt_metadata *md) {\r\n    /*Parsing L2*/\r\n    void *data = (void *) (long) ctx->data;\r\n    void *data_end = (void *) (long) ctx->data_end;\r\n    struct eth_hdr *ethernet = data;\r\n    if (data + sizeof(*ethernet) > data_end)\r\n        return RX_OK;\r\n\r\n    if (ethernet->proto != bpf_htons(ETH_P_IP))\r\n        return RX_OK;\r\n\r\n    /*Parsing L3*/\r\n    struct iphdr *ip = data + sizeof(struct eth_hdr);\r\n    if (data + sizeof(struct eth_hdr) + sizeof(*ip) > data_end)\r\n        return RX_OK;\r\n    if ((int) ip->version != 4)\r\n        return RX_OK;\r\n\r\n    if (ip->protocol != IP_PROTO_UDP)\r\n        return RX_OK;\r\n\r\n    /*Parsing L4*/\r\n    uint8_t ip_header_len = 4 * ip->ihl;\r\n    struct udphdr *udp = data + sizeof(*ethernet) + ip_header_len;\r\n    if (data + sizeof(*ethernet) + ip_header_len + sizeof(*udp) > data_end)\r\n        return RX_OK;\r\n\r\n    if (udp->source == bpf_htons(NTP_PORT) || udp->dest == bpf_htons(NTP_PORT)) {\r\n        pcn_log(ctx, LOG_TRACE, \"%I:%P\\t-> %I:%P\", ip->saddr,udp->source,ip->daddr,udp->dest);\r\n        unsigned int key = 0;\r\n        uint64_t * ntp_pckts_counter = NTP_PACKETS_COUNTER.lookup(&key);\r\n        if (!ntp_pckts_counter)\r\n            pcn_log(ctx, LOG_ERR, \"[NTP_AMP_BUA] Unable to find NTP_PACKETS_COUNTER map\");\r\n        else\r\n            *ntp_pckts_counter+=1;\r\n    }\r\n\r\n    return RX_OK;\r\n}",
+    "metrics": [
+        {
+            "name": "ntp_packets_total",
+            "map-name": "NTP_PACKETS_COUNTER",
+            "open-metrics-metadata": {
+                "help": "This metric represents the number of NTP packets that has traveled through this probe.",
+                "type": "counter",
+                "labels": [
+                    {
+                        "name": "IP_PROTO",
+                        "value": "UDP"
+                    },
+                    {
+                        "name": "L4",
+                        "value": "NTP"
+                    }
+                ]
+            }
+        }
+    ]
+}
diff --git a/src/services/pcn-dynmon/examples/ntp_packets_ntp_mode_private_counters.json b/src/services/pcn-dynmon/examples/ntp_packets_ntp_mode_private_counters.json
@@ -0,0 +1,42 @@
+{
+    "name": "NTP Amplification WARNING probe",
+    "code": "\r\n#include <uapi/linux/ip.h>\r\n#include <uapi/linux/udp.h>\r\n\r\n#define IP_PROTO_UDP 17\r\n#define NTP_PORT 123\r\n#define NTP_MODE_PRIVATE 7\r\n\r\n#define MODE(li_vn_mode) (uint8_t) ((li_vn_mode & 0x07) >> 0)\r\n\r\nstruct eth_hdr {\r\n    __be64 dst : 48;\r\n    __be64 src : 48;\r\n    __be16 proto;\r\n} __attribute__((packed));\r\n\r\nstruct ntp_packet {\r\n    uint8_t li_vn_mode;\r\n    uint8_t stratum;\r\n    uint8_t poll;\r\n    uint8_t precision;\r\n    uint32_t rootDelay;\r\n    uint32_t rootDispersion;\r\n    uint32_t refId;\r\n    uint32_t refTm_s;\r\n    uint32_t refTm_f;\r\n    uint32_t origTm_s;\r\n    uint32_t origTm_f;\r\n    uint32_t rxTm_s;\r\n    uint32_t rxTm_f;\r\n    uint32_t txTm_s;\r\n    uint32_t txTm_f;\r\n} __attribute__((packed));\r\n\r\nBPF_ARRAY(NTP_PACKETS_COUNTER, uint64_t, 1);\r\nBPF_ARRAY(NTP_MODE_PRIVATE_PACKETS_COUNTER, uint64_t, 1);\r\n\r\nstatic __always_inline\r\nint handle_rx(struct CTXTYPE *ctx, struct pkt_metadata *md) {\r\n    /*Parsing L2*/\r\n    void *data = (void *) (long) ctx->data;\r\n    void *data_end = (void *) (long) ctx->data_end;\r\n    struct eth_hdr *ethernet = data;\r\n    if (data + sizeof(*ethernet) > data_end)\r\n        return RX_OK;\r\n\r\n    if (ethernet->proto != bpf_htons(ETH_P_IP))\r\n        return RX_OK;\r\n\r\n    /*Parsing L3*/\r\n    struct iphdr *ip = data + sizeof(struct eth_hdr);\r\n    if (data + sizeof(struct eth_hdr) + sizeof(*ip) > data_end)\r\n        return RX_OK;\r\n    if ((int) ip->version != 4)\r\n        return RX_OK;\r\n\r\n    if (ip->protocol != IP_PROTO_UDP)\r\n        return RX_OK;\r\n\r\n    /*Parsing L4*/\r\n    uint8_t ip_header_len = 4 * ip->ihl;\r\n    struct udphdr *udp = data + sizeof(*ethernet) + ip_header_len;\r\n    if (data + sizeof(*ethernet) + ip_header_len + sizeof(*udp) > data_end)\r\n        return RX_OK;\r\n\r\n    if (udp->source == bpf_htons(NTP_PORT) || udp->dest == bpf_htons(NTP_PORT)) {\r\n        pcn_log(ctx, LOG_TRACE, \"%I:%P\\t-> %I:%P\", ip->saddr,udp->source,ip->daddr,udp->dest);\r\n        unsigned int key = 0;\r\n        uint64_t * ntp_pckts_counter = NTP_PACKETS_COUNTER.lookup(&key);\r\n        if (!ntp_pckts_counter)\r\n            pcn_log(ctx, LOG_ERR, \"[NTP_AMP_WARNING] Unable to find NTP_PACKETS_COUNTER map\");\r\n        else\r\n            *ntp_pckts_counter+=1;\r\n\r\n        /*Parsing NTP*/\r\n        struct ntp_packet *ntp = data + sizeof(*ethernet) + ip_header_len + sizeof(struct udphdr);\r\n        if (data + sizeof(*ethernet) + ip_header_len + sizeof(struct udphdr) + sizeof(*ntp) > data_end)\r\n            return RX_OK;\r\n\r\n        uint8_t mode = MODE(ntp->li_vn_mode);\r\n        pcn_log(ctx, LOG_TRACE, \"NTP mode: %hhu\", mode);\r\n        if (mode == NTP_MODE_PRIVATE) {\r\n            pcn_log(ctx, LOG_TRACE, \"RECEIVED NTP MODE 7\");\r\n            key = 0;\r\n            uint64_t * ntp_mode_private_counter = NTP_MODE_PRIVATE_PACKETS_COUNTER.lookup(&key);\r\n            if (!ntp_mode_private_counter)\r\n                pcn_log(ctx, LOG_ERR, \"[NTP_AMP_WARNING] Unable to find NTP_MODE_PRIVATE_PACKETS_COUNTER map\");\r\n            else\r\n                *ntp_mode_private_counter+=1;\r\n        }\r\n    }\r\n\r\n    return RX_OK;\r\n}",
+    "metrics": [
+        {
+            "name": "ntp_packets_total",
+            "map-name": "NTP_PACKETS_COUNTER",
+            "open-metrics-metadata": {
+                "help": "This metric represents the number of NTP packets that has traveled through this probe.",
+                "type": "counter",
+                "labels": [
+                    {
+                        "name": "IP_PROTO",
+                        "value": "UDP"
+                    },
+                    {
+                        "name": "L4",
+                        "value": "NTP"
+                    }
+                ]
+            }
+        },
+        {
+            "name": "ntp_mode_private_packets_total",
+            "map-name": "NTP_MODE_PRIVATE_PACKETS_COUNTER",
+            "open-metrics-metadata": {
+                "help": "This metric represents the number of NTP packets with MODE = 7 (MODE_PRIVATE) that has traveled through this probe.",
+                "type": "counter",
+                "labels": [
+                    {
+                        "name": "IP_PROTO",
+                        "value": "UDP"
+                    },
+                    {
+                        "name": "L4",
+                        "value": "NTP"
+                    }
+                ]
+            }
+        }
+    ]
+}
diff --git a/src/services/pcn-dynmon/examples/packet_counter.json b/src/services/pcn-dynmon/examples/packet_counter.json
@@ -0,0 +1,15 @@
+{
+    "name": "Packets counter probe",
+    "code": "\r\n BPF_ARRAY(PKT_COUNTER, uint64_t, 1);\r\n static __always_inline int handle_rx(struct CTXTYPE *ctx, struct pkt_metadata *md) {\r\n unsigned int key = 0;\r\n uint64_t *pkt_counter = PKT_COUNTER.lookup(&key);\r\n if (!pkt_counter){\r\n    /*counter map not found !? */\r\n    return RX_OK;\r\n }\r\n *pkt_counter+=1;\r\n pcn_log(ctx, LOG_TRACE, \"counter: %d\", *pkt_counter);\r\n return RX_OK;\r\n }",
+    "metrics": [
+        {
+            "name": "packets_total",
+            "map-name": "PKT_COUNTER",
+            "open-metrics-metadata": {
+                "help": "This metric represents the number of packets that has traveled trough this probe.",
+                "type": "counter",
+                "labels": []
+            }
+        }
+    ]
+}
diff --git a/src/services/pcn-dynmon/tools/README.md b/src/services/pcn-dynmon/tools/README.md
@@ -0,0 +1,46 @@
+#  Dynmon Injector
+
+This tool allows the creation and the manipulation of a `dynmon` cube without using the standard `polycubectl` CLI.
+
+## Install
+Some dependencies are required for this tool to run:
+```
+pip install -r requirements.txt
+```
+
+## Run
+
+Running the tool:
+
+```
+Usage: `dynmon_injector.py [-h] [-a ADDRESS] [-p PORT] [-v] cube_name peer_interface path_to_dataplane`
+
+positional arguments:
+  cube_name             indicates the name of the cube
+  peer_interface        indicates the network interface to connect the cube to
+  path_to_dataplane     indicates the path to the json file which contains the new dataplane configuration
+                        which contains the new dataplane code and the metadata associated to the exported metrics
+
+optional arguments:
+  -h, --help                        show this help message and exit
+  -a ADDRESS, --address ADDRESS     set the polycube daemon ip address (default: localhost)
+  -p PORT, --port PORT              set the polycube daemon port (default: 9000)
+  -v, --version                     show program's version number and exit
+```
+
+Usage examples:
+
+```
+basic usage:
+./dynmon_injector.py monitor_0 eno1 ../examples/packet_counter.json
+
+setting custom ip address and port to contact the polycube daemon:
+./dynmon_injector.py -a 10.0.0.1 -p 5840 monitor_0 eno1 ../examples/packet_counter.json
+
+```
+
+This tool creates a new `dynmon` cube with the given configuration and attaches it to the selected interface.
+
+If the monitor already exists, the tool checks if the attached interface is the same used previously; if not, it detaches the cube from the previous interface and attaches it to the new one; then, the selected dataplane is injected.
+
+To inspect the current configuration of the cube or to read extracted monitoring data, use the [`polycubectl`](https://polycube-network.readthedocs.io/en/latest/polycubectl/polycubectl.html) command line interface.
diff --git a/src/services/pcn-dynmon/tools/dynmon_injector.py b/src/services/pcn-dynmon/tools/dynmon_injector.py
@@ -0,0 +1,197 @@
+#!/usr/bin/python3
+# coding: utf-8
+
+import argparse
+import socket
+import requests
+import json
+import os.path
+from os import path
+
+VERSION = '1.0'
+POLYCUBED_ADDR = 'localhost'
+POLYCUBED_PORT = 9000
+REQUESTS_TIMEOUT = 5 #seconds
+
+polycubed_endpoint = 'http://{}:{}/polycube/v1'
+
+
+def main():
+    global polycubed_endpoint
+    args = parseArguments()
+
+    addr = args['address']
+    port = args['port']
+
+    cube_name = args['cube_name']
+    interface_name = args['peer_interface']
+    path_to_dataplane = args['path_to_configuration']
+
+    dataplane = None
+
+    if not path.isfile(path_to_dataplane):
+        print(f'File {path_to_dataplane} does not exist.')
+        exit(1)
+    else:
+        with open(path_to_dataplane) as json_file:
+            dataplane = json.load(json_file)
+
+    polycubed_endpoint = polycubed_endpoint.format(addr, port)
+
+    checkConnectionToDaemon()
+
+    already_exists, cube = checkIfServiceExists(cube_name)
+
+    if already_exists:
+        print(f'Dynmon {cube_name} already exist')
+        attached_interface = cube['parent']
+        if attached_interface:
+            if attached_interface != interface_name:
+                detach_from_interface(cube_name, attached_interface)
+                attach_to_interface(cube_name, interface_name)
+        else:
+            attach_to_interface(cube_name, interface_name)
+
+        injectNewDataplane(cube_name, dataplane)
+
+    else:
+        createInstance(cube_name, dataplane)
+        attach_to_interface(cube_name, interface_name)
+
+
+def checkConnectionToDaemon():
+    try:
+        requests.get(polycubed_endpoint, timeout=REQUESTS_TIMEOUT)
+    except requests.exceptions.ConnectionError:
+        print('Connection error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.Timeout:
+        print('Timeout error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.RequestException:
+        print('Error: unable to connect to polycube daemon.')
+        exit(1)
+
+
+def checkIfServiceExists(cube_name):
+    try:
+        response = requests.get(f'{polycubed_endpoint}/dynmon/{cube_name}', timeout=REQUESTS_TIMEOUT)
+        response.raise_for_status()
+        return True, json.loads(response.content)
+    except requests.exceptions.HTTPError:
+        return False, None
+    except requests.exceptions.ConnectionError:
+        print('Connection error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.Timeout:
+        print('Timeout error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.RequestException:
+        print('Error: unable to connect to polycube daemon.')
+        exit(1)
+
+
+def injectNewDataplane(cube_name, dataplane):
+    try:
+        print('Injecting the new dataplane')
+        response = requests.put(f'{polycubed_endpoint}/dynmon/{cube_name}/dataplane',
+                                json.dumps(dataplane),
+                                timeout=REQUESTS_TIMEOUT)
+        response.raise_for_status()
+    except requests.exceptions.HTTPError:
+        print(f'Error: {response.content.decode("UTF-8")}')
+        exit(1)
+    except requests.exceptions.ConnectionError:
+        print('Connection error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.Timeout:
+        print('Timeout error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.RequestException:
+        print('Error: unable to connect to polycube daemon.')
+        exit(1)
+
+
+def createInstance(cube_name, dataplane):
+    try:
+        print(f'Creating new dynmon instance named {cube_name}')
+        response = requests.put(f'{polycubed_endpoint}/dynmon/{cube_name}',
+                                json.dumps({'dataplane': dataplane}),
+                                timeout=REQUESTS_TIMEOUT)
+        response.raise_for_status()
+    except requests.exceptions.HTTPError:
+        print(f'Error: {response.content.decode("UTF-8")}')
+        exit(1)
+    except requests.exceptions.ConnectionError:
+        print('Connection error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.Timeout:
+        print('Timeout error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.RequestException:
+        print('Error: unable to connect to polycube daemon.')
+        exit(1)
+
+
+def detach_from_interface(cube_name, interface):
+    try:
+        print(f'Detaching {cube_name} from {interface}')
+        response = requests.post(f'{polycubed_endpoint}/detach',
+                                 json.dumps({'cube': cube_name, 'port': interface}),
+                                 timeout=REQUESTS_TIMEOUT)
+        response.raise_for_status()
+    except requests.exceptions.HTTPError:
+        print(f'Error: {response.content.decode("UTF-8")}')
+        exit(1)
+    except requests.exceptions.ConnectionError:
+        print('Connection error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.Timeout:
+        print('Timeout error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.RequestException:
+        print('Error: unable to connect to polycube daemon.')
+        exit(1)
+
+
+def attach_to_interface(cube_name, interface):
+    try:
+        print(f'Attaching {cube_name} to {interface}')
+        response = requests.post(f'{polycubed_endpoint}/attach',
+                                 json.dumps({'cube': cube_name, 'port': interface}),
+                                 timeout=REQUESTS_TIMEOUT)
+        response.raise_for_status()
+    except requests.exceptions.HTTPError:
+        print(f'Error: {response.content.decode("UTF-8")}')
+        exit(1)
+    except requests.exceptions.ConnectionError:
+        print('Connection error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.Timeout:
+        print('Timeout error: unable to connect to polycube daemon.')
+        exit(1)
+    except requests.exceptions.RequestException:
+        print('Error: unable to connect to polycube daemon.')
+        exit(1)
+
+
+def parseArguments():
+    parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+    parser.add_argument('cube_name', help='indicates the name of the cube', type=str)
+    parser.add_argument('peer_interface', help='indicates the network interface to connect the cube to', type=str)
+    parser.add_argument('path_to_configuration',
+                        help='''indicates the path to the json file which contains the new dataplane configuration
+                                which contains the new dataplane code and the metadata associated to the exported metrics''',
+                        type=str)
+    parser.add_argument('-a', '--address', help='set the polycube daemon ip address', type=str, default=POLYCUBED_ADDR)
+    parser.add_argument('-p', '--port', help='set the polycube daemon port', type=int, default=POLYCUBED_PORT)
+    parser.add_argument('-v', '--version', action='version', version=showVersion())
+    return parser.parse_args().__dict__
+
+
+def showVersion():
+    return '%(prog)s - Version ' + VERSION
+
+
+if __name__ == '__main__':
+    main()
diff --git a/src/services/pcn-dynmon/tools/requirements.txt b/src/services/pcn-dynmon/tools/requirements.txt
@@ -0,0 +1,2 @@
+requests==2.23.0
+argparse==1.4.0

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+requests==2.23.0`
	`2`	`+argparse==1.4.0`