From ef13d8c1401a5d6816d867c2941131002c5f70c4 Mon Sep 17 00:00:00 2001 From: Nick Allen Date: Fri, 22 Apr 2016 15:34:13 -0400 Subject: [PATCH] METRON-116 Added automated testing and documentation of renamed packet capture process; fastcapa. --- .../roles/fastcapa/defaults/main.yml | 32 +++++++ .../roles/fastcapa/meta/main.yml | 19 ++++ .../roles/fastcapa/tasks/debug.yml | 26 +++++ .../roles/fastcapa/tasks/dependencies.yml | 38 ++++++++ .../roles/fastcapa/tasks/dpdk.yml | 59 ++++++++++++ .../roles/fastcapa/tasks/fastcapa.yml | 49 ++++++++++ .../roles/fastcapa/tasks/kernel.yml | 51 ++++++++++ .../roles/fastcapa/tasks/main.yml | 22 +++++ .../roles/fastcapa/templates/fastcapa | 94 +++++++++++++++++++ .../roles/fastcapa/templates/fastcapa.conf | 67 +++++++++++++ .../roles/pcap_replay/meta/main.yml | 4 - .../roles/pcap_replay/tasks/dependencies.yml | 32 +++++++ .../roles/pcap_replay/tasks/main.yml | 1 + .../roles/sensor-test-mode/defaults/main.yml | 20 ++++ .../roles/sensor-test-mode/tasks/main.yml | 45 ++------- .../roles/sensor-test-mode/tasks/pcap.yml | 25 +++++ .../roles/sensor-test-mode/tasks/snort.yml | 36 +++++++ .../roles/sensor-test-mode/tasks/yaf.yml | 27 ++++++ .../vagrant/fastcapa-vagrant/.gitignore | 1 + .../vagrant/fastcapa-vagrant/README.md | 73 ++++++++++++++ .../Vagrantfile | 14 +-- .../ansible.cfg | 0 .../playbook.yml | 33 ++++--- .../tasks/validate-messages-received.yml | 38 ++++++++ .../tasks/validate-packets-sent.yml | 41 ++++++++ .../vagrant/fastcapa-vagrant/vars/main.yml | 26 +++++ .../{packet-capture => fastcapa}/.gitignore | 0 .../{packet-capture => fastcapa}/Makefile | 0 metron-sensors/fastcapa/README.md | 20 ++++ .../conf/localhost.kafka | 0 .../src/.gitignore | 0 .../{packet-capture => fastcapa}/src/Makefile | 2 +- .../{packet-capture => fastcapa}/src/args.c | 0 .../{packet-capture => fastcapa}/src/args.h | 0 .../{packet-capture => fastcapa}/src/kafka.c | 0 .../{packet-capture => fastcapa}/src/kafka.h | 0 .../{packet-capture => fastcapa}/src/main.c | 0 .../{packet-capture => fastcapa}/src/main.h | 0 metron-sensors/packet-capture/README.md | 12 --- 39 files changed, 832 insertions(+), 75 deletions(-) create mode 100644 metron-deployment/roles/fastcapa/defaults/main.yml create mode 100644 metron-deployment/roles/fastcapa/meta/main.yml create mode 100644 metron-deployment/roles/fastcapa/tasks/debug.yml create mode 100644 metron-deployment/roles/fastcapa/tasks/dependencies.yml create mode 100644 metron-deployment/roles/fastcapa/tasks/dpdk.yml create mode 100644 metron-deployment/roles/fastcapa/tasks/fastcapa.yml create mode 100644 metron-deployment/roles/fastcapa/tasks/kernel.yml create mode 100644 metron-deployment/roles/fastcapa/tasks/main.yml create mode 100644 metron-deployment/roles/fastcapa/templates/fastcapa create mode 100644 metron-deployment/roles/fastcapa/templates/fastcapa.conf create mode 100644 metron-deployment/roles/pcap_replay/tasks/dependencies.yml create mode 100644 metron-deployment/roles/sensor-test-mode/defaults/main.yml create mode 100644 metron-deployment/roles/sensor-test-mode/tasks/pcap.yml create mode 100644 metron-deployment/roles/sensor-test-mode/tasks/snort.yml create mode 100644 metron-deployment/roles/sensor-test-mode/tasks/yaf.yml create mode 100644 metron-deployment/vagrant/fastcapa-vagrant/.gitignore create mode 100644 metron-deployment/vagrant/fastcapa-vagrant/README.md rename metron-deployment/vagrant/{packet-capture => fastcapa-vagrant}/Vagrantfile (91%) rename metron-deployment/vagrant/{packet-capture => fastcapa-vagrant}/ansible.cfg (100%) rename metron-deployment/vagrant/{packet-capture => fastcapa-vagrant}/playbook.yml (65%) create mode 100644 metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-messages-received.yml create mode 100644 metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-packets-sent.yml create mode 100644 metron-deployment/vagrant/fastcapa-vagrant/vars/main.yml rename metron-sensors/{packet-capture => fastcapa}/.gitignore (100%) rename metron-sensors/{packet-capture => fastcapa}/Makefile (100%) create mode 100644 metron-sensors/fastcapa/README.md rename metron-sensors/{packet-capture => fastcapa}/conf/localhost.kafka (100%) rename metron-sensors/{packet-capture => fastcapa}/src/.gitignore (100%) rename metron-sensors/{packet-capture => fastcapa}/src/Makefile (99%) rename metron-sensors/{packet-capture => fastcapa}/src/args.c (100%) rename metron-sensors/{packet-capture => fastcapa}/src/args.h (100%) rename metron-sensors/{packet-capture => fastcapa}/src/kafka.c (100%) rename metron-sensors/{packet-capture => fastcapa}/src/kafka.h (100%) rename metron-sensors/{packet-capture => fastcapa}/src/main.c (100%) rename metron-sensors/{packet-capture => fastcapa}/src/main.h (100%) delete mode 100644 metron-sensors/packet-capture/README.md diff --git a/metron-deployment/roles/fastcapa/defaults/main.yml b/metron-deployment/roles/fastcapa/defaults/main.yml new file mode 100644 index 0000000000..2c0079067a --- /dev/null +++ b/metron-deployment/roles/fastcapa/defaults/main.yml @@ -0,0 +1,32 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# dpdk +dpdk_home: "/usr/local/dpdk" +dpdk_version: "2.2.0" +dpdk_sdk: "/root/dpdk-{{ dpdk_version }}" +dpdk_target: "x86_64-native-linuxapp-gcc" +num_huge_pages: 512 +extra_cflags: -g + +# fastcapa +fastcapa_work_dir: /root/fastcapa +fastcapa_prefix: /usr/local/bin +fastcapa_ld_library_path: /usr/local/lib +fastcapa_portmask: 0x01 +fastcapa_kafka_config: /etc/fastcapa.conf +fastcapa_bin: fastcapa diff --git a/metron-deployment/roles/fastcapa/meta/main.yml b/metron-deployment/roles/fastcapa/meta/main.yml new file mode 100644 index 0000000000..d253e88cca --- /dev/null +++ b/metron-deployment/roles/fastcapa/meta/main.yml @@ -0,0 +1,19 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +dependencies: + - librdkafka diff --git a/metron-deployment/roles/fastcapa/tasks/debug.yml b/metron-deployment/roles/fastcapa/tasks/debug.yml new file mode 100644 index 0000000000..06f1526e32 --- /dev/null +++ b/metron-deployment/roles/fastcapa/tasks/debug.yml @@ -0,0 +1,26 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- + - name: Install debug utilities + yum: name=yum-utils + tags: + - debug + + - name: Install debug symbols + shell: debuginfo-install -y glibc glib2 zlib + tags: + - debug diff --git a/metron-deployment/roles/fastcapa/tasks/dependencies.yml b/metron-deployment/roles/fastcapa/tasks/dependencies.yml new file mode 100644 index 0000000000..4d6edc43d1 --- /dev/null +++ b/metron-deployment/roles/fastcapa/tasks/dependencies.yml @@ -0,0 +1,38 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- + - name: Install dependencies + yum: name={{ item }} + with_items: + - "@Development tools" + - pciutils + - net-tools + - glib2 + - glib2-devel + - git + + # + # install prerequisite packages and the latest kernel headers. need to + # ensure that the kernel headers match the current running kernel version. + # if this is not the case, the DPDK build process will fail + # + - name: Install latest kernel headers and source + yum: name={{ item }} state=latest + with_items: + - kernel + - kernel-devel + - kernel-headers diff --git a/metron-deployment/roles/fastcapa/tasks/dpdk.yml b/metron-deployment/roles/fastcapa/tasks/dpdk.yml new file mode 100644 index 0000000000..3780be77d2 --- /dev/null +++ b/metron-deployment/roles/fastcapa/tasks/dpdk.yml @@ -0,0 +1,59 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- + - name: "Download DPDK version {{ dpdk_version }}" + unarchive: + src: "http://dpdk.org/browse/dpdk/snapshot/dpdk-{{ dpdk_version }}.tar.gz" + dest: "/root" + creates: "{{ dpdk_sdk }}" + copy: no + + - name: "Configure DPDK for the target environment: {{ dpdk_target }}" + shell: "make config T={{ dpdk_target }} DESTDIR={{ dpdk_home }}" + args: + chdir: "{{ dpdk_sdk }}" + creates: "{{ dpdk_home }}" + + - name: "Turn on debug flags" + lineinfile: + dest: "{{ dpdk_sdk }}/config/common_linuxapp" + regexp: 'DEBUG=n' + line: 'DEBUG=y' + tags: + - debug + + - name: "Build DPDK for the target environment: {{ dpdk_target }}" + shell: "make install T={{ dpdk_target }} DESTDIR={{ dpdk_home }} EXTRA_CFLAGS={{ extra_cflags }}" + args: + chdir: "{{ dpdk_sdk }}" + creates: "{{ dpdk_home }}" + + - name: Load kernel modules to enable userspace IO + shell: "{{ item }}" + with_items: + - modprobe uio_pci_generic + - modprobe vfio-pci + + - name: Bind the device to the loaded kernel module(s) + shell: "{{ dpdk_home }}/sbin/dpdk_nic_bind --force --bind=uio_pci_generic {{ item }}" + with_items: "{{ dpdk_device }}" + + - name: Set useful environment variables + lineinfile: "dest=/root/.bash_profile line={{ item }}" + with_items: + - "export RTE_SDK={{ dpdk_sdk }}" + - "export RTE_TARGET={{ dpdk_target }}" diff --git a/metron-deployment/roles/fastcapa/tasks/fastcapa.yml b/metron-deployment/roles/fastcapa/tasks/fastcapa.yml new file mode 100644 index 0000000000..4e366c4e89 --- /dev/null +++ b/metron-deployment/roles/fastcapa/tasks/fastcapa.yml @@ -0,0 +1,49 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +- name: Distribute fastcapa + copy: src=../../../metron-sensors/fastcapa dest={{ fastcapa_work_dir | dirname }} mode=0755 + +- name: Build fastcapa + shell: "{{ item }}" + args: + chdir: "{{ fastcapa_work_dir }}" + with_items: + - make + environment: + RTE_SDK: "{{ dpdk_sdk }}" + RTE_TARGET: "{{ dpdk_target }}" + LD_LIBRARY_PATH: "{{ fastcapa_ld_library_path }}" + +- name: Install fastcapa + shell: "cp {{ fastcapa_work_dir }}/src/build/app/{{ fastcapa_bin }} {{ fastcapa_prefix }}" + args: + chdir: "{{ fastcapa_work_dir }}" + creates: "{{ fastcapa_prefix }}/{{ fastcapa_bin }}" + +- name: Deploy configuration + template: src=fastcapa.conf dest={{ fastcapa_kafka_config }} mode=0755 + +- name: Deploy service + template: src=fastcapa dest=/etc/init.d/ mode=0755 + +- name: Register the service with systemd + shell: systemctl enable fastcapa + when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" + +- name: Run fastcapa + service: name=fastcapa state=restarted diff --git a/metron-deployment/roles/fastcapa/tasks/kernel.yml b/metron-deployment/roles/fastcapa/tasks/kernel.yml new file mode 100644 index 0000000000..cd4abe6d64 --- /dev/null +++ b/metron-deployment/roles/fastcapa/tasks/kernel.yml @@ -0,0 +1,51 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# DPDK requires specific kernel boot parameters. set the params and reboot +# the host, if the actual params differ from what is expected. +# +--- + - set_fact: + expected_kernel_params: "default_hugepagesz=1G hugepagesz=1G hugepages={{ num_huge_pages }} iommu=pt intel_iommu=on" + + - name: Check kernel boot parameters + shell: "cat /proc/cmdline" + register: actual_kernel_params + + - name: Alter kernel boot parameters + lineinfile: + dest: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX=\"[^\"]+)\"$' + line: '\1 {{ expected_kernel_params }}"' + backrefs: yes + when: not expected_kernel_params in actual_kernel_params.stdout + + - name: Update grub with kernel boot parameters + shell: /sbin/grub2-mkconfig -o /boot/grub2/grub.cfg + when: not expected_kernel_params in actual_kernel_params.stdout + + - name: Restart for modified kernel params + command: shutdown -r now "modified kernel params" + async: 0 + poll: 0 + ignore_errors: true + when: not expected_kernel_params in actual_kernel_params.stdout + + - name: Wait for reboot of '{{ inventory_hostname }}' + local_action: wait_for host={{ inventory_hostname }} state=started port=22 timeout=300 delay=10 + become: false + when: not expected_kernel_params in actual_kernel_params.stdout diff --git a/metron-deployment/roles/fastcapa/tasks/main.yml b/metron-deployment/roles/fastcapa/tasks/main.yml new file mode 100644 index 0000000000..b98d557e44 --- /dev/null +++ b/metron-deployment/roles/fastcapa/tasks/main.yml @@ -0,0 +1,22 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- + - include: dependencies.yml + - include: kernel.yml + - include: dpdk.yml + - include: fastcapa.yml + - include: debug.yml diff --git a/metron-deployment/roles/fastcapa/templates/fastcapa b/metron-deployment/roles/fastcapa/templates/fastcapa new file mode 100644 index 0000000000..637317fe42 --- /dev/null +++ b/metron-deployment/roles/fastcapa/templates/fastcapa @@ -0,0 +1,94 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# fastcapa daemon +# chkconfig: 345 20 80 +# description: Packet capture probe +# processname: fastcapa +# + +export RTE_SDK="{{ dpdk_sdk }}" +export RTE_TARGET="{{ dpdk_target }}" +export LD_LIBRARY_PATH="{{ fastcapa_ld_library_path }}" + +NAME="fastcapa" +DESC="Metron network packet capture probe" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +DAEMONLOG=/var/log/$NAME.log +NOW=`date` +DAEMON_PATH="{{ dpdk_sdk }}" + +case "$1" in + start) + printf "%-50s" "Starting $NAME..." + echo "$NOW: Starting $NAME..." >> $DAEMONLOG + + cd $DAEMON_PATH + DAEMON="{{ fastcapa_prefix }}/{{ fastcapa_bin }}" + DAEMONOPTS+=" -- " + DAEMONOPTS+="-p {{ fastcapa_portmask }} " + DAEMONOPTS+="-t {{ fastcapa_topic }} " + DAEMONOPTS+="-c {{ fastcapa_kafka_config }} " + + PID=`$DAEMON $DAEMONOPTS >> $DAEMONLOG 2>&1 & echo $!` + if [ -z $PID ]; then + printf "%s\n" "Fail" + else + echo $PID > $PIDFILE + printf "%s\n" "Ok" + fi + ;; + + status) + printf "%-50s" "Checking $NAME..." + if [ -f $PIDFILE ]; then + PID=`cat $PIDFILE` + if [ -z "`ps axf | grep ${PID} | grep -v grep`" ]; then + printf "%s\n" "Process dead but pidfile exists" + else + echo "Running" + fi + else + printf "%s\n" "Service not running" + fi + ;; + + stop) + printf "%-50s" "Stopping $NAME" + PID=`cat $PIDFILE` + cd $DAEMON_PATH + if [ -f $PIDFILE ]; then + echo "$NOW: Stopping $NAME with pid=$PID" >> $DAEMONLOG + kill -HUP $PID + printf "%s\n" "Ok" + rm -f $PIDFILE + else + printf "%s\n" "pidfile not found" + fi + ;; + + restart) + $0 stop + $0 start + ;; + + *) + echo "Usage: $0 {status|start|stop|restart}" + exit 1 +esac diff --git a/metron-deployment/roles/fastcapa/templates/fastcapa.conf b/metron-deployment/roles/fastcapa/templates/fastcapa.conf new file mode 100644 index 0000000000..6f6a89f1f9 --- /dev/null +++ b/metron-deployment/roles/fastcapa/templates/fastcapa.conf @@ -0,0 +1,67 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# kafka global settings +# +[kafka-global] + +# initial list of kafka brokers +metadata.broker.list = {{ kafka_broker_url }} + +# identifies the client to kafka +client.id = metron-fastcapa + +# max number of messages allowed on the producer queue +queue.buffering.max.messages = 1000 + +# maximum time, in milliseconds, for buffering data on the producer queue +queue.buffering.max.ms = 3000 + +# compression codec = none, gzip or snappy +compression.codec = snappy + +# maximum number of messages batched in one MessageSet (increase for better compression) +batch.num.messages = 10 + +# max times to retry sending a failed message set +message.send.max.retries = 5 + +# backoff time before retrying a message send +retry.backoff.ms = 250 + +# how often statistics are emitted; 0 = never +statistics.interval.ms = 0 + +# only provide delivery reports for failed messages +delivery.report.only.error = false + +# +# kafka topic settings +# +[kafka-topic] + +# broker acks { 1 = leader ack, 0 = no acks, -1 = in sync replica ack } +request.required.acks = 1 + +# local message timeout. This value is only enforced locally and limits the time a +# produced message waits for successful delivery. A time of 0 is infinite. +message.timeout.ms = 10000 + +# report offset of produced message back to application. The application must be +# use the dr_msg_cb to retrieve the offset from rd_kafka_message_t.offset +produce.offset.report = false diff --git a/metron-deployment/roles/pcap_replay/meta/main.yml b/metron-deployment/roles/pcap_replay/meta/main.yml index 0c4785376b..841d185127 100644 --- a/metron-deployment/roles/pcap_replay/meta/main.yml +++ b/metron-deployment/roles/pcap_replay/meta/main.yml @@ -15,7 +15,3 @@ # limitations under the License. # --- -dependencies: - - libselinux-python - - build-tools - diff --git a/metron-deployment/roles/pcap_replay/tasks/dependencies.yml b/metron-deployment/roles/pcap_replay/tasks/dependencies.yml new file mode 100644 index 0000000000..effe6c4330 --- /dev/null +++ b/metron-deployment/roles/pcap_replay/tasks/dependencies.yml @@ -0,0 +1,32 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +- name: Install dependencies + yum: name={{ item }} + with_items: + - "@Development tools" + - libpcap + - libpcap-devel + - pcre + - pcre-devel + - zlib + - zlib-devel + - glib2-devel + register: result + until: result.rc == 0 + retries: 5 + delay: 10 diff --git a/metron-deployment/roles/pcap_replay/tasks/main.yml b/metron-deployment/roles/pcap_replay/tasks/main.yml index 06919ed9e2..bdc2a0bf10 100644 --- a/metron-deployment/roles/pcap_replay/tasks/main.yml +++ b/metron-deployment/roles/pcap_replay/tasks/main.yml @@ -15,5 +15,6 @@ # limitations under the License. # --- +- include: dependencies.yml - include: tcpreplay.yml - include: service.yml diff --git a/metron-deployment/roles/sensor-test-mode/defaults/main.yml b/metron-deployment/roles/sensor-test-mode/defaults/main.yml new file mode 100644 index 0000000000..46c975064f --- /dev/null +++ b/metron-deployment/roles/sensor-test-mode/defaults/main.yml @@ -0,0 +1,20 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +pcap_replay: True +install_yaf: True +install_snort: True diff --git a/metron-deployment/roles/sensor-test-mode/tasks/main.yml b/metron-deployment/roles/sensor-test-mode/tasks/main.yml index 26b4e2a179..26b72c9b6a 100644 --- a/metron-deployment/roles/sensor-test-mode/tasks/main.yml +++ b/metron-deployment/roles/sensor-test-mode/tasks/main.yml @@ -15,42 +15,9 @@ # limitations under the License. # --- -# -# load example pcap data to replay -# -- name: Install example pcap file - copy: src=example.pcap dest={{ pcap_path }}/ - -- name: Start the pcap-replay service - service: name=pcap-replay state=restarted - -# -# configure yaf to generate a flow record for every packet -# -- name: Stop running instances of yaf - become: True - service: name=yaf state=stopped - -- name: Configure yaf to generate a flow record for every network packet - become: True - service: name=yaf state=started args="--idle-timeout 0" - -# -# configure snort to alert on every packet -# -- name: Configure snort to use a set of test rules - become: True - lineinfile: - dest: /etc/snort/snort.conf - line: "include $RULE_PATH/test.rules" - -- name: Create a snort alert for testing that alerts on every packet - become: True - lineinfile: - dest: /etc/snort/rules/test.rules - line: "alert tcp any any -> any any (msg:'snort test alert'; sid:999158; )" - create: yes - -- name: Restart snort - become: True - service: name=snortd state=restarted +- include: pcap.yml + when: pcap_replay +- include: yaf.yml + when: install_yaf +- include: snort.yml + when: install_snort diff --git a/metron-deployment/roles/sensor-test-mode/tasks/pcap.yml b/metron-deployment/roles/sensor-test-mode/tasks/pcap.yml new file mode 100644 index 0000000000..b088d5a24f --- /dev/null +++ b/metron-deployment/roles/sensor-test-mode/tasks/pcap.yml @@ -0,0 +1,25 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# +# load example pcap data to replay +# +- name: Install example pcap file + copy: src=example.pcap dest={{ pcap_path }}/ + +- name: Start the pcap-replay service + service: name=pcap-replay state=restarted diff --git a/metron-deployment/roles/sensor-test-mode/tasks/snort.yml b/metron-deployment/roles/sensor-test-mode/tasks/snort.yml new file mode 100644 index 0000000000..5fd57ff94a --- /dev/null +++ b/metron-deployment/roles/sensor-test-mode/tasks/snort.yml @@ -0,0 +1,36 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# +# configure snort to alert on every packet +# +- name: Configure snort to use a set of test rules + become: True + lineinfile: + dest: /etc/snort/snort.conf + line: "include $RULE_PATH/test.rules" + +- name: Create a snort alert for testing that alerts on every packet + become: True + lineinfile: + dest: /etc/snort/rules/test.rules + line: "alert tcp any any -> any any (msg:'snort test alert'; sid:999158; )" + create: yes + +- name: Restart snort + become: True + service: name=snortd state=restarted diff --git a/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml b/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml new file mode 100644 index 0000000000..5fa29ce99d --- /dev/null +++ b/metron-deployment/roles/sensor-test-mode/tasks/yaf.yml @@ -0,0 +1,27 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +# +# configure yaf to generate a flow record for every packet +# +- name: Stop running instances of yaf + become: True + service: name=yaf state=stopped + +- name: Configure yaf to generate a flow record for every network packet + become: True + service: name=yaf state=started args="--idle-timeout 0" diff --git a/metron-deployment/vagrant/fastcapa-vagrant/.gitignore b/metron-deployment/vagrant/fastcapa-vagrant/.gitignore new file mode 100644 index 0000000000..a8b42eb6ee --- /dev/null +++ b/metron-deployment/vagrant/fastcapa-vagrant/.gitignore @@ -0,0 +1 @@ +*.retry diff --git a/metron-deployment/vagrant/fastcapa-vagrant/README.md b/metron-deployment/vagrant/fastcapa-vagrant/README.md new file mode 100644 index 0000000000..9bb0a395de --- /dev/null +++ b/metron-deployment/vagrant/fastcapa-vagrant/README.md @@ -0,0 +1,73 @@ +Fastcapa Test Environment +========================= + +Provides a test environment for the development and testing of Fastcapa. The environment is automatically validated after it is created to ensure that Fastcapa is behaving correctly. + +Two virtualized nodes are launched with Vagrant that can communicate with one another over a private network. +- The `source` node uses Metron's `pcap_replay` functionality to transmit raw network packet data over a private network. +- The `sink` node is running `fastcapa` and is capturing these network packets. +- Fastcapa then transforms and bundles the packets into a message. +- The message is sent to a Kafka broker running on the `source` node. + +Getting Started +--------------- + +Simply run `vagrant up` to launch the environment. Automated tests are executed after provisioning completes to ensure that Fastcapa and the rest of the environment is functioning properly. + +``` +$ vagrant up +==> source: Running provisioner: ansible... + source: Running ansible-playbook... +... +TASK [debug] ******************************************************************* +ok: [source] => { + "msg": "Successfully received packets sent from pcap-replay!" +} +... +TASK [debug] ******************************************************************* +ok: [source] => { + "msg": "Successfully received a Kafka message from fastcapa!" +} +``` + +Going Deeper +------------ + +This section will outline in more detail the environment and how to interact with it. + +### `source` + +To validate that the `source` node is functioning properly, run the following commands. + +First, ensure that the `pcap-replay` service is running. + +``` +vagrant ssh source +sudo service pcap-replay status +``` + +Use `tcpdump` to ensure that the raw packet data is being sent over the private network. Enter 'CTRL-C' to kill the `tcpdump` process once you are able to see that packets are being sent. + +``` +sudo yum -y install tcpdump +sudo tcpdump -i enp0s8 +``` + +### `sink` + +Next validate that the `sink` is functioning properly. Run the following commands starting from the host operating system. + +First, ensure that the `fastcapa` service is running. + +``` +vagrant ssh sink +service fastcapa status +``` + +Ensure that the raw network packet data is being received by Kafka. + +``` +/usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --zookeeper localhost:2181 --topic pcap +``` + +Enter 'CTRL-C' to kill the `kafka-console-consumer` process once you are able to see that packets are being sent. These packets will appear to be gibberish in the console. This is the raw binary network packet data after all. diff --git a/metron-deployment/vagrant/packet-capture/Vagrantfile b/metron-deployment/vagrant/fastcapa-vagrant/Vagrantfile similarity index 91% rename from metron-deployment/vagrant/packet-capture/Vagrantfile rename to metron-deployment/vagrant/fastcapa-vagrant/Vagrantfile index 1303712896..7f58417e5f 100644 --- a/metron-deployment/vagrant/packet-capture/Vagrantfile +++ b/metron-deployment/vagrant/fastcapa-vagrant/Vagrantfile @@ -28,7 +28,7 @@ Vagrant.configure("2") do |config| # host settings node.vm.hostname = "source" - node.vm.box = "bento/centos-7.1" + node.vm.box = "bento/centos-6.7" node.ssh.insert_key = "true" node.vm.network :private_network, ip: "192.168.33.10", netmask: "255.255.255.0" @@ -48,7 +48,6 @@ Vagrant.configure("2") do |config| node.vm.hostname = "sink" node.vm.box = "bento/centos-7.1" node.ssh.insert_key = "true" - node.vm.network "public_network" node.vm.network :private_network, ip: "192.168.33.11", netmask: "255.255.255.0" # provider @@ -60,10 +59,13 @@ Vagrant.configure("2") do |config| vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"] vb.customize ["modifyvm", :id, "--nictype2","82545EM"] end - end - # provision hosts - config.vm.provision :ansible do |ansible| - ansible.playbook = "playbook.yml" + # provision host + node.vm.provision :ansible do |ansible| + ansible.limit = "all" + ansible.playbook = "playbook.yml" + end end + + end diff --git a/metron-deployment/vagrant/packet-capture/ansible.cfg b/metron-deployment/vagrant/fastcapa-vagrant/ansible.cfg similarity index 100% rename from metron-deployment/vagrant/packet-capture/ansible.cfg rename to metron-deployment/vagrant/fastcapa-vagrant/ansible.cfg diff --git a/metron-deployment/vagrant/packet-capture/playbook.yml b/metron-deployment/vagrant/fastcapa-vagrant/playbook.yml similarity index 65% rename from metron-deployment/vagrant/packet-capture/playbook.yml rename to metron-deployment/vagrant/fastcapa-vagrant/playbook.yml index 7a5128c98e..bd6be7cff2 100644 --- a/metron-deployment/vagrant/packet-capture/playbook.yml +++ b/metron-deployment/vagrant/fastcapa-vagrant/playbook.yml @@ -16,28 +16,35 @@ # --- # -# produces network traffic +# the 'source' produces network traffic # - hosts: source become: yes - vars: - pcap_replay_interface: "enp0s8" + vars_files: + - vars/main.yml roles: + - role: kafka-broker - role: pcap_replay + - { role: sensor-test-mode, pcap_replay: True, install_yaf: False, install_snort: False } # -# consumes network traffic +# the 'sink' consumes network traffic # - hosts: sink become: yes - vars: - dpdk_device: ["00:08.0"] - dpdk_target: "x86_64-native-linuxapp-gcc" - num_huge_pages: 512 - pcapture_portmask: 0xf - pcapture_topic: pcap - kafka_broker_url: localhost:9092 + vars_files: + - vars/main.yml roles: - role: librdkafka - - role: kafka-broker - - role: packet-capture + - role: fastcapa + +# +# validate the environment - needs to run on `source` node +# +- hosts: source + become: yes + vars_files: + - vars/main.yml + tasks: + - include: tasks/validate-packets-sent.yml + - include: tasks/validate-messages-received.yml diff --git a/metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-messages-received.yml b/metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-messages-received.yml new file mode 100644 index 0000000000..5109a0e065 --- /dev/null +++ b/metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-messages-received.yml @@ -0,0 +1,38 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +- set_fact: + kafka_consumer_cmd: "{{ kafka_broker_home}}/bin/kafka-console-consumer.sh --zookeeper {{ zookeeper_url }} --topic {{ fastcapa_topic }} --max-messages 10 --from-beginning" + +- name: Attempting to receive message(s) sent by fastcapa + shell: "{{ kafka_consumer_cmd }}" + async: 30 + register: kafka_consumer + +- name: Waiting to receive message(s) sent by fastcapa + async_status: jid={{ kafka_consumer.ansible_job_id }} + register: job + until: job.finished + retries: 30 + +- fail: + msg: "No messages received from fastcapa within timeout: {{ kafka_consumer_cmd }}" + when: job.finished != 1 + +- debug: var=job + +- debug: msg="Successfully received a Kafka message from fastcapa!" diff --git a/metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-packets-sent.yml b/metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-packets-sent.yml new file mode 100644 index 0000000000..25347dd70e --- /dev/null +++ b/metron-deployment/vagrant/fastcapa-vagrant/tasks/validate-packets-sent.yml @@ -0,0 +1,41 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +- name: Install tcpdump + yum: name=tcpdump + +- set_fact: + sniff_cmd: "tcpdump -i {{ pcap_replay_interface }} -c 10" + +- name: "Attempting to sniff packet(s)" + shell: "{{ sniff_cmd }}" + async: 30 + register: sniffer + +- name: Waiting to receive packet(s) + async_status: jid={{ sniffer.ansible_job_id }} + register: job + until: job.finished + retries: 30 + +- fail: + msg: "No packets received from pcap-replay within timeout: {{ sniff_cmd }}" + when: job.finished != 1 + +- debug: var=job + +- debug: msg="Successfully received packets sent from pcap-replay!" diff --git a/metron-deployment/vagrant/fastcapa-vagrant/vars/main.yml b/metron-deployment/vagrant/fastcapa-vagrant/vars/main.yml new file mode 100644 index 0000000000..3054a4b6a5 --- /dev/null +++ b/metron-deployment/vagrant/fastcapa-vagrant/vars/main.yml @@ -0,0 +1,26 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +dpdk_device: ["00:08.0"] +dpdk_target: "x86_64-native-linuxapp-gcc" +num_huge_pages: 512 +fastcapa_portmask: "0x01" +fastcapa_topic: pcap +kafka_broker_url: source:9092 +zookeeper_url: source:2181 +pcap_replay_interface: eth1 +kafka_broker_home: /usr/hdp/current/kafka-broker/ diff --git a/metron-sensors/packet-capture/.gitignore b/metron-sensors/fastcapa/.gitignore similarity index 100% rename from metron-sensors/packet-capture/.gitignore rename to metron-sensors/fastcapa/.gitignore diff --git a/metron-sensors/packet-capture/Makefile b/metron-sensors/fastcapa/Makefile similarity index 100% rename from metron-sensors/packet-capture/Makefile rename to metron-sensors/fastcapa/Makefile diff --git a/metron-sensors/fastcapa/README.md b/metron-sensors/fastcapa/README.md new file mode 100644 index 0000000000..2278bfeb15 --- /dev/null +++ b/metron-sensors/fastcapa/README.md @@ -0,0 +1,20 @@ +Fastcapa +======== + +Fastcapa is an Apache Metron sensor that performs fast network packet capture by leveraging Linux kernel-bypass and user space networking technology. + +The sensor will bind to a network interface, capture network packets, and send the raw packet data to Kafka. This provides a scalable mechanism for ingesting high-volumes of network packet data into a Hadoop-y cluster. + +Fastcapa leverages the Data Plane Development Kit ([DPDK](http://dpdk.org/)). DPDK is a set of libraries and drivers to perform fast packet processing in Linux user space. + +Getting Started +--------------- + +The quickest way to get up and running is to use a Virtualbox environment on your local machine. The necessary files and instructions to do this are located at [`metron-deployment/vagrant/fastcapa-vagrant`](../../metron-deployment/vagrant/fastcapa-vagrant). + +Installation +------------ + +The process of installing Fastcapa has a fair number of steps and involves building DPDK, loading specific kernel modules, enabling huge page memory, and binding compatible network interface cards. + +The best documentation is code that actually does this for you. An Ansible role that performs the entire installation procedure can be found at [`metron-deployment/roles/fastcapa`](../../metron-deployment/roles/fastcapa). Use this to install Fastcapa or as a guide for manual installation. diff --git a/metron-sensors/packet-capture/conf/localhost.kafka b/metron-sensors/fastcapa/conf/localhost.kafka similarity index 100% rename from metron-sensors/packet-capture/conf/localhost.kafka rename to metron-sensors/fastcapa/conf/localhost.kafka diff --git a/metron-sensors/packet-capture/src/.gitignore b/metron-sensors/fastcapa/src/.gitignore similarity index 100% rename from metron-sensors/packet-capture/src/.gitignore rename to metron-sensors/fastcapa/src/.gitignore diff --git a/metron-sensors/packet-capture/src/Makefile b/metron-sensors/fastcapa/src/Makefile similarity index 99% rename from metron-sensors/packet-capture/src/Makefile rename to metron-sensors/fastcapa/src/Makefile index c045faaf03..9e7849de5d 100644 --- a/metron-sensors/packet-capture/src/Makefile +++ b/metron-sensors/fastcapa/src/Makefile @@ -26,7 +26,7 @@ RTE_TARGET ?= x86_64-native-linuxapp-gcc include $(RTE_SDK)/mk/rte.vars.mk # binary name -APP = pcapture +APP = fastcapa # all source are stored in SRCS-y SRCS-y := main.c args.c kafka.c diff --git a/metron-sensors/packet-capture/src/args.c b/metron-sensors/fastcapa/src/args.c similarity index 100% rename from metron-sensors/packet-capture/src/args.c rename to metron-sensors/fastcapa/src/args.c diff --git a/metron-sensors/packet-capture/src/args.h b/metron-sensors/fastcapa/src/args.h similarity index 100% rename from metron-sensors/packet-capture/src/args.h rename to metron-sensors/fastcapa/src/args.h diff --git a/metron-sensors/packet-capture/src/kafka.c b/metron-sensors/fastcapa/src/kafka.c similarity index 100% rename from metron-sensors/packet-capture/src/kafka.c rename to metron-sensors/fastcapa/src/kafka.c diff --git a/metron-sensors/packet-capture/src/kafka.h b/metron-sensors/fastcapa/src/kafka.h similarity index 100% rename from metron-sensors/packet-capture/src/kafka.h rename to metron-sensors/fastcapa/src/kafka.h diff --git a/metron-sensors/packet-capture/src/main.c b/metron-sensors/fastcapa/src/main.c similarity index 100% rename from metron-sensors/packet-capture/src/main.c rename to metron-sensors/fastcapa/src/main.c diff --git a/metron-sensors/packet-capture/src/main.h b/metron-sensors/fastcapa/src/main.h similarity index 100% rename from metron-sensors/packet-capture/src/main.h rename to metron-sensors/fastcapa/src/main.h diff --git a/metron-sensors/packet-capture/README.md b/metron-sensors/packet-capture/README.md deleted file mode 100644 index dc299a842a..0000000000 --- a/metron-sensors/packet-capture/README.md +++ /dev/null @@ -1,12 +0,0 @@ -Metron Packet Capture -===================== - -A sensor that performs network packet capture leveraging the Data Plane Development Kit ([DPDK](http://dpdk.org/)). DPDK is a set of libraries and drivers to perform fast packet processing in Linux user space. The packet capture process will bind to a DPDK-compatible network interface, capture network packets, and send the raw packet data to a Kafka Broker. - -Getting Started ---------------- - -``` -cd deployment/vagrant/packet-capture -vagrant up -```