Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-pcap / c266796caaaf8a8c2a6c4a971a5fc18975b73f8e
commitc266796caaaf8a8c2a6c4a971a5fc18975b73f8e[log] [tgz]
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>Thu Aug 25 23:07:44 2016 +0200
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>Thu Sep 08 16:16:55 2016 +0200
treea88b5f91da0b7330bd044ce54b87f17d6d47465d
parentc1c194393b1c568961623c939efd5ae118903440 [diff]
client: Initial support for TLS in the client

Use GNUtls because it is GPL compatible and instead of mbedTLS seems
to have a working non-blocking I/O integration. GNUtls has various
issues that could not be resolved easily:

* Pick spdy as sub protocol
* gmt_time not randomized
* private key loaded to RAM (but not verified)

This is the beginning and not the end. Client support might need more
work with actual tls verification. Maybe more manual x509 cert
verification is needed and maybe client certs don't work at all. I try
to ignore renegotiation as I threw away the key.

Reload x509 creds and keys as they might have changed from one
connection to another.

Change-Id: I9128e14084da1fc2705f858393f98b8133996172
12 files changed
tree: a88b5f91da0b7330bd044ce54b87f17d6d47465d
  1. contrib/
  2. debian/
  3. doc/
  4. include/
  5. src/
  6. tests/
  7. .gitignore
  8. .travis.yml
  9. AUTHORS
  10. configure.ac
  11. COPYING
  12. git-version-gen
  13. Makefile.am
  14. osmoappdesc.py
  15. README.md
  16. TLS_TODO
  17. TODO
README.md

osmo-pcap distributed network capture

osmo-pcap has been created to collect network traces at different nodes but store them centrally at a dedicated note for further analysis. This might be needed for auditing, resolving conflicts, post processing or debugging a distributed system.

The system consists out of the osmo-pcap-client to cpature traffic at a host and osmo-pcap-server to receive the traffic, store and rotate the traffic at a centralized server. There is a shell script to compress and expire old traces.

osmo-pcap-client

The osmo-pcap-client is using libpcap and has a built-in detector for the GPRS-NS/BSSGP protocol to exclude user traffic. The client is known to work on 32/64 bit systems. It can be configured through the VTY and the minimal config includes the interface to monitor, the pcap filter to use and the server to send it to.

osmo-pcap-server

The osmo-pcap-server will listen for new TCP connections and then will receive the data from the client if it is coming from a known/good source IPv4/port. The server is configured to write one file per client and to change/rotate the file when the link encapsulation is changing. It can be configured to rotate the file a given time interval and/or if the filesize is over a threshold.

The osmo-pcap-server comes with a shell script to rotate and compress old traces. Currently the configuration parameters (age or amount based) need to be tuned in the script itself.

Installation and Configuration

There are Debian, Ubuntu, SLES, OpenSUSE and CentOS packages available via the excellent openSUSE Build Service.

Please see the contrib/osmo-pcap-server.cfg and contrib/osmo-pcap-client.cfg file in the repository

Wishlist/TODO

  • [ ] Add non-blocking TLS (probably GNUtls) support between client and server.
  • [ ] Improve the clean-up script, maybe re-write in python with exteral configuration.
  • [ ] Add hooks to the server to have an application receive all packages

Author and License

osmo-pcap has been created by Holger Hans Peter Freyther (holger@freyther.de) and is licensed as AGPLv3+. The author appreciates failure or success reports of using the software.