Iplog: a plugin to log ip addresses for a vde switch

From Virtualsquare
Revision as of 19:44, 27 December 2012 by Renzo (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

iplog is a vde_switch plugin. It is able to log the IPv4/IPv6 addresses in use on the network. Each time a new IP address is used on the network (or the same address comes from a different port), the plugin writes a log message including the IP address, the port and the id of the user owner of the port. iplog is included in the svn tree.

Using iplog it is possible to leave a virtual network open for the users. The owner of an IP address can be found from the log files. It is possible to limit the logging to some ranges of IP addresses (usually the addresses routed to the Internet), so that information about IP addresses used only for local data exchange does not mess up the log files.

The management command to load iplog is: 

vde$ plugin/add iplog

iplog defines the following commands: 

vde$ help iplog
COMMAND PATH       SYNTAX          HELP
------------       --------------  ------------
iplog              ============    IP/Mac/User Logging
iplog/showinfo                     Show info on logging
iplog/logfile      pathname        Set the logfile
iplog/ipadd        ipaddr/mask     add an ipv4/v6 range
iplog/ipdel        ipaddr/mask     del an ipv6/v6 range
iplog/list                         list ip ranges
iplog/setgcint     N               change garbage collector interval
iplog/setexpire    N               change iplog entries expire time
iplog/iplist                       list active IP
iplog/ipport       port            list active IP on a port
iplog/ipuser       user            list active IP of a user
iplog/ipsearch     ipaddr          search an IP address

vde$ iplog/showinfo

iplog: ip/port/user logging plugin
log disabled
GC interval 10 secs
GC expire 360 secs
Success

logging is initially disabled and the default persistence of ip addresses is 6 minutes, the scan for unused addresses take place each 10 seconds. It means an IP address is not used for more than 6 minutes it is reported as a new address.

iplog can write its output on a file or on syslog the command is the following (use file '-' for syslog): 

vde$ iplog/logfile /tmp/iplog
vde$ iplog/showinfo
...
log on file /tmp/iplog
vde$ iplog/logfile -               
vde$ iplog/showinfo 
...
log on syslog

iplog logs the ip addresses that match one of the logging ranges. The list of logging ranges is initially empty: 

 
vde$ iplog/list

Success

Ipv4 or ipv6 ranges can be added and removed: 

vde$ iplog/ipadd 10.1.0.0/16                    
vde$ iplog/ipadd 192.168.1.0/24 
vde$ iplog/ipadd 2001:0:0:1::/64
vde$ iplog/list

  ipv4: 10.1.0.0/16          
  ipv4: 192.168.1.0/24
  ipv6: 2001:0:0:1::/64
Success
vde$ iplog/ipdel 10.1.0.0/16
vde[/var/run/vde.mgmt/mgmt]: iplog/list             

  ipv4: 192.168.1.0/24       
  ipv6: 2001:0:0:1::/64
Success

It is possible to log all the ip addresses: just add /0 addresses: 

vde$ iplog/ipadd 0.0.0.0/0  
vde$ iplog/ipadd ::/0                   
vde$ iplog/list

  ipv4: 0.0.0.0/0            
  ipv6: ::/0
Success

The log entries have the following structure: 

Jan 15 17:31:49 ipv4 130.136.31.44 port=1 vlan=0 user=(none) "tap0"
Jan 15 17:31:49 ipv4 130.136.31.1 port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258"
Jan 15 17:32:34 ipv6 fe80::acef:fcff:fe92:eddb port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258"

It is possible to list and search the database of the ip addresses currently stored: 

vde$ iplog/iplist

ipv4 130.136.31.1 port=2 user=renzo
ipv4 130.136.31.44 port=1 user=(none)
ipv6 fe80::acef:fcff:fe92:eddb port=2 user=renzo
Success
vde$ iplog/ipport 2

ipv4 130.136.31.1 port=2 user=renzo
ipv6 fe80::acef:fcff:fe92:eddb port=2 user=renzo
Success
vde$ iplog/ipsearch 130.136.31.1

ipv4 130.136.31.1 port=2 user=renzo
Success
vde$ iplog/ipuser renzo
ipv4 130.136.31.1 port=2 user=renzo
ipv6 fe80::acef:fcff:fe92:eddb port=2 user=renzo
Success

iplog provides also a debugging entry (newip). When active, iplog reports live also on console the appearance of new ip addresses. 

vde$ debug/list

CATEGORY               TAG STATUS HELP
------------           --- ------ ----
...
iplog/newip            301 OFF    show new ip addresses
Success
vde$ debug/add iplog/newip
Success                      
vde$ debug/list     

CATEGORY               TAG STATUS HELP
------------           --- ------ ----
...
iplog/newip            301 ON     show new ip addresses
Success
** DBG MSG: iplog/newip ipv4 130.136.31.44 port=1 vlan=0 user=(none) "tap0"
** DBG MSG: iplog/newip ipv4 130.136.31.1 port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258"
** DBG MSG: iplog/newip ipv4 130.136.31.5 port=2 vlan=0 user=renzo "vde_plug: user=renzo PID=29258"
vde$

Note: iplog close and reopens the logfile when the vde_switch receives a SIGHUP. Send a SIGHUP to rotate the logfile.

Retrieved from "http://wiki.v2.cs.unibo.it/wiki/index.php?title=Iplog:_a_plugin_to_log_ip_addresses_for_a_vde_switch&oldid=60"
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox