Menu
▾
▴
Re: [como-devel] Como questions
|
From: Iannaccone, G. <gia...@in...> - 2009-04-30 23:13:00
|
Hi Oana, > Documentation > I already read it on the mailing list, but I coming back with the > question, is there any documentation on how to write a new module? > At the lab we are using a specific hardware device for packet capturing > called GNET (http://www.gtrc.aist.go.jp/gnet ), in order to integrate > it with CoMo I need to write a driver for it, is there any documentation > on how to do this? Unfortunately there is very little documentation on how to build modules and sniffers (the code that is needed to work with other hardware devices for capturing packets). However, you can use the counter.c module and sniffer-libpcap.c as examples on how to write them. We are also currently moving to v2.0 that has made major changes both in the modules and the sniffers and (hopefully) we will have more documentation about that. We should be able to release v2.0 around June 2009. > Storage > Also, is it possible to filter the packets from a capture and store > the filtered capture in another file? yes, all you have to do is to add in the config file a module that defines the filter and stores the results in a directory of your choice. You can use the "trace" module for that. > If I enable CoMo to permanently capture packets from sFlow and NetFlow > on 10Gb links, for how long the packets are stored? and the analysis? You can use the "streamsize" parameter in each module for deciding how much disk space to dedicate to storing the packets and the analysis. At the moment you cannot define an amount of time but just disk space. Once the disk space is exhausted, the modules will start overwriting the files (in a circular manner). > Queries > Is it possible to split a capture file (pcap file) in flows and then > make other analysis on this flows? yes, via the replay() callback in the modules that support it. for example a query of the type http://<node>:<port>/topdest?source=tuple will do exactly that (i.e. use the output of the tuple module, that is flows, to compute the top-k destinations). > Is it possible to make modules that computes the distribution of > some metrics like flow size distribution, packet size distribution? yes. > Is it possible to integrate the output of the queries with RRD? there is no support for that right now but it is definitely doable. > I am for sure missing something, but how can I save the output of a > query into a file? you need to issue a query to the node via http and then save to file: e.g. "curl http://<node>:<port>/tuple > output_file" > If I am having a pcap trace file, on which I enabled the traffic module, > how can i get the evolution of the traffic in time, not just the > final results? you can do it two ways. run the query: http://<node>:<port>/traffic?start=0 or run directly como without configuration file like: "como -s pcap:<tracefile> traffic" > Performance > Is it able to capture and analyze packet from 10Gb links without loss? Unlikely. But it depends on the HW you have, the modules you turn on, etc. > Misc > Are there any other types of documentation that will help me in understanding > how the system is build beside the articles on the CoMo page? nope. :( > Is it possible to define a query priority that stops all the other queries? no. > Does comolive work with the last version from svn of como? I am getting > the following error: "Fatal error: Call to undefined function: file_put_contents() > in /var/www/comolive/config/index.php on line 228" working on making comolive work... thanks, gianluca |
