libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Exchange of Flow Information" (RFC 7011). It supports the information model defined in "Information Model for IP Flow Information Export" (RFC 7012), extended as proposed by "Bidirectional Flow Export using IPFIX" (RFC 5103) to support information elements for representing biflows.
libfixbuf supports UDP, TCP, SCTP, TLS over TCP, and Spread as transport protocols. Support for DTLS over UDP and DTLS over SCTP is forthcoming. It also supports operation as an IPFIX File Writer or IPFIX File Reader as defined in "An IPFIX-Based File Format" (draft-trammell-ipfix-file, current revision -05).
As of version 1.0, libfixbuf supports structured data elements as described in "Export of Structured Data in IPFIX" (RFC 6313). This adds the ability to export basicLists, subTemplateLists, and subTemplateMultiLists.
libfixbuf version 1.4 adds support for exporting type information for IPFIX elements as described in "Exporting Type Information for IPFIX Information Elements" (RFC 5610). This expands the definition of an Information Element in the Information Model. In addition to the PEN, length, name, and ID, an Information Element can also have a data type, description, range, semantics, and units.
libfixbuf's public API is defined in public.h; see the Getting started with libfixbuf section or public.h for general documentation on getting started with libfixbuf, as well as detailed documentation on the public API calls and data types.
libfixbuf is distributed from http://tools.netsa.cert.org/fixbuf
libfixbuf uses a reasonably standard autotools-based build system. The customary build procedure (
./configure && make && make install) should work in most environments.
libfixbuf requires glib-2.0 version 2.18 or later. glib is available on most modern Linux distributions and BSD ports collections, or in source form from http://www.gtk.org.
libfixbuf automatically uses the getaddrinfo(3) facility and the accompanying dual IPv4/IPv6 stack support if present. getaddrinfo(3) must be present to export or collect flows over IPv6.
libfixbuf does not build with SCTP support by default. The –with-sctp option must be given to the libfixbuf ./configure script to include SCTP support. Also note that SCTP requires kernel support, and applications built against libfixbuf with libsctp may fail at runtime if that kernel support is not present.
libfixbuf does not build with TLS support by default. The –with-openssl option must be given to the libfixbuf ./configure script to include TLS support.
Spread support requires Spread 4.1 or later. libfixbuf does not build with Spread support by default. The –with-spread option must be given to libfixbuf ./configure script to include Spread support.
The following are known issues with libfixbuf as of version 1.0.0:
libfixbuf is copyright 2005-2018 Carnegie Mellon University, and is released under the GNU Lesser General Public License (LGPL) Version 3. See the LICENSE.txt file in the distribution for details.
libfixbuf was developed at Carnegie Mellon University by Brian Trammell and the CERT Network Situational Awareness Group Engineering Team for use in the YAF and SiLK tools.