libfixbuf is a compliant implementation of the IPFIX Protocol, as defined in the "Specification of the IPFIX Protocol for the Exchange of Flow Information" (RFC 7011). It supports the information model defined in "Information Model for IP Flow Information Export" (RFC 7012), extended as proposed by "Bidirectional Flow Export using IPFIX" (RFC 5103) to support information elements for representing biflows. libfixbuf supports structured data elements as described in "Export of Structured Data in IPFIX" (RFC 6313), which adds the ability to export basicLists, subTemplateLists, and subTemplateMultiLists. libfixbuf can export type information for IPFIX elements as described in "Exporting Type Information for IPFIX Information Elements" (RFC 5610), and it supports reading this information.
libfixbuf supports UDP, TCP, SCTP, TLS over TCP, and Spread as transport protocols. Support for DTLS over UDP and DTLS over SCTP is forthcoming. It also supports operation as an IPFIX File Writer or IPFIX File Reader as defined in "Specification of the IPFIX File Format" (RFC 5655).
libfixbuf's public API is defined in public.h; see the Getting started with libfixbuf section or public.h for general documentation on getting started with libfixbuf, as well as detailed documentation on the public API calls and data types.
A Python API to libfixbuf is available in the pyfixbuf package, distributed separately.
libfixbuf is distributed from https://tools.netsa.cert.org/fixbuf/download.html
libfixbuf uses a reasonably standard autotools-based build system. The customary build procedure (
./configure && make && make install) should work in most environments.
The ipfixDump application, its manual page, and a support file (
cert_ipfix.xml) are built and installed by default (as of libfixbuf-2.3.0). Use –disable-tools to bulid and install the libfixbuf library only.
libfixbuf automatically uses the getaddrinfo(3) facility and the accompanying dual IPv4/IPv6 stack support if present. getaddrinfo(3) must be present to export or collect flows over IPv6.
libfixbuf does not build with SCTP support by default. The –with-sctp option must be given to the libfixbuf ./configure script to include SCTP support. Also note that SCTP requires kernel support, and applications built against libfixbuf with libsctp may fail at runtime if that kernel support is not present.
libfixbuf does not build with TLS support by default. The –with-openssl option must be given to the libfixbuf ./configure script to include TLS support.
Spread support requires Spread 4.1 or later. libfixbuf does not build with Spread support by default. The –with-spread option must be given to libfixbuf ./configure script to include Spread support.
The following are known issues with libfixbuf as of version 1.0.0:
libfixbuf is copyright 2005-2019 Carnegie Mellon University, and is released under the GNU Lesser General Public License (LGPL) Version 3. See the LICENSE.txt file in the distribution for details.
libfixbuf was developed at Carnegie Mellon University by Brian Trammell and the CERT Network Situational Awareness Group Engineering Team for use in the YAF and SiLK tools.