Monitoring for Large-Scale Networks

fixbuf

libfixbuf: Installation Instructions

libfixbuf may be installed from pre-built RPM files on supported platforms or by compiling the source code.

Install from the CERT Linux Forensics Tools Repository

The easiest way to install libfixbuf on RPM-based hosts (Redhat, Fedora, etc) is to use the CERT Linux Forensics Tools Repository.

Follow their instructions to add the Tools Reposistory to the locations your system looks for packages, and use yum to find and install libfixbuf and its dependencies.

An alternative is the to download the libfixbuf RPM and install it and its dependencies manually. See the dependency section below for the list of dependencies.

Compile and Install the Source Code

Basic Build Environment

When building from source, ensure you have the packages needed to build software.

For Redhat, Fedora, and other RPM systems, run
```
sudo yum -y install gcc gcc-c++ make pkgconfig
```
Alternatively, you may install the tools for a complete development environment:
```
sudo yum -y group install "Development Tools"
```
For Debian and Ubuntu, run
```
sudo apt install build-essential
```
For macOS, install Xcode from the App Store and the Xcode command line tools.

Downloading

libfixbuf is distributed from https://tools.netsa.cert.org/fixbuf/download.html

After downloading the libfixbuf-3.0.0.tar.gz file (or whichever version you chose), expand it using a command similar to the following, then change directory into libfixbuf-3.0.0.

tar zxf libfixbuf-3.0.0.tar.gz

Dependencies

libfixbuf requires GLib-2.0 version 2.18 or later. GLib is available and pre-installed on most modern Linux distributions and BSD ports collections. On Redhat, Fedora, and RPM systems, ensure the glib2-devel package is installed. On Ubuntu and Dedian, ensure the libglib2.0-dev package is installed. GLib-2.0 is also available in source form.

Optional TLS support requires OpenSSL. OpenSSL is pre-installed on many systems. On Linux, ensure the *-dev or *-devel version of the package is also installed.

Building

libfixbuf uses a reasonably standard autotools-based build system. The customary build procedure (**./configure && make && make install**) should work in most environments.

Configuration Options

–disable-tools

The ipfixDump and ipfix2json applications, their manual page, and a support file (cert_ipfix.xml) are built and installed by default. Use the –disable-tools option on **./configure** to bulid and install the libfixbuf library only.
–with-sctp

libfixbuf does not build with SCTP support by default. The –with-sctp option must be given to the libfixbuf **./configure** script to include SCTP support. Also note that SCTP requires kernel support, and applications built against libfixbuf with libsctp may fail at runtime if that kernel support is not present.
–with-openssl

libfixbuf does not build with TLS support by default. The option must be given to the libfixbuf **./configure** script to include TLS support.

Known Issues

The following are known issues with libfixbuf as of version 1.0.0:

There is no support for DTLS over UDP or DTLS over SCTP transport.
There is no support for application-selectable SCTP stream assignment or SCTP partial reliability. Templates are sent reliably on stream 0, and data sets are sent reliably on stream 1.
There is no automatic support for periodic template retransmission or periodic template expiration as required when transporting IPFIX over UDP. Applications using libfixbuf to transport IPFIX messages over UDP must maintain these timeouts and manually manage the session. However, inactive UDP collector sessions are timed out after 30 minutes, at which time the session is freed and all templates associated with the session are removed.

Previous: libfixbuf - IPFIX Protocol Library | Next: Using libfixbuf in Your Program