LfapMet: an RTFM meter using the LFAP protocol as an input source.

LfapMet is an extension to NeTraMet that allows it to gather data from certain 
Riverstone routers instead of sniffing packets from the wire. 
(i.e. LfapMet is similar to NetFlowMet for cisco routers)

LFAP (Lightweight Flow Accounting Protocol) is a protocol used by Riverstone
routers to export flow data to a FAS (Flow Accounting Server). 
For more information on LFAP see the chapter on LFAP in the SSR user reference 
manual and the lfap_api.pdf file included in the following package:

ftp://ftp.nmops.org/pub/nmops/slate-1.1.tar.gz

Several versions of the LFAP protocol exist.
The latest version (at the time of this writing) is version 4.
This is the version used for the development of LfapMet.
LfapMet will definitely NOT work with an LFAP version prior to v4.
To determine what version your router uses; issue the command:

ssr2000# lfap show all

 LFAP Agent Status:  started
      LFAP version:  4
       conn status:  connection established to server xxx.xxx.xxx.xxx
	.....


How to use LfapMet:

Follow the normal instructions for building NeTraMet, this should also produce 
an LfapMet executable in the NeTraMetXX/src/meter directory
 (or the installation bin directory).

Start up LfapMet (on a computer that can be reached by the router), e.g.:

./LfapMet -k -w secretwrite -r secretread -R snmpread

Which should produce the following output:

NeTraMet: Network Meter 4.4b8

        ---------------------------------
                 LfapMet (v1.2)
              An RTFM meter for LFAP
 
          made as part of the ING project
          http://ing.ctit.utwente.nl
          for questions, remarks, bugs:
                     Remco Poortinga
          e-mail:    r.poortinga@home.nl
                     poortinga@telin.nl
          This LfapMet software is
          guaranteed to contain bugs!
        ---------------------------------

Ready...
Running on <host>, interface(s) lfap0

Now configure the router to use LFAP and set the correct server
(see also the user reference manual for your SSR)

ssr2000(config)# acl 101 permit ip any any any any accounting 

ssr2000(config)# acl 101 apply interface all-ip input output logging off policy local

ssr2000(config)# lfap set server 10.20.30.40

ssr2000(config)# lfap start

Where 10.20.30.40 of the lfap set server command is the IP address of the machine LfapMet is running on.

Then set this to be the active config:

ssr2000(config)# save active

Right after this, LfapMet should report:

client wants to connect.
trying i/f 0.
i/f 0 is free.

Although LfapMet should be able to process information from multiple routers,
this hasn't been tested (due to lack of routers).
Executing LfapMet without any command line switches (i.e. just ./LfapMet) shows a list of possible options. 
These are the standard NeTraMet options with two additions for LfapMet.

-p# enables different logging options (to screen or file):
-p1   Display flow info received from a CCE
-p2   Display messages sent between CCE and FAS (LfapMet)
-p4   Display raw messages (hexdump) received from CCE
-p8   log flow info received from a CCE in file 'LfapMet.logflowstats'
-p16  log messages sent between CCE and FAS in file 'LfapMet.logmessages'
-p32  log raw messages (hexdump) received from CCE in file'LfapMet.loghexmessages'
      (useful for debugging)
-p options can be combined, e.g:
      -p63 enables all
      -p9 enables display & logging of flow info

-R RSC    Set snmp read community for CCEs     

Use the -R option to tell LfapMet what the community string (snmp password) is for reading from the router.
LfapMet needs this to request the uptime from the router so that it can synchronize with it.
If this option is left out or LfapMet can't get the uptime from the router for some other reason,
it will do a guesstimate of the time difference between LfapMet and the router, which is very inaccurate...
(and will probably produce a lot of warnings about time jumping backwards).

Please report problems with LfapMet to: r.poortinga@home.nl or poortinga@telin.nl
---------------------------------------------------------------------
CHANGES

	v1.2
-Included DSCP (DiffServ Code Point) capability
-Used electricfence and tons of other debugging malloc implementations
 to get rid of (hopefully) the last memory leaks.
 One annoying thing: Combination with malloc from libc-2.1.3.so
 on a Linux-Mandrake system crashed with specific input
 (from logged communication, see next remark).
 No 'debugging malloc library' could either reproduce this crash or point to the cause of it.
 I should probably do some extra investigation into this...
 Possible workaround: Linking to a NetBSD version of malloc
   (http://www.ajk.tele.fi/libc/stdlib/malloc.c.html).
-Implemented a 'logging' option for debugging purposes (-p32), so communication
 with the router can be 're-played'.

	v1.1.1
-Fixed a number of memory leaks
-Fixed possible buffer overrun in interface_read.

	v1.1
-Added code to get the sysUpTime from the CCE.

	v1.0
-First really usable version.
