Dear all,
please find enclosed a patch that improves the existing NetFlow
dissector with respect to NetFlow v9.
Regards, Luca
--
Luca Deri <deri@xxxxxxxx> http://luca.ntop.org/
Hacker: someone who loves to program and enjoys being
clever about it - Richard Stallman
25a26,27
> ** NetFlow v9 patches by Luca Deri <deri@xxxxxxxx>
> **
143a146
> guint16 option_template; /* 0=data template, 1=option template */
194a198,202
> static int hf_cflow_option_scope_length = -1;
> static int hf_cflow_option_length = -1;
> static int hf_cflow_template_scope_field_type = -1;
> static int hf_cflow_template_scope_field_length = -1;
>
234a243,246
> static int hf_cflow_sampling_interval = -1;
> static int hf_cflow_sampling_algorithm = -1;
> static int hf_cflow_flow_active_timeout = -1;
> static int hf_cflow_flow_inactive_timeout = -1;
252d263
< #if 0
255d265
< #endif
476c486
< /*
---
> /*
498a509,510
> if (pduret < pdusize) pduret = pdusize; /* padding */
>
833c845
< /* dissect_v9_options(pdutree, tvb, offset); */
---
> dissect_v9_options(pdutree, tvb, offset);
935c947
< break;
---
> break;
1111a1124,1143
>
> case 34: /* sampling interval */
> proto_tree_add_item(pdutree, hf_cflow_sampling_interval,
> tvb, offset, length, FALSE);
> break;
>
> case 35: /* sampling algorithm */
> proto_tree_add_item(pdutree, hf_cflow_sampling_algorithm,
> tvb, offset, length, FALSE);
> break;
>
> case 36: /* flow active timeout */
> proto_tree_add_item(pdutree, hf_cflow_flow_active_timeout,
> tvb, offset, length, FALSE);
> break;
>
> case 37: /* flow inactive timeout */
> proto_tree_add_item(pdutree, hf_cflow_flow_inactive_timeout,
> tvb, offset, length, FALSE);
> break;
1138d1169
< #if 0
1142c1173,1231
< return (0);
---
> guint16 length, option_scope_len, option_len, i, id, size;
> struct v9_template template;
> int template_offset;
>
> id = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(pdutree, hf_cflow_template_id, tvb,
> offset, 2, FALSE);
> offset += 2;
>
> option_scope_len = length = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(pdutree, hf_cflow_option_scope_length, tvb,
> offset, 2, FALSE);
> offset += 2;
>
> option_len = length = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(pdutree, hf_cflow_option_length, tvb,
> offset, 2, FALSE);
> offset += 2;
>
> for(i=0; i<option_scope_len; i++) {
> length = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(pdutree, hf_cflow_template_scope_field_type, tvb,
> offset, 2, FALSE);
> offset += 2; i += 2;
>
> length = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(pdutree, hf_cflow_template_scope_field_length, tvb,
> offset, 2, FALSE);
> offset += 2; i += 2;
> }
>
> template_offset = offset;
>
> for(i=0; i<option_len;) {
> length = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(pdutree, hf_cflow_template_field_type, tvb,
> offset, 2, FALSE);
> offset += 2; i += 2;
>
> length = tvb_get_ntohs(tvb, offset);
> proto_tree_add_item(pdutree, hf_cflow_template_field_length, tvb,
> offset, 2, FALSE);
> offset += 2; i += 2;
> }
>
> /* Cache template */
> memset(&template, 0, sizeof(template));
> template.id = id;
> template.count = option_len/4;
> template.source_addr = 0; /* XXX */
> template.source_id = 0; /* XXX */
> template.option_template = 1; /* Option template */
> size = template.count * sizeof(struct v9_template_entry);
> template.entries = g_malloc(size);
> tvb_memcpy(tvb, (guint8 *)template.entries, template_offset, size);
>
> v9_template_add(&template);
>
> return (0);
1144d1232
< #endif
1170a1259
> template.option_template = 0; /* Data template */
1220a1310,1322
> { 27, "IPV6_SRC_ADDR" },
> { 28, "IPV6_DST_ADDR" },
> { 29, "IPV6_SRC_MASK" },
> { 30, "IPV6_DST_MASK" },
> { 31, "FLOW_LABEL" },
> { 32, "ICMP_TYPE" },
> { 33, "IGMP_TYPE" },
> { 34, "SAMPLING_INTERVAL" },
> { 35, "SAMPLING_ALGORITHM" },
> { 36, "FLOW_ACTIVE_TIMEOUT" },
> { 37, "FLOW_INACTIVE_TIMEOUT" },
> { 38, "ENGINE_TYPE" },
> { 39, "ENGINE_ID" },
1224a1327,1354
> { 56, "SRC_MAC" },
> { 57, "DST_MAC" },
> { 58, "SRC_VLAN" },
> { 59, "DST_VLAN" },
> { 60, "IP_PROTOCOL_VERSION" },
> { 61, "DIRECTION" },
> { 62, "IPV6_NEXT_HOP" },
> { 63, "BPG_IPV6_NEXT_HOP" },
> { 64, "IPV6_OPTION_HEADERS" },
> { 70, "MPLS_LABEL_1" },
> { 71, "MPLS_LABEL_2" },
> { 72, "MPLS_LABEL_3" },
> { 73, "MPLS_LABEL_4" },
> { 74, "MPLS_LABEL_5" },
> { 75, "MPLS_LABEL_6" },
> { 76, "MPLS_LABEL_7" },
> { 71, "MPLS_LABEL_8" },
> { 72, "MPLS_LABEL_9" },
> { 72, "MPLS_LABEL_10" },
> { 0, NULL },
> };
>
> static value_string v9_scope_field_types[] = {
> { 1, "System" },
> { 2, "Interface" },
> { 3, "Line Card" },
> { 4, "NetFlow Cache" },
> { 5, "Template" },
1529a1660,1702
>
> /* options */
> {&hf_cflow_option_scope_length,
> {"Option Scope Length", "cflow.option_scope_length",
> FT_UINT16, BASE_DEC, NULL, 0x0,
> "Option scope length", HFILL}
> },
> {&hf_cflow_option_length,
> {"Option Length", "cflow.option_length",
> FT_UINT16, BASE_DEC, NULL, 0x0,
> "Option length", HFILL}
> },
> {&hf_cflow_template_scope_field_type,
> {"Scope Type", "cflow.scope_field_type",
> FT_UINT16, BASE_DEC, VALS(v9_scope_field_types), 0x0,
> "Scope field type", HFILL}
> },
> {&hf_cflow_template_scope_field_length,
> {"Scope Field Length", "cflow.scope_field_length",
> FT_UINT16, BASE_DEC, NULL, 0x0,
> "Scope field length", HFILL}
> },
> {&hf_cflow_sampling_interval,
> {"Sampling interval", "cflow.sampling_interval",
> FT_UINT32, BASE_DEC, NULL, 0x0,
> "Sampling interval", HFILL}
> },
> {&hf_cflow_sampling_algorithm,
> {"Sampling algorithm", "cflow.sampling_algorithm",
> FT_UINT8, BASE_DEC, NULL, 0x0,
> "Sampling algorithm", HFILL}
> },
> {&hf_cflow_flow_active_timeout,
> {"Flow active timeout", "cflow.flow_active_timeout",
> FT_UINT16, BASE_DEC, NULL, 0x0,
> "Flow active timeout", HFILL}
> },
> {&hf_cflow_flow_inactive_timeout,
> {"Flow inactive timeout", "cflow.flow_inactive_timeout",
> FT_UINT16, BASE_DEC, NULL, 0x0,
> "Flow inactive timeout", HFILL}
> },
>
