Wireshark · Ethereal-dev: [Ethereal-dev] NetFlow v9 Improvements

Ethereal-dev: [Ethereal-dev] NetFlow v9 Improvements

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Luca Deri <deri@xxxxxxxx>

Date: Tue, 07 Sep 2004 15:10:08 +0200

Dear all,

please find enclosed a patch that improves the existing NetFlowdissector with respect to NetFlow v9.


Regards, Luca

--
Luca Deri <deri@xxxxxxxx>	http://luca.ntop.org/
Hacker: someone who loves to program and enjoys being
clever about it - Richard Stallman

25a26,27
>  ** NetFlow v9 patches by Luca Deri <deri@xxxxxxxx>
>  **
143a146
>         guint16 option_template; /* 0=data template, 1=option template */
194a198,202
> static int	hf_cflow_option_scope_length = -1;
> static int	hf_cflow_option_length = -1;
> static int	hf_cflow_template_scope_field_type = -1;
> static int	hf_cflow_template_scope_field_length = -1;
> 
234a243,246
> static int      hf_cflow_sampling_interval = -1;
> static int      hf_cflow_sampling_algorithm = -1;
> static int      hf_cflow_flow_active_timeout = -1;
> static int      hf_cflow_flow_inactive_timeout = -1;
252d263
< #if 0
255d265
< #endif
476c486
< 		/*
---
>           	/*
498a509,510
> 		if (pduret < pdusize) pduret = pdusize; /* padding */
> 
833c845
< 		/* dissect_v9_options(pdutree, tvb, offset); */
---
> 		dissect_v9_options(pdutree, tvb, offset);
935c947
< 			break;
---
> 		  break;
1111a1124,1143
> 			
> 		case 34: /* sampling interval */
> 		  proto_tree_add_item(pdutree, hf_cflow_sampling_interval,
> 				      tvb, offset, length, FALSE);
> 		  break;
> 
> 		case 35: /* sampling algorithm */
> 		  proto_tree_add_item(pdutree, hf_cflow_sampling_algorithm,
> 				      tvb, offset, length, FALSE);
> 		  break;
> 
> 		case 36: /* flow active timeout */
> 		   proto_tree_add_item(pdutree, hf_cflow_flow_active_timeout,
> 				      tvb, offset, length, FALSE);
> 		  break;
> 
> 		case 37: /* flow inactive timeout */
> 		   proto_tree_add_item(pdutree, hf_cflow_flow_inactive_timeout,
> 				      tvb, offset, length, FALSE);
> 		  break;
1138d1169
< #if 0
1142c1173,1231
< 	return (0);
---
>   guint16 length, option_scope_len, option_len, i, id, size;
>   struct v9_template template;
>   int template_offset;
> 
>   id = tvb_get_ntohs(tvb, offset);
>   proto_tree_add_item(pdutree, hf_cflow_template_id, tvb,
> 		      offset, 2, FALSE);
>   offset += 2;
> 
>   option_scope_len = length = tvb_get_ntohs(tvb, offset);
>   proto_tree_add_item(pdutree, hf_cflow_option_scope_length, tvb,
> 		      offset, 2, FALSE);
>   offset += 2;
> 
>   option_len = length = tvb_get_ntohs(tvb, offset);
>   proto_tree_add_item(pdutree, hf_cflow_option_length, tvb,
> 		      offset, 2, FALSE);
>   offset += 2;
> 
>   for(i=0; i<option_scope_len; i++) {
>     length = tvb_get_ntohs(tvb, offset);
>     proto_tree_add_item(pdutree, hf_cflow_template_scope_field_type, tvb,
> 			offset, 2, FALSE);
>     offset += 2; i += 2;
> 
>     length = tvb_get_ntohs(tvb, offset);
>     proto_tree_add_item(pdutree, hf_cflow_template_scope_field_length, tvb,
> 			offset, 2, FALSE);
>     offset += 2; i += 2;
>   }
> 
>   template_offset = offset;
> 
>   for(i=0; i<option_len;) {
>     length = tvb_get_ntohs(tvb, offset);
>     proto_tree_add_item(pdutree, hf_cflow_template_field_type, tvb,
> 			offset, 2, FALSE);
>     offset += 2; i += 2;
> 
>     length = tvb_get_ntohs(tvb, offset);
>     proto_tree_add_item(pdutree, hf_cflow_template_field_length, tvb,
> 			offset, 2, FALSE);
>     offset += 2; i += 2;
>   }
> 
>   /* Cache template */
>   memset(&template, 0, sizeof(template));
>   template.id = id;
>   template.count = option_len/4;
>   template.source_addr = 0;	/* XXX */
>   template.source_id = 0;	/* XXX */
>   template.option_template = 1; /* Option template */
>   size = template.count * sizeof(struct v9_template_entry);
>   template.entries = g_malloc(size);
>   tvb_memcpy(tvb, (guint8 *)template.entries, template_offset, size);
> 
>   v9_template_add(&template);
>   
>   return (0);
1144d1232
< #endif
1170a1259
> 	template.option_template = 0;   /* Data template */
1220a1310,1322
> 	{ 27, "IPV6_SRC_ADDR" },
> 	{ 28, "IPV6_DST_ADDR" },
> 	{ 29, "IPV6_SRC_MASK" },
> 	{ 30, "IPV6_DST_MASK" },
> 	{ 31, "FLOW_LABEL" },
> 	{ 32, "ICMP_TYPE" },
> 	{ 33, "IGMP_TYPE" },
> 	{ 34, "SAMPLING_INTERVAL" },
> 	{ 35, "SAMPLING_ALGORITHM" },
> 	{ 36, "FLOW_ACTIVE_TIMEOUT" },
> 	{ 37, "FLOW_INACTIVE_TIMEOUT" },
> 	{ 38, "ENGINE_TYPE" },
> 	{ 39, "ENGINE_ID" },
1224a1327,1354
> 	{ 56, "SRC_MAC" },
> 	{ 57, "DST_MAC" },
> 	{ 58, "SRC_VLAN" },
> 	{ 59, "DST_VLAN" },
> 	{ 60, "IP_PROTOCOL_VERSION" },
> 	{ 61, "DIRECTION" },
> 	{ 62, "IPV6_NEXT_HOP" },
> 	{ 63, "BPG_IPV6_NEXT_HOP" },
> 	{ 64, "IPV6_OPTION_HEADERS" },
> 	{ 70, "MPLS_LABEL_1" },
> 	{ 71, "MPLS_LABEL_2" },
> 	{ 72, "MPLS_LABEL_3" },
> 	{ 73, "MPLS_LABEL_4" },
> 	{ 74, "MPLS_LABEL_5" },
> 	{ 75, "MPLS_LABEL_6" },
> 	{ 76, "MPLS_LABEL_7" },
> 	{ 71, "MPLS_LABEL_8" },
> 	{ 72, "MPLS_LABEL_9" },
> 	{ 72, "MPLS_LABEL_10" },
> 	{ 0, NULL },
> };
> 
> static value_string v9_scope_field_types[] = {
> 	{ 1, "System" },
> 	{ 2, "Interface" },
> 	{ 3, "Line Card" },
> 	{ 4, "NetFlow Cache" },
> 	{ 5, "Template" },
1529a1660,1702
> 
> 		/* options */
> 		{&hf_cflow_option_scope_length,
> 		 {"Option Scope Length", "cflow.option_scope_length",
> 		  FT_UINT16, BASE_DEC, NULL, 0x0,
> 		  "Option scope length", HFILL}
> 		 },
> 		{&hf_cflow_option_length,
> 		 {"Option Length", "cflow.option_length",
> 		  FT_UINT16, BASE_DEC, NULL, 0x0,
> 		  "Option length", HFILL}
> 		 },
> 		{&hf_cflow_template_scope_field_type,
> 		 {"Scope Type", "cflow.scope_field_type",
> 		  FT_UINT16, BASE_DEC, VALS(v9_scope_field_types), 0x0,
> 		  "Scope field type", HFILL}
> 		 },		
> 		{&hf_cflow_template_scope_field_length,
> 		 {"Scope Field Length", "cflow.scope_field_length",
> 		  FT_UINT16, BASE_DEC, NULL, 0x0,
> 		  "Scope field length", HFILL}
> 		 },
> 		{&hf_cflow_sampling_interval,
> 		 {"Sampling interval", "cflow.sampling_interval",
> 		  FT_UINT32, BASE_DEC, NULL, 0x0,
> 		  "Sampling interval", HFILL}
> 		},
> 		{&hf_cflow_sampling_algorithm,
> 		 {"Sampling algorithm", "cflow.sampling_algorithm",
> 		  FT_UINT8, BASE_DEC, NULL, 0x0,
> 		  "Sampling algorithm", HFILL}
> 		},
> 		{&hf_cflow_flow_active_timeout,
> 		 {"Flow active timeout", "cflow.flow_active_timeout",
> 		  FT_UINT16, BASE_DEC, NULL, 0x0,
> 		  "Flow active timeout", HFILL}
> 		},
> 		{&hf_cflow_flow_inactive_timeout,
> 		 {"Flow inactive timeout", "cflow.flow_inactive_timeout",
> 		  FT_UINT16, BASE_DEC, NULL, 0x0,
> 		  "Flow inactive timeout", HFILL}
> 		},
>

Follow-Ups:
- Re: [Ethereal-dev] NetFlow v9 Improvements
  - From: Guy Harris

Prev by Date: Re: FW: [Ethereal-dev] Any chance to get something like "decode as" for DCE-RPC interfaces?
Next by Date: [Ethereal-dev] Re: [Ethereal-cvs] Rev 11923: /branches/win32-native/gtk/: capture_dlg.c /branches/win32-native/xulender/win32-c-sdk/localelements/: ethereal-combobox.c ethereal-combobox.h ethereal-elements.h ... (Out of the office)
Previous by thread: [Ethereal-dev] Ethereal 0.10.6 : Solaris 9: Crash when saving files
Next by thread: Re: [Ethereal-dev] NetFlow v9 Improvements
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$