[netflow-tools] flowd ASA Support

John Marrett johnf at zioncluster.ca
Tue Aug 30 22:53:24 EST 2011


I have implemented some extremely basic ASA support in the attached
patch; It implements the following ASA functionality:

If a packet with field type 85 is received, it will set the octet
counter to match the value from that field, this will override any
value expressed in the standard octet counter NF9_IN_BYTES, field type
1.

If the number of octets is greater than 0 it will also set the packet
counter to 1.

It would be possible to add other functionality, such as:

 - recording of translated IPs and ports
 - recording of the start time of the flow as well as / instead of the
termination time
 - recording of flow denial (flows are created for traffic that is denied)

This patch implements the initial support that I need, if I develop
anything else I will share it with the list.

-JohnF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asa_patch.diff
Type: text/x-patch
Size: 972 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/netflow-tools/attachments/20110830/3ed46e04/attachment.bin>


More information about the netflow-tools mailing list