[netflow-tools] flowd + avici v9 flows problem
Damien Miller
djm at mindrot.org
Sun Aug 14 00:26:53 EST 2005
Damien Miller wrote:
> That't what I'm working on now :)
>
> BTW. If anyone wants fields added to the flowd log format, now is
> the time to speak up. So far I'm:
>
> - Extending src/dst AS to 32 bits each
> - Extending in/out SNMP indices to 32 bits each
> - Adding NetFlow v.9 source_id to FLOW_ENGINE_INFO
> - Probably adding NetFlow v.9 min/max packet length.
>
> Any more fields that you want?
>
> (I'm trying to make the changes backwards-compatible, so a new flowd
> will be able to read an old flowd's logs, but probably not write or
> append to them.)
Here is a preliminary diff: it changes the storage format a bit. Apart
from extending src/dst AS and the SNMP indices to 4 octets each and
adding NetFlow v.9 source_id and a receive time microseconds fields, it
eliminates the per-logfile header.
Each flow now stores its own version and its length, which has the nice
effect that we can add new fields to this format without rendering it
incompatible.
This diff is not complete: it doesn't fully update the Perl and Python
APIs (which I will probably rewrite to be faster) and, while it includes
compaibility code to read logs from previous releases, this code isn't
actually hooked in yet.
That being said I'd like some non-production testing, especially with
NetFlow v.9 sources. Please give it a try.
Also, if there are any more NetFlow v.9 fields that anyone would like to
see in there, now it the time to ask!
Thanks,
Damien Miller
-d
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: flowd-v3.diff
Url: http://lists.mindrot.org/pipermail/netflow-tools/attachments/20050814/44bd6c5b/attachment.ksh
More information about the netflow-tools
mailing list