[netflow-tools] Softflowd patches for ICMP type/code and DESTDIR support
ssnodgra at pheran.com
Wed Mar 29 04:53:47 EST 2006
On Wed, Mar 15, 2006 at 10:09:57AM +1100, Damien Miller wrote:
> > 2. When Cisco routers generate Netflow v5 for ICMP, they encode the ICMP
> > type and code into the Netflow destination port field as type*256 + code.
> > Unfortunately softflowd does not do this, so you have no way of knowing
> > what ICMP it is logging - until now! The other attached patch enables
> > the same ICMP type/code reporting you get with Cisco Netflow.
> Thanks for this. I tweaked the patch slightly because "struct icmphdr"
> appears to be a Linuxism, and is not present on OpenBSD or Solaris.
> What was committed uses "struct icmp" which is everywhere.
> Please give this a try - it might need some incantation of _BSD_SOURCE
> defined on glibc, or maybe not.
You're absolutely right, sorry about that. I just checked an old Solaris 8
box and it only has "struct icmp" as well. I did a compile on Linux with
struct icmp and it worked fine (with no additional defines), so your patch
should be good.
Steve Snodgrass * ssnodgra at pheran.com * Network and Unix Guru(?) at Large
Geek Code: GCS d? s: a C++ U++++$ P+++ L++ w PS+ 5++ b++ DI+ D++ e++ r+++ y+*
"If you want to be somebody else, change your mind." -Sister Hazel
More information about the netflow-tools