[netflow-tools] flowd ASA Support

[John Marrett]

Damien,

> My vague plan is to change the storage format of flowd to protocol
> buffers[1] so it will be able to store near-arbitrary data with good
> forward and backwards compatibility, but I haven't got around to it
> yet.

It would be very interesting to have a way to do this. There's
interesting data that my "patch" is leaving on the table.

The most significant are:

 - If the flow was permitted or denied; I tried to implement this, it
didn't go very well though. It didn't seem that the value
NF_F_FW_EVENT was being correctly set by the ASA (more likely, I
wasn't reading it correctly). Right now you can use a 0 byte flow as
an indicator that the traffic wasn't permitted but that's far from
perfect.
 - Translated addresses and ports

-JohnF