Yehhaaaa! NetFlow v9 working now

2024-11-23 13:22:36 +01:00 · 2015-01-28 19:56:41 +03:00 · 2015-01-28 19:56:41 +03:00 · c03fedf12a
commit c03fedf12a
parent caf5cdc885
2 changed files with 9 additions and 7 deletions
--- a/netflow_plugin/netflow.h
+++ b/netflow_plugin/netflow.h
@ -29,8 +29,7 @@ struct peer_nf9_record {
        u_int len;
 };

-
-typedef std::map <u_int, u_int> netflow9_template_records_map;
+typedef std::vector <struct peer_nf9_record> netflow9_template_records_map;

 /* A NetFlow v.9 template record */
 struct peer_nf9_template {
@ -38,7 +37,6 @@ struct peer_nf9_template {
        u_int num_records;
        u_int total_len;
        netflow9_template_records_map records;
-        //std::vector <struct peer_nf9_record> records;
 };


--- a/netflow_plugin/netflow_collector.cpp
+++ b/netflow_plugin/netflow_collector.cpp
@ -84,9 +84,13 @@ int process_netflow_v9_template(u_int8_t *pkt, size_t len, u_int32_t source_id)
            u_int record_type   = ntohs(tmplr->type);
            u_int record_length = ntohs(tmplr->length);

-            template_records_map[record_type] = record_length;
+            struct peer_nf9_record current_record;
+            current_record.type = record_type;
+            current_record.len  = record_length;

-            //logger<< log4cpp::Priority::INFO<<"type: "<<ntohs(tmplr->type)<<" length:"<<ntohs(tmplr->length);
+            template_records_map.push_back(current_record);
+
+            logger<< log4cpp::Priority::INFO<<"Learn new template type: "<<ntohs(tmplr->type)<<" length:"<<ntohs(tmplr->length);
 
            offset += sizeof(*tmplr);
            total_size += record_length;
@ -172,8 +176,8 @@ int nf9_flowset_to_store(u_int8_t *pkt, size_t len, struct NF9_HEADER *nf9_hdr,

    // We should iterate over all available template fields
    for (netflow9_template_records_map::iterator iter = template_records.begin(); iter != template_records.end(); iter++) {
-        u_int record_type   = iter->first;
-        u_int record_length = iter->second;
+        u_int record_type   = iter->type;
+        u_int record_length = iter->len;

        nf9_rec_to_flow(record_type, record_length, pkt + offset, packet);
        logger<< log4cpp::Priority::INFO<<"Read data with type: "<<record_type<<" and length:"<<record_length;