Comments (7)
Hello, yes only some fields are converted into the protobuf.
Feel free to fork it in the meantime.
It is possible to add them. Ideally it's better if they are present in multiple versions.
Out of curiosity, what is the use case of this field? What equipments are sending it?
from goflow.
Thanks for getting back to me so quickly :)
It's for a security project in which it's important to know who initiated the connection. I'll be receiving flows from traditional routers and switches but they'll be configured to export in biflow format (rfc5103).
from goflow.
I don't think I have a compatible devices for testing, do you have samples (pcap)?
from goflow.
For testing I'm using nprobe to generate IPFIX flows. There is a free version of nprobe available.
sudo nprobe -i eth0 -n 192.168.1.102:2055 -V 10 -T "%PROTOCOL %IN_SRC_MAC %OUT_DST_MAC %IP_PROTOCOL_VERSION %IPV4_SRC_ADDR %IPV4_SRC_MASK %IPV4_DST_ADDR %IPV4_DST_MASK %L4_SRC_PORT %L4_DST_PORT %TOTAL_PKTS_EXP %TOTAL_BYTES_EXP %SRC_TOS %DIRECTION %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %BIFLOW_DIRECTION"
Here's a pcap:
https://file.io/ZeNZoM
from goflow.
@5tingray sorry for the delay, did not have time to look into it, could you send the file again?
from goflow.
I just made a pre-release https://github.com/cloudflare/goflow/releases/tag/v3.0.0.0 which integrate biflow direction
from goflow.
Thank you that's awesome! Sorry for not getting back to you before. I'll get testing this now and get back to you.
from goflow.
Related Issues (20)
- How to lookup the received netflow packets HOT 2
- Can this project be used as a library? HOT 2
- Renormalise the sampled data HOT 2
- gloflow2 doesn't multiply sampling rate with bytes/packets
- Nat Event On Output(Question) HOT 2
- Protobuf messages are corrupted or don't match the provided schema HOT 4
- Port Mirror Question HOT 2
- vendor-specific field parsing HOT 2
- Support for IPFIX dataLinkFrameSection HOT 1
- SIGSEGV when port is already in use
- GoFlow segfaults with bad input HOT 3
- How can we configure goflow to enable collector for Netflow V9 format?
- Same Time* for sflow even if they are different
- [Kafka SSL] Custom truststore and keystore.
- IPFIX Template decoding does not handle Enterprise-Specific Information Elements
- why parse sflow packet limit payload.Len() >= 8
- why goflow not decode FORMAT_ETH record?
- sflow decode record ipv4 and ipv6 data will cause binary.Read: invalid type *sflow.SampledIP_Base
- Sampler Address HOT 3
- Openvswitch ovs-vsctl connection HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goflow.