2002-09-22 16:13:22 +00:00
/*
* * packet - netflow . c
2007-08-21 21:03:59 +00:00
* *
2007-09-05 06:59:24 +00:00
* * $ Id $
* *
2002-09-22 16:13:22 +00:00
* * ( c ) 2002 bill fumerola < fumerola @ yahoo - inc . com >
2006-09-12 19:11:45 +00:00
* * ( C ) 2005 - 06 Luca Deri < deri @ ntop . org >
* *
2002-09-22 16:13:22 +00:00
* * All rights reserved .
2007-08-21 21:03:59 +00:00
* *
2007-09-05 06:59:24 +00:00
* * Wireshark - Network traffic analyzer
* * By Gerald Combs < gerald @ wireshark . org >
* * Copyright 1998 Gerald Combs
* *
2002-09-22 16:13:22 +00:00
* * This program is free software ; you can redistribute it and / or
* * modify it under the terms of the GNU General Public License
* * as published by the Free Software Foundation ; either version 2
* * of the License , or ( at your option ) any later version .
2007-08-21 21:03:59 +00:00
* *
2002-09-22 16:13:22 +00:00
* * This program is distributed in the hope that it will be useful ,
* * but WITHOUT ANY WARRANTY ; without even the implied warranty of
* * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* * GNU General Public License for more details .
2007-08-21 21:03:59 +00:00
* *
2002-09-22 16:13:22 +00:00
* * You should have received a copy of the GNU General Public License
* * along with this program ; if not , write to the Free Software
* * Foundation , Inc . , 59 Temple Place - Suite 330 , Boston , MA 02111 - 1307 , USA .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
2003-02-12 08:36:48 +00:00
* * Previous NetFlow dissector written by Matthew Smart < smart @ monkey . org >
* * NetFlow v9 support added by same .
2002-09-22 16:13:22 +00:00
* *
2004-09-09 06:27:43 +00:00
* * NetFlow v9 patches by Luca Deri < deri @ ntop . org >
* *
Add in some additional Cisco URLs for NetFlow documentation.
According to the V9 documentation at the first of those URLs, the length
field in a data flowset includes the lengths of the flowset ID and
length fields, so subtract that before calling "dissect_v9_data()" - and
don't call "dissect_v9_data()" if the length isn't positive after that's
done.
Don't bother checking whether there's data in the tvbuff in the loop
that dissects V9 data flowsets - if there isn't, we *want* an exception
to be thrown, as that's a short or malformed frame. Do, however, make
sure we have at least as much data left in the flowset as the template
claims should be there - otherwise, we have padding, not a record.
Display that padding as such.
Make the length argument to "dissect_v9_data()" unsigned, so that we
don't get compiler warnings when comparing it with the unsigned "length"
field of a template.
If we don't find the template for a data flowset, just show the data as
such.
svn path=/trunk/; revision=7306
2003-03-07 00:43:30 +00:00
* * See
* *
* * http : //www.cisco.com/warp/public/cc/pd/iosw/prodlit/tflow_wp.htm
2010-06-28 12:42:40 +00:00
* * http : //www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html
Add in some additional Cisco URLs for NetFlow documentation.
According to the V9 documentation at the first of those URLs, the length
field in a data flowset includes the lengths of the flowset ID and
length fields, so subtract that before calling "dissect_v9_data()" - and
don't call "dissect_v9_data()" if the length isn't positive after that's
done.
Don't bother checking whether there's data in the tvbuff in the loop
that dissects V9 data flowsets - if there isn't, we *want* an exception
to be thrown, as that's a short or malformed frame. Do, however, make
sure we have at least as much data left in the flowset as the template
claims should be there - otherwise, we have padding, not a record.
Display that padding as such.
Make the length argument to "dissect_v9_data()" unsigned, so that we
don't get compiler warnings when comparing it with the unsigned "length"
field of a template.
If we don't find the template for a data flowset, just show the data as
such.
svn path=/trunk/; revision=7306
2003-03-07 00:43:30 +00:00
* *
2010-06-16 15:36:02 +00:00
* * Cisco ASA5500 Series
* * http : //www.cisco.com/en/US/docs/security/asa/asa83/netflow/netflow.html
* *
Add in some additional Cisco URLs for NetFlow documentation.
According to the V9 documentation at the first of those URLs, the length
field in a data flowset includes the lengths of the flowset ID and
length fields, so subtract that before calling "dissect_v9_data()" - and
don't call "dissect_v9_data()" if the length isn't positive after that's
done.
Don't bother checking whether there's data in the tvbuff in the loop
that dissects V9 data flowsets - if there isn't, we *want* an exception
to be thrown, as that's a short or malformed frame. Do, however, make
sure we have at least as much data left in the flowset as the template
claims should be there - otherwise, we have padding, not a record.
Display that padding as such.
Make the length argument to "dissect_v9_data()" unsigned, so that we
don't get compiler warnings when comparing it with the unsigned "length"
field of a template.
If we don't find the template for a data flowset, just show the data as
such.
svn path=/trunk/; revision=7306
2003-03-07 00:43:30 +00:00
* * for NetFlow v9 information .
2009-07-06 17:37:03 +00:00
* * ( http : //www.ietf.org/rfc/rfc3954.txt ?)
2008-08-02 13:53:49 +00:00
* * http : //www.ietf.org/rfc/rfc5101.txt
* * http : //www.ietf.org/rfc/rfc5102.txt
* * http : //www.ietf.org/rfc/rfc5103.txt
2010-06-16 15:36:02 +00:00
* * http : //www.iana.org/assignments/ipfix/ipfix.xml
2010-06-28 12:42:40 +00:00
* * http : //www.iana.org/assignments/psamp-parameters/psamp-parameters.xml
2006-09-12 19:11:45 +00:00
* * for IPFIX
* *
2002-09-22 16:13:22 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
* * this code was written from the following documentation :
* *
* * http : //www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/nfc/nfc_3_6/iug/format.pdf
* * http : //www.caida.org/tools/measurement/cflowd/configuration/configuration-9.html
* *
* * some documentation is more accurate then others . in some cases , live data and
* * information contained in responses from vendors were also used . some fields
* * are dissected as vendor specific fields .
* *
Add in some additional Cisco URLs for NetFlow documentation.
According to the V9 documentation at the first of those URLs, the length
field in a data flowset includes the lengths of the flowset ID and
length fields, so subtract that before calling "dissect_v9_data()" - and
don't call "dissect_v9_data()" if the length isn't positive after that's
done.
Don't bother checking whether there's data in the tvbuff in the loop
that dissects V9 data flowsets - if there isn't, we *want* an exception
to be thrown, as that's a short or malformed frame. Do, however, make
sure we have at least as much data left in the flowset as the template
claims should be there - otherwise, we have padding, not a record.
Display that padding as such.
Make the length argument to "dissect_v9_data()" unsigned, so that we
don't get compiler warnings when comparing it with the unsigned "length"
field of a template.
If we don't find the template for a data flowset, just show the data as
such.
svn path=/trunk/; revision=7306
2003-03-07 00:43:30 +00:00
* * See also
* *
2010-06-28 12:42:40 +00:00
* * http : //www.cisco.com/en/US/docs/ios/solutions_docs/netflow/nfwhite.html
2010-09-17 01:45:29 +00:00
* *
2010-08-11 11:54:25 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * NetFlow forwarding status and template fixes
* * by Aamer Akhter < aakhter @ cisco . com >
* * Copyright 2010 , cisco Systems , Inc .
Add in some additional Cisco URLs for NetFlow documentation.
According to the V9 documentation at the first of those URLs, the length
field in a data flowset includes the lengths of the flowset ID and
length fields, so subtract that before calling "dissect_v9_data()" - and
don't call "dissect_v9_data()" if the length isn't positive after that's
done.
Don't bother checking whether there's data in the tvbuff in the loop
that dissects V9 data flowsets - if there isn't, we *want* an exception
to be thrown, as that's a short or malformed frame. Do, however, make
sure we have at least as much data left in the flowset as the template
claims should be there - otherwise, we have padding, not a record.
Display that padding as such.
Make the length argument to "dissect_v9_data()" unsigned, so that we
don't get compiler warnings when comparing it with the unsigned "length"
field of a template.
If we don't find the template for a data flowset, just show the data as
such.
svn path=/trunk/; revision=7306
2003-03-07 00:43:30 +00:00
* *
2002-09-22 16:13:22 +00:00
* * $ Yahoo : //depot/fumerola/packet-netflow/packet-netflow.c#14 $
2010-09-17 01:45:29 +00:00
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
* *
2002-09-04 20:23:55 +00:00
*/
2010-09-17 01:45:29 +00:00
/*
* September 2010 : WMeier : Extensive v9 / v10 code cleanup , bug fixing and field display improvements .
*
* ToDo : [ 09 / 16 / 2010 : WMeier ]
*
* 1. ( See the various XXX comments )
* 2. Template processing :
* a . Use GHashTable instead of home - grown hash so no collisions ;
* b . Review use of lengths from template when dissecting fields in a data flow : not really OK ?
* The proto_tree_add_item ( ) calls in dissect_v9_v10_pdu_data ( ) use :
* - " lengths " as specified in the previously seen template for the flow ;
* - a hardwired Wireshark " field-type " ( FT_UINT8 , etc ) in the hf [ ] array entries .
* Since many / most netfow / ipfix field - types have a specified fixed size ( int32 , ether addr , etc ) ,
* and since the code in dissect_v9_v10_pdu_data ( ) " knows " these sizes , " DISSECTOR_BUG " errors
* will occur if the " known " length and the length as gotten from the template don ' t match .
* Consider : validate length fields when processing templates ?
* Don ' t cache template if errors in particular fields of template ( eg : v10 : pen = = 0 ) ?
* c . ( Verify that template with same ID is actually identical to that previously seen ? )
*
*
*/
2010-12-07 03:46:10 +00:00
/*
* November 2010 : acferen : Add ntop nProbe and Plixer Mailinizer extensions
*
* nProbe changes are for nprobe > = 5.5 .6 . Earlier nprobe versions
* " supported " some of the same fields , but they used element IDs that
* collide with standard IDs . Because of this versions prior to 5.5 .6
* using IDs above 80 ( nprobe extensions ) cannot be decoded correctly .
*
* nprobe supports extensions in v9 and IPFIX . IPFIX is done in the
* standard way . See the NTOP_BASE for handling v9 with no collisions
* ( maybe ) .
*
* Plixer changes are just new field definitions . ( IPFIX only )
*
* extended core code to allow naming vendor extensions .
*
* Put the length for variable length strings in a tree under the
* decoded string . Wonder if this might be overkill . Could probably
* just format the " (Variable length) " string to include the actual
* length .
*
* Did some minor cleanup .
*
* Note for WMeier . . . Added YYY comments with some XXX comments .
*/
2010-09-17 01:45:29 +00:00
2002-09-04 20:23:55 +00:00
# ifdef HAVE_CONFIG_H
# include "config.h"
# endif
# include <epan/packet.h>
2004-09-27 22:55:15 +00:00
# include <epan/prefs.h>
2008-08-02 13:53:49 +00:00
# include <epan/sminmpec.h>
2009-05-14 23:33:17 +00:00
# include <epan/dissectors/packet-tcp.h>
# include <epan/dissectors/packet-udp.h>
2011-02-09 03:24:12 +00:00
# include "packet-ntp.h"
2009-07-01 19:36:24 +00:00
# include <epan/expert.h>
2011-04-14 16:17:09 +00:00
# include <epan/strutil.h>
2003-03-04 03:37:12 +00:00
2010-10-20 00:36:53 +00:00
#if 0
# define ipfix_debug0(str) g_warning(str)
# define ipfix_debug1(str,p1) g_warning(str,p1)
# define ipfix_debug2(str,p1,p2) g_warning(str,p1,p2)
# define ipfix_debug3(str,p1,p2,p3) g_warning(str,p1,p2,p3)
# else
# define ipfix_debug0(str)
# define ipfix_debug1(str,p1)
# define ipfix_debug2(str,p1,p2)
# define ipfix_debug3(str,p1,p2,p3)
# endif
2007-10-05 21:25:35 +00:00
/* 4739 is IPFIX.
2055 and 9996 are common defaults for Netflow
*/
# define NETFLOW_UDP_PORTS "2055,9996"
# define IPFIX_UDP_PORTS "4739"
2008-08-02 13:53:49 +00:00
# define REVPEN 29305
2007-10-05 21:25:35 +00:00
static dissector_handle_t netflow_handle ;
2002-09-22 16:13:22 +00:00
2010-12-07 03:46:10 +00:00
/* If you want sort of safely to send enterprise specific element IDs
using v9 you need to stake a claim in the wilds with the high bit
set . Still no naming authority , but at least it will never collide
with valid IPFIX */
# define NTOP_BASE 57472u /* nprobe >= 5.5.6 */
2007-10-05 21:25:35 +00:00
/*
* global_netflow_ports : holds the configured range of ports for netflow
*/
static range_t * global_netflow_ports = NULL ;
/*
2007-10-11 16:40:12 +00:00
* global_ipfix_ports : holds the configured range of ports for IPFIX
2007-10-05 21:25:35 +00:00
*/
static range_t * global_ipfix_ports = NULL ;
2003-03-04 03:37:12 +00:00
2010-09-17 01:45:29 +00:00
/*
* Flowset ( template ) ID ' s
*/
# define FLOWSET_ID_V9_DATA_TEMPLATE 0
# define FLOWSET_ID_V9_OPTIONS_TEMPLATE 1
# define FLOWSET_ID_V10_DATA_TEMPLATE 2
# define FLOWSET_ID_V10_OPTIONS_TEMPLATE 3
# define FLOWSET_ID_RESERVED_MIN 4
# define FLOWSET_ID_RESERVED_MAX 255
# define FLOWSET_ID_DATA_MIN 256
# define FLOWSET_ID_DATA_MAX 65535
static const range_string rs_flowset_ids [ ] = {
{ FLOWSET_ID_V9_DATA_TEMPLATE , FLOWSET_ID_V9_DATA_TEMPLATE , " Data Template (V9) " } ,
{ FLOWSET_ID_V9_OPTIONS_TEMPLATE , FLOWSET_ID_V9_OPTIONS_TEMPLATE , " Options Template(V9) " } ,
{ FLOWSET_ID_V10_DATA_TEMPLATE , FLOWSET_ID_V10_DATA_TEMPLATE , " Data Template (V10 [IPFIX]) " } ,
{ FLOWSET_ID_V10_OPTIONS_TEMPLATE , FLOWSET_ID_V10_OPTIONS_TEMPLATE , " Options Template (V10 [IPFIX]) " } ,
{ FLOWSET_ID_RESERVED_MIN , FLOWSET_ID_RESERVED_MAX , " (Reserved) " } ,
{ FLOWSET_ID_DATA_MIN , FLOWSET_ID_DATA_MAX , " (Data) " } ,
{ 0 , 0 , NULL }
} ;
2002-09-22 16:13:22 +00:00
/*
2007-08-21 21:03:59 +00:00
* pdu identifiers & sizes
2002-09-22 16:13:22 +00:00
*/
2010-09-17 01:45:29 +00:00
# define V1PDU_SIZE (4 * 12)
# define V5PDU_SIZE (4 * 12)
# define V7PDU_SIZE (4 * 13)
# define V8PDU_AS_SIZE (4 * 7)
# define V8PDU_PROTO_SIZE (4 * 7)
# define V8PDU_SPREFIX_SIZE (4 * 8)
# define V8PDU_DPREFIX_SIZE (4 * 8)
# define V8PDU_MATRIX_SIZE (4 * 10)
# define V8PDU_DESTONLY_SIZE (4 * 8)
# define V8PDU_SRCDEST_SIZE (4 * 10)
# define V8PDU_FULL_SIZE (4 * 11)
# define V8PDU_TOSAS_SIZE (V8PDU_AS_SIZE + 4)
# define V8PDU_TOSPROTOPORT_SIZE (V8PDU_PROTO_SIZE + 4)
# define V8PDU_TOSSRCPREFIX_SIZE (V8PDU_SPREFIX_SIZE)
# define V8PDU_TOSDSTPREFIX_SIZE (V8PDU_DPREFIX_SIZE)
# define V8PDU_TOSMATRIX_SIZE (V8PDU_MATRIX_SIZE)
2002-09-22 16:13:22 +00:00
# define V8PDU_PREPORTPROTOCOL_SIZE (4 * 10)
2009-05-14 23:33:17 +00:00
# define VARIABLE_LENGTH 65535
2004-06-01 18:43:30 +00:00
static const value_string v5_sampling_mode [ ] = {
{ 0 , " No sampling mode configured " } ,
{ 1 , " Packet Interval sampling mode configured " } ,
2008-08-02 13:53:49 +00:00
{ 2 , " Random sampling mode configured " } ,
2004-06-01 18:43:30 +00:00
{ 0 , NULL }
} ;
2002-09-22 16:13:22 +00:00
enum {
V8PDU_NO_METHOD = 0 ,
V8PDU_AS_METHOD ,
V8PDU_PROTO_METHOD ,
V8PDU_SPREFIX_METHOD ,
V8PDU_DPREFIX_METHOD ,
V8PDU_MATRIX_METHOD ,
V8PDU_DESTONLY_METHOD ,
V8PDU_SRCDEST_METHOD ,
V8PDU_FULL_METHOD ,
V8PDU_TOSAS_METHOD ,
V8PDU_TOSPROTOPORT_METHOD ,
V8PDU_TOSSRCPREFIX_METHOD ,
V8PDU_TOSDSTPREFIX_METHOD ,
V8PDU_TOSMATRIX_METHOD ,
V8PDU_PREPORTPROTOCOL_METHOD
} ;
static const value_string v8_agg [ ] = {
2010-09-17 01:45:29 +00:00
{ V8PDU_AS_METHOD , " V8 AS aggregation " } ,
{ V8PDU_PROTO_METHOD , " V8 Proto/Port aggregation " } ,
{ V8PDU_SPREFIX_METHOD , " V8 Source Prefix aggregation " } ,
{ V8PDU_DPREFIX_METHOD , " V8 Destination Prefix aggregation " } ,
{ V8PDU_MATRIX_METHOD , " V8 Network Matrix aggregation " } ,
{ V8PDU_DESTONLY_METHOD , " V8 Destination aggregation (Cisco Catalyst) " } ,
{ V8PDU_SRCDEST_METHOD , " V8 Src/Dest aggregation (Cisco Catalyst) " } ,
{ V8PDU_FULL_METHOD , " V8 Full aggregation (Cisco Catalyst) " } ,
{ V8PDU_TOSAS_METHOD , " V8 TOS+AS aggregation " } ,
{ V8PDU_TOSPROTOPORT_METHOD , " V8 TOS+Protocol aggregation " } ,
{ V8PDU_TOSSRCPREFIX_METHOD , " V8 TOS+Source Prefix aggregation " } ,
{ V8PDU_TOSDSTPREFIX_METHOD , " V8 TOS+Destination Prefix aggregation " } ,
{ V8PDU_TOSMATRIX_METHOD , " V8 TOS+Prefix Matrix aggregation " } ,
{ V8PDU_PREPORTPROTOCOL_METHOD , " V8 Port+Protocol aggregation " } ,
2002-09-22 16:13:22 +00:00
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
static value_string_ext v8_agg_ext = VALUE_STRING_EXT_INIT ( v8_agg ) ;
2002-09-22 16:13:22 +00:00
2003-03-04 03:37:12 +00:00
/* Version 9 template cache structures */
2010-07-06 04:20:27 +00:00
/* This was 100, but this gives a horrible hash distribution. */
/* I've also increased this to reduce the chance of collisions until I
have a chance to add chaining ( or something ) to the template cache
hash */
2010-09-17 01:45:29 +00:00
# define V9_V10_TEMPLATE_CACHE_MAX_ENTRIES 521
2010-07-06 04:20:27 +00:00
2009-07-10 23:39:23 +00:00
/* Max number of entries/scopes per template */
2011-04-14 16:17:09 +00:00
/* Space is allocated dynamically so there isn't really a need to
bound this except to cap possible memory use . Unfortunately if
this value is too low we can ' t decode any template with more than
v9template_max_fields fields in it . The best compromise seems
to be to make v9template_max_fields a user preference .
A value of 0 will be unlimited .
*/
# define V9TEMPLATE_MAX_FIELDS_DEF 60
static guint v9template_max_fields = V9TEMPLATE_MAX_FIELDS_DEF ;
2003-03-04 03:37:12 +00:00
2010-09-17 01:45:29 +00:00
struct v9_v10_template_entry {
guint16 type ;
guint16 length ;
guint32 pen ;
const gchar * pen_str ;
2003-03-04 03:37:12 +00:00
} ;
2010-09-17 01:45:29 +00:00
typedef enum {
TF_SCOPES = 0 ,
TF_ENTRIES ,
2010-12-07 03:46:10 +00:00
/* START IPFIX VENDOR FIELDS */
TF_PLIXER ,
TF_NTOP ,
TF_NO_VENDOR_INFO
2010-09-17 01:45:29 +00:00
} v9_v10_template_fields_type_t ;
# define TF_NUM 2
2010-12-07 03:46:10 +00:00
# define TF_NUM_EXT 5 /* includes vendor fields */
2010-09-17 01:45:29 +00:00
struct v9_v10_template {
guint length ;
guint16 id ;
address source_addr ;
guint32 source_id ;
gboolean option_template ; /* FALSE=data template, TRUE=option template */ /* XXX: not used ?? */
guint16 field_count [ TF_NUM ] ; /* 0:scopes; 1:entries */
2010-12-07 03:46:10 +00:00
struct v9_v10_template_entry * fields [ TF_NUM_EXT ] ; /* 0:scopes; 1:entries; n:vendor_entries */
2003-03-04 03:37:12 +00:00
} ;
2010-09-17 01:45:29 +00:00
static struct v9_v10_template v9_v10_template_cache [ V9_V10_TEMPLATE_CACHE_MAX_ENTRIES ] ;
static const value_string v9_v10_template_types [ ] = {
{ 1 , " BYTES " } ,
{ 2 , " PKTS " } ,
{ 3 , " FLOWS " } ,
{ 4 , " PROTOCOL " } ,
{ 5 , " IP_TOS " } ,
{ 6 , " TCP_FLAGS " } ,
{ 7 , " L4_SRC_PORT " } ,
{ 8 , " IP_SRC_ADDR " } ,
{ 9 , " SRC_MASK " } ,
{ 10 , " INPUT_SNMP " } ,
{ 11 , " L4_DST_PORT " } ,
{ 12 , " IP_DST_ADDR " } ,
{ 13 , " DST_MASK " } ,
{ 14 , " OUTPUT_SNMP " } ,
{ 15 , " IP_NEXT_HOP " } ,
{ 16 , " SRC_AS " } ,
{ 17 , " DST_AS " } ,
{ 18 , " BGP_NEXT_HOP " } ,
{ 19 , " MUL_DPKTS " } ,
{ 20 , " MUL_DOCTETS " } ,
{ 21 , " LAST_SWITCHED " } ,
{ 22 , " FIRST_SWITCHED " } ,
{ 23 , " OUT_BYTES " } ,
{ 24 , " OUT_PKTS " } ,
{ 25 , " IP LENGTH MINIMUM " } ,
{ 26 , " IP LENGTH MAXIMUM " } ,
{ 27 , " IPV6_SRC_ADDR " } ,
{ 28 , " IPV6_DST_ADDR " } ,
{ 29 , " IPV6_SRC_MASK " } ,
{ 30 , " IPV6_DST_MASK " } ,
{ 31 , " FLOW_LABEL " } ,
{ 32 , " ICMP_TYPE " } ,
{ 33 , " IGMP_TYPE " } ,
{ 34 , " SAMPLING_INTERVAL " } ,
{ 35 , " SAMPLING_ALGORITHM " } ,
{ 36 , " FLOW_ACTIVE_TIMEOUT " } ,
{ 37 , " FLOW_INACTIVE_TIMEOUT " } ,
{ 38 , " ENGINE_TYPE " } ,
{ 39 , " ENGINE_ID " } ,
{ 40 , " TOTAL_BYTES_EXP " } ,
{ 41 , " TOTAL_PKTS_EXP " } ,
{ 42 , " TOTAL_FLOWS_EXP " } ,
{ 44 , " IP_SRC_PREFIX " } ,
{ 45 , " IP_DST_PREFIX " } ,
{ 46 , " MPLS_TOP_LABEL_TYPE " } ,
{ 47 , " MPLS_TOP_LABEL_ADDR " } ,
{ 48 , " FLOW_SAMPLER_ID " } ,
{ 49 , " FLOW_SAMPLER_MODE " } ,
{ 50 , " FLOW_SAMPLER_RANDOM_INTERVAL " } ,
{ 51 , " FLOW_CLASS " } ,
{ 52 , " IP TTL MINIMUM " } ,
{ 53 , " IP TTL MAXIMUM " } ,
{ 54 , " IPv4 ID " } ,
{ 55 , " DST_TOS " } ,
{ 56 , " SRC_MAC " } ,
{ 57 , " DST_MAC " } ,
{ 58 , " SRC_VLAN " } ,
{ 59 , " DST_VLAN " } ,
{ 60 , " IP_PROTOCOL_VERSION " } ,
{ 61 , " DIRECTION " } ,
{ 62 , " IPV6_NEXT_HOP " } ,
{ 63 , " BGP_IPV6_NEXT_HOP " } ,
{ 64 , " IPV6_OPTION_HEADERS " } ,
{ 70 , " MPLS_LABEL_1 " } ,
{ 71 , " MPLS_LABEL_2 " } ,
{ 72 , " MPLS_LABEL_3 " } ,
{ 73 , " MPLS_LABEL_4 " } ,
{ 74 , " MPLS_LABEL_5 " } ,
{ 75 , " MPLS_LABEL_6 " } ,
{ 76 , " MPLS_LABEL_7 " } ,
{ 77 , " MPLS_LABEL_8 " } ,
{ 78 , " MPLS_LABEL_9 " } ,
{ 79 , " MPLS_LABEL_10 " } ,
{ 80 , " DESTINATION_MAC " } ,
{ 81 , " SOURCE_MAC " } ,
{ 82 , " IF_NAME " } ,
{ 83 , " IF_DESC " } ,
{ 84 , " SAMPLER_NAME " } ,
{ 85 , " BYTES_TOTAL " } ,
{ 86 , " PACKETS_TOTAL " } ,
{ 88 , " FRAGMENT_OFFSET " } ,
{ 89 , " FORWARDING_STATUS " } ,
{ 90 , " VPN_ROUTE_DISTINGUISHER " } ,
{ 91 , " mplsTopLabelPrefixLength " } ,
{ 92 , " SRC_TRAFFIC_INDEX " } ,
{ 93 , " DST_TRAFFIC_INDEX " } ,
{ 94 , " APPLICATION_DESC " } ,
{ 95 , " APPLICATION_ID " } ,
{ 96 , " APPLICATION_NAME " } ,
{ 98 , " postIpDiffServCodePoint " } ,
{ 99 , " multicastReplicationFactor " } ,
2011-02-22 21:19:13 +00:00
{ 128 , " DST_AS_PEER " } ,
{ 129 , " SRC_AS_PEER " } ,
2008-08-02 13:53:49 +00:00
{ 130 , " exporterIPv4Address " } ,
{ 131 , " exporterIPv6Address " } ,
{ 132 , " DROPPED_BYTES " } ,
{ 133 , " DROPPED_PACKETS " } ,
{ 134 , " DROPPED_BYTES_TOTAL " } ,
{ 135 , " DROPPED_PACKETS_TOTAL " } ,
{ 136 , " flowEndReason " } ,
{ 137 , " commonPropertiesId " } ,
{ 138 , " observationPointId " } ,
{ 139 , " icmpTypeCodeIPv6 " } ,
2007-05-04 06:07:30 +00:00
{ 140 , " MPLS_TOP_LABEL_IPv6_ADDRESS " } ,
2008-08-02 13:53:49 +00:00
{ 141 , " lineCardId " } ,
{ 142 , " portId " } ,
{ 143 , " meteringProcessId " } ,
2007-05-04 06:07:30 +00:00
{ 144 , " FLOW_EXPORTER " } ,
2008-08-02 13:53:49 +00:00
{ 145 , " templateId " } ,
{ 146 , " wlanChannelId " } ,
{ 147 , " wlanSSID " } ,
{ 148 , " flowId " } ,
{ 149 , " observationDomainId " } ,
{ 150 , " flowStartSeconds " } ,
{ 151 , " flowEndSeconds " } ,
{ 152 , " flowStartMilliseconds " } ,
{ 153 , " flowEndMilliseconds " } ,
{ 154 , " flowStartMicroseconds " } ,
{ 155 , " flowEndMicroseconds " } ,
{ 156 , " flowStartNanoseconds " } ,
{ 157 , " flowEndNanoseconds " } ,
{ 158 , " flowStartDeltaMicroseconds " } ,
{ 159 , " flowEndDeltaMicroseconds " } ,
{ 160 , " systemInitTimeMilliseconds " } ,
{ 161 , " flowDurationMilliseconds " } ,
{ 162 , " flowDurationMicroseconds " } ,
{ 163 , " observedFlowTotalCount " } ,
{ 164 , " ignoredPacketTotalCount " } ,
{ 165 , " ignoredOctetTotalCount " } ,
{ 166 , " notSentFlowTotalCount " } ,
{ 167 , " notSentPacketTotalCount " } ,
{ 168 , " notSentOctetTotalCount " } ,
{ 169 , " destinationIPv6Prefix " } ,
{ 170 , " sourceIPv6Prefix " } ,
{ 171 , " postOctetTotalCount " } ,
{ 172 , " postPacketTotalCount " } ,
{ 173 , " flowKeyIndicator " } ,
{ 174 , " postMCastPacketTotalCount " } ,
{ 175 , " postMCastOctetTotalCount " } ,
2007-05-04 06:07:30 +00:00
{ 176 , " ICMP_IPv4_TYPE " } ,
{ 177 , " ICMP_IPv4_CODE " } ,
{ 178 , " ICMP_IPv6_TYPE " } ,
{ 179 , " ICMP_IPv6_CODE " } ,
{ 180 , " UDP_SRC_PORT " } ,
{ 181 , " UDP_DST_PORT " } ,
{ 182 , " TCP_SRC_PORT " } ,
{ 183 , " TCP_DST_PORT " } ,
{ 184 , " TCP_SEQ_NUM " } ,
2008-08-02 13:53:49 +00:00
{ 185 , " TCP_ACK_NUM " } ,
2007-05-04 06:07:30 +00:00
{ 186 , " TCP_WINDOW_SIZE " } ,
{ 187 , " TCP_URGENT_PTR " } ,
{ 188 , " TCP_HEADER_LEN " } ,
{ 189 , " IP_HEADER_LEN " } ,
{ 190 , " IP_TOTAL_LEN " } ,
2008-08-02 13:53:49 +00:00
{ 191 , " payloadLengthIPv6 " } ,
2007-05-04 06:07:30 +00:00
{ 192 , " IP_TTL " } ,
2008-08-02 13:53:49 +00:00
{ 193 , " nextHeaderIPv6 " } ,
2007-05-04 06:07:30 +00:00
{ 194 , " IP_TOS " } ,
{ 195 , " IP_DSCP " } ,
{ 196 , " IP_PRECEDENCE " } ,
2008-08-02 13:53:49 +00:00
{ 197 , " IP_FRAGMENT_FLAGS " } ,
2007-05-04 06:07:30 +00:00
{ 198 , " BYTES_SQUARED " } ,
{ 199 , " BYTES_SQUARED_PERMANENT " } ,
{ 200 , " MPLS_TOP_LABEL_TTL " } ,
{ 201 , " MPLS_LABEL_STACK_OCTETS " } ,
{ 202 , " MPLS_LABEL_STACK_DEPTH " } ,
{ 203 , " MPLS_TOP_LABEL_EXP " } ,
{ 204 , " IP_PAYLOAD_LENGTH " } ,
{ 205 , " UDP_LENGTH " } ,
{ 206 , " IS_MULTICAST " } ,
{ 207 , " IP_HEADER_WORDS " } ,
{ 208 , " IP_OPTION_MAP " } ,
2008-08-02 13:53:49 +00:00
{ 209 , " TCP_OPTION_MAP " } ,
{ 210 , " paddingOctets " } ,
{ 211 , " collectorIPv4Address " } ,
{ 212 , " collectorIPv6Address " } ,
{ 213 , " collectorInterface " } ,
{ 214 , " collectorProtocolVersion " } ,
{ 215 , " collectorTransportProtocol " } ,
{ 216 , " collectorTransportPort " } ,
{ 217 , " exporterTransportPort " } ,
{ 218 , " tcpSynTotalCount " } ,
{ 219 , " tcpFinTotalCount " } ,
{ 220 , " tcpRstTotalCount " } ,
{ 221 , " tcpPshTotalCount " } ,
{ 222 , " tcpAckTotalCount " } ,
{ 223 , " tcpUrgTotalCount " } ,
{ 224 , " ipTotalLength " } ,
2010-06-16 15:36:02 +00:00
{ 225 , " postNATSourceIPv4Address " } ,
{ 226 , " postNATDestinationIPv4Address " } ,
{ 227 , " postNAPTSourceTransportPort " } ,
{ 228 , " postNAPTDestinationTransportPort " } ,
{ 229 , " natOriginatingAddressRealm " } ,
{ 230 , " natEvent " } ,
{ 231 , " initiatorOctets " } ,
{ 232 , " responderOctets " } ,
{ 233 , " firewallEvent " } ,
{ 234 , " ingressVRFID " } ,
{ 235 , " egressVRFID " } ,
{ 236 , " VRFname " } ,
2008-08-02 13:53:49 +00:00
{ 237 , " postMplsTopLabelExp " } ,
{ 238 , " tcpWindowScale " } ,
2008-10-24 07:32:16 +00:00
{ 239 , " biflowDirection " } ,
2010-01-03 14:23:08 +00:00
{ 240 , " ethernetHeaderLength " } ,
{ 241 , " ethernetPayloadLength " } ,
{ 242 , " ethernetTotalLength " } ,
{ 243 , " dot1qVlanId " } ,
{ 244 , " dot1qPriority " } ,
{ 245 , " dot1qCustomerVlanId " } ,
{ 246 , " dot1qCustomerPriority " } ,
{ 247 , " metroEvcId " } ,
{ 248 , " metroEvcType " } ,
{ 249 , " pseudoWireId " } ,
{ 250 , " pseudoWireType " } ,
{ 251 , " pseudoWireControlWord " } ,
{ 252 , " ingressPhysicalInterface " } ,
{ 253 , " egressPhysicalInterface " } ,
{ 254 , " postDot1qVlanId " } ,
{ 255 , " postDot1qCustomerVlanId " } ,
{ 256 , " ethernetType " } ,
{ 257 , " postIpPrecedence " } ,
{ 258 , " collectionTimeMilliseconds " } ,
{ 259 , " exportSctpStreamId " } ,
{ 260 , " maxExportSeconds " } ,
{ 261 , " maxFlowEndSeconds " } ,
{ 262 , " messageMD5Checksum " } ,
{ 263 , " messageScope " } ,
{ 264 , " minExportSeconds " } ,
{ 265 , " minFlowStartSeconds " } ,
{ 266 , " opaqueOctets " } ,
{ 267 , " sessionScope " } ,
{ 268 , " maxFlowEndMicroseconds " } ,
{ 269 , " maxFlowEndMilliseconds " } ,
{ 270 , " maxFlowEndNanoseconds " } ,
{ 271 , " minFlowStartMicroseconds " } ,
{ 272 , " minFlowStartMilliseconds " } ,
{ 273 , " minFlowStartNanoseconds " } ,
{ 274 , " collectorCertificate " } ,
{ 275 , " exporterCertificate " } ,
{ 301 , " selectionSequenceId " } ,
{ 302 , " selectorId " } ,
{ 303 , " informationElementId " } ,
{ 304 , " selectorAlgorithm " } ,
{ 305 , " samplingPacketInterval " } ,
{ 306 , " samplingPacketSpace " } ,
{ 307 , " samplingTimeInterval " } ,
{ 308 , " samplingTimeSpace " } ,
{ 309 , " samplingSize " } ,
{ 310 , " samplingPopulation " } ,
{ 311 , " samplingProbability " } ,
2007-05-04 06:07:30 +00:00
{ 313 , " IP_SECTION HEADER " } ,
{ 314 , " IP_SECTION PAYLOAD " } ,
2010-01-03 14:23:08 +00:00
{ 316 , " mplsLabelStackSection " } ,
{ 317 , " mplsPayloadPacketSection " } ,
{ 318 , " selectorIdTotalPktsObserved " } ,
{ 319 , " selectorIdTotalPktsSelected " } ,
{ 320 , " absoluteError " } ,
{ 321 , " relativeError " } ,
{ 322 , " observationTimeSeconds " } ,
{ 323 , " observationTimeMilliseconds " } ,
{ 324 , " observationTimeMicroseconds " } ,
{ 325 , " observationTimeNanoseconds " } ,
{ 326 , " digestHashValue " } ,
{ 327 , " hashIPPayloadOffset " } ,
{ 328 , " hashIPPayloadSize " } ,
{ 329 , " hashOutputRangeMin " } ,
{ 330 , " hashOutputRangeMax " } ,
{ 331 , " hashSelectedRangeMin " } ,
{ 332 , " hashSelectedRangeMax " } ,
{ 333 , " hashDigestOutput " } ,
{ 334 , " hashInitialiserValue " } ,
{ 335 , " selectorName " } ,
{ 336 , " upperCILimit " } ,
{ 337 , " lowerCILimit " } ,
{ 338 , " confidenceLevel " } ,
{ 339 , " informationElementDataType " } ,
{ 340 , " informationElementDescription " } ,
{ 341 , " informationElementName " } ,
{ 342 , " informationElementRangeBegin " } ,
{ 343 , " informationElementRangeEnd " } ,
{ 344 , " informationElementSemantics " } ,
{ 345 , " informationElementUnits " } ,
{ 346 , " privateEnterpriseNumber " } ,
2010-06-16 15:36:02 +00:00
/* Cisco ASA5500 Series NetFlow */
{ 33000 , " INGRESS_ACL_ID " } ,
{ 33001 , " EGRESS_ACL_ID " } ,
2010-09-17 01:45:29 +00:00
{ 33002 , " FW_EXT_EVENT " } ,
2010-06-16 15:36:02 +00:00
{ 40000 , " AAA_USERNAME " } ,
2010-09-17 01:45:29 +00:00
{ 40001 , " XLATE_SRC_ADDR_IPV4 " } ,
2010-06-16 15:36:02 +00:00
{ 40002 , " XLATE_DST_ADDR_IPV4 " } ,
{ 40003 , " XLATE_SRC_PORT " } ,
{ 40004 , " XLATE_DST_PORT " } ,
{ 40005 , " FW_EVENT " } ,
2010-12-07 03:46:10 +00:00
/* v9 nTop extensions. */
{ 80 + NTOP_BASE , " FRAGMENTS " } ,
{ 82 + NTOP_BASE , " CLIENT_NW_DELAY_SEC " } ,
{ 83 + NTOP_BASE , " CLIENT_NW_DELAY_USEC " } ,
{ 84 + NTOP_BASE , " SERVER_NW_DELAY_SEC " } ,
{ 85 + NTOP_BASE , " SERVER_NW_DELAY_USEC " } ,
{ 86 + NTOP_BASE , " APPL_LATENCY_SEC " } ,
{ 87 + NTOP_BASE , " APPL_LATENCY_USEC " } ,
{ 98 + NTOP_BASE , " ICMP_FLAGS " } ,
{ 101 + NTOP_BASE , " SRC_IP_COUNTRY " } ,
{ 102 + NTOP_BASE , " SRC_IP_CITY " } ,
{ 103 + NTOP_BASE , " DST_IP_COUNTRY " } ,
{ 104 + NTOP_BASE , " DST_IP_CITY " } ,
{ 105 + NTOP_BASE , " FLOW_PROTO_PORT " } ,
{ 106 + NTOP_BASE , " TUNNEL_ID " } ,
{ 107 + NTOP_BASE , " LONGEST_FLOW_PKT " } ,
{ 108 + NTOP_BASE , " SHORTEST_FLOW_PKT " } ,
{ 109 + NTOP_BASE , " RETRANSMITTED_IN_PKTS " } ,
{ 110 + NTOP_BASE , " RETRANSMITTED_OUT_PKTS " } ,
{ 111 + NTOP_BASE , " OOORDER_IN_PKTS " } ,
{ 112 + NTOP_BASE , " OOORDER_OUT_PKTS " } ,
{ 113 + NTOP_BASE , " UNTUNNELED_PROTOCOL " } ,
{ 114 + NTOP_BASE , " UNTUNNELED_IPV4_SRC_ADDR " } ,
{ 115 + NTOP_BASE , " UNTUNNELED_L4_SRC_PORT " } ,
{ 116 + NTOP_BASE , " UNTUNNELED_IPV4_DST_ADDR " } ,
{ 117 + NTOP_BASE , " UNTUNNELED_L4_DST_PORT " } ,
{ 120 + NTOP_BASE , " DUMP_PATH " } ,
{ 130 + NTOP_BASE , " SIP_CALL_ID " } ,
{ 131 + NTOP_BASE , " SIP_CALLING_PARTY " } ,
{ 132 + NTOP_BASE , " SIP_CALLED_PARTY " } ,
{ 133 + NTOP_BASE , " SIP_RTP_CODECS " } ,
{ 134 + NTOP_BASE , " SIP_INVITE_TIME " } ,
{ 135 + NTOP_BASE , " SIP_TRYING_TIME " } ,
{ 136 + NTOP_BASE , " SIP_RINGING_TIME " } ,
{ 137 + NTOP_BASE , " SIP_OK_TIME " } ,
{ 138 + NTOP_BASE , " SIP_BYE_TIME " } ,
{ 139 + NTOP_BASE , " SIP_RTP_SRC_IP " } ,
{ 140 + NTOP_BASE , " SIP_RTP_SRC_PORT " } ,
{ 141 + NTOP_BASE , " SIP_RTP_DST_IP " } ,
{ 142 + NTOP_BASE , " SIP_RTP_DST_PORT " } ,
{ 150 + NTOP_BASE , " RTP_FIRST_SSRC " } ,
{ 151 + NTOP_BASE , " RTP_FIRST_TS " } ,
{ 152 + NTOP_BASE , " RTP_LAST_SSRC " } ,
{ 153 + NTOP_BASE , " RTP_LAST_TS " } ,
{ 154 + NTOP_BASE , " RTP_IN_JITTER " } ,
{ 155 + NTOP_BASE , " RTP_OUT_JITTER " } ,
{ 156 + NTOP_BASE , " RTP_IN_PKT_LOST " } ,
{ 157 + NTOP_BASE , " RTP_OUT_PKT_LOST " } ,
{ 158 + NTOP_BASE , " RTP_OUT_PAYLOAD_TYPE " } ,
{ 159 + NTOP_BASE , " RTP_IN_MAX_DELTA " } ,
{ 160 + NTOP_BASE , " RTP_OUT_MAX_DELTA " } ,
{ 165 + NTOP_BASE , " L7_PROTO " } ,
{ 180 + NTOP_BASE , " HTTP_URL " } ,
{ 181 + NTOP_BASE , " HTTP_RET_CODE " } ,
{ 182 + NTOP_BASE , " HTTP_REFERER " } ,
{ 183 + NTOP_BASE , " HTTP_UA " } ,
{ 184 + NTOP_BASE , " HTTP_MIME " } ,
{ 185 + NTOP_BASE , " SMTP_MAIL_FROM " } ,
{ 186 + NTOP_BASE , " SMTP_RCPT_TO " } ,
{ 195 + NTOP_BASE , " MYSQL_SERVER_VERSION " } ,
{ 196 + NTOP_BASE , " MYSQL_USERNAME " } ,
{ 197 + NTOP_BASE , " MYSQL_DB " } ,
{ 198 + NTOP_BASE , " MYSQL_QUERY " } ,
{ 199 + NTOP_BASE , " MYSQL_RESPONSE " } ,
2007-09-05 06:59:24 +00:00
{ 0 , NULL }
2004-09-09 06:27:43 +00:00
} ;
2010-12-07 03:46:10 +00:00
static const value_string v10_template_types_plixer [ ] = {
{ 100 , " client_ip_v4 " } ,
{ 101 , " client_hostname " } ,
{ 102 , " partner_name " } ,
{ 103 , " server_hostname " } ,
{ 104 , " server_ip_v4 " } ,
{ 105 , " recipient_address " } ,
{ 106 , " event_id " } ,
{ 107 , " msgid " } ,
{ 108 , " priority " } ,
{ 109 , " recipient_report_status " } ,
{ 110 , " number_recipients " } ,
{ 111 , " origination_time " } ,
{ 112 , " encryption " } ,
{ 113 , " service_version " } ,
{ 114 , " linked_msgid " } ,
{ 115 , " message_subject " } ,
{ 116 , " sender_address " } ,
{ 117 , " date_time " } ,
{ 118 , " client_ip_v6 " } ,
{ 119 , " server_ip_v6 " } ,
{ 120 , " source_context " } ,
{ 121 , " connector_id " } ,
{ 122 , " source_component " } ,
{ 124 , " related_recipient_address " } ,
{ 125 , " reference " } ,
{ 126 , " return_path " } ,
{ 127 , " message_info " } ,
{ 128 , " directionality " } ,
{ 129 , " tenant_id " } ,
{ 130 , " original_client_ip_v4 " } ,
{ 131 , " original_server_ip_v4 " } ,
{ 132 , " custom_data " } ,
{ 133 , " internal_message_id " } ,
{ 0 , NULL }
} ;
static const value_string v10_template_types_ntop [ ] = {
{ 80 , " FRAGMENTS " } ,
{ 82 , " CLIENT_NW_DELAY_SEC " } ,
{ 83 , " CLIENT_NW_DELAY_USEC " } ,
{ 84 , " SERVER_NW_DELAY_SEC " } ,
{ 85 , " SERVER_NW_DELAY_USEC " } ,
{ 86 , " APPL_LATENCY_SEC " } ,
{ 87 , " APPL_LATENCY_USEC " } ,
{ 98 , " ICMP_FLAGS " } ,
{ 101 , " SRC_IP_COUNTRY " } ,
{ 102 , " SRC_IP_CITY " } ,
{ 103 , " DST_IP_COUNTRY " } ,
{ 104 , " DST_IP_CITY " } ,
{ 105 , " FLOW_PROTO_PORT " } ,
{ 106 , " TUNNEL_ID " } ,
{ 107 , " LONGEST_FLOW_PKT " } ,
{ 108 , " SHORTEST_FLOW_PKT " } ,
{ 109 , " RETRANSMITTED_IN_PKTS " } ,
{ 110 , " RETRANSMITTED_OUT_PKTS " } ,
{ 111 , " OOORDER_IN_PKTS " } ,
{ 112 , " OOORDER_OUT_PKTS " } ,
{ 113 , " UNTUNNELED_PROTOCOL " } ,
{ 114 , " UNTUNNELED_IPV4_SRC_ADDR " } ,
{ 115 , " UNTUNNELED_L4_SRC_PORT " } ,
{ 116 , " UNTUNNELED_IPV4_DST_ADDR " } ,
{ 117 , " UNTUNNELED_L4_DST_PORT " } ,
{ 120 , " DUMP_PATH " } ,
{ 130 , " SIP_CALL_ID " } ,
{ 131 , " SIP_CALLING_PARTY " } ,
{ 132 , " SIP_CALLED_PARTY " } ,
{ 133 , " SIP_RTP_CODECS " } ,
{ 134 , " SIP_INVITE_TIME " } ,
{ 135 , " SIP_TRYING_TIME " } ,
{ 136 , " SIP_RINGING_TIME " } ,
{ 137 , " SIP_OK_TIME " } ,
{ 138 , " SIP_BYE_TIME " } ,
{ 139 , " SIP_RTP_SRC_IP " } ,
{ 140 , " SIP_RTP_SRC_PORT " } ,
{ 141 , " SIP_RTP_DST_IP " } ,
{ 142 , " SIP_RTP_DST_PORT " } ,
{ 150 , " RTP_FIRST_SSRC " } ,
{ 151 , " RTP_FIRST_TS " } ,
{ 152 , " RTP_LAST_SSRC " } ,
{ 153 , " RTP_LAST_TS " } ,
{ 154 , " RTP_IN_JITTER " } ,
{ 155 , " RTP_OUT_JITTER " } ,
{ 156 , " RTP_IN_PKT_LOST " } ,
{ 157 , " RTP_OUT_PKT_LOST " } ,
{ 158 , " RTP_OUT_PAYLOAD_TYPE " } ,
{ 159 , " RTP_IN_MAX_DELTA " } ,
{ 160 , " RTP_OUT_MAX_DELTA " } ,
{ 165 , " L7_PROTO " } ,
{ 180 , " HTTP_URL " } ,
{ 181 , " HTTP_RET_CODE " } ,
{ 182 , " HTTP_REFERER " } ,
{ 183 , " HTTP_UA " } ,
{ 184 , " HTTP_MIME " } ,
{ 185 , " SMTP_MAIL_FROM " } ,
{ 186 , " SMTP_RCPT_TO " } ,
{ 195 , " MYSQL_SERVER_VERSION " } ,
{ 196 , " MYSQL_USERNAME " } ,
{ 197 , " MYSQL_DB " } ,
{ 198 , " MYSQL_QUERY " } ,
{ 199 , " MYSQL_RESPONSE " } ,
{ 0 , NULL }
} ;
2010-10-29 17:48:39 +00:00
static value_string_ext v9_v10_template_types_ext = VALUE_STRING_EXT_INIT ( v9_v10_template_types ) ;
2010-12-07 03:46:10 +00:00
static value_string_ext v10_template_types_plixer_ext = VALUE_STRING_EXT_INIT ( v10_template_types_plixer ) ;
static value_string_ext v10_template_types_ntop_ext = VALUE_STRING_EXT_INIT ( v10_template_types_ntop ) ;
2010-08-11 11:54:25 +00:00
static const value_string v9_scope_field_types [ ] = {
{ 1 , " System " } ,
{ 2 , " Interface " } ,
{ 3 , " Line Card " } ,
{ 4 , " NetFlow Cache " } ,
{ 5 , " Template " } ,
{ 0 , NULL }
} ;
2010-10-29 17:48:39 +00:00
static value_string_ext v9_scope_field_types_ext = VALUE_STRING_EXT_INIT ( v9_scope_field_types ) ;
2010-08-11 11:54:25 +00:00
static const value_string v9_sampler_mode [ ] = {
2010-09-17 01:45:29 +00:00
{ 0 , " Deterministic " } ,
{ 1 , " Unknown " } , /* "Time-Based" ?? */
2010-08-11 11:54:25 +00:00
{ 2 , " Random " } ,
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
2010-08-11 11:54:25 +00:00
static const value_string v9_direction [ ] = {
{ 0 , " Ingress " } ,
{ 1 , " Egress " } ,
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
2011-05-13 21:47:09 +00:00
# define FORWARDING_STATUS_UNKNOWN 0
# define FORWARDING_STATUS_FORWARD 1
# define FORWARDING_STATUS_DROP 2
# define FORWARDING_STATUS_CONSUME 3
2010-08-11 11:54:25 +00:00
static const value_string v9_forwarding_status [ ] = {
2011-05-13 21:47:09 +00:00
{ FORWARDING_STATUS_UNKNOWN , " Unknown " } , /* Observed on IOS-XR 3.2 */
{ FORWARDING_STATUS_FORWARD , " Forward " } , /* Observed on 7200 12.4(9)T */
{ FORWARDING_STATUS_DROP , " Drop " } , /* Observed on 7200 12.4(9)T */
{ FORWARDING_STATUS_CONSUME , " Consume " } , /* Observed on 7200 12.4(9)T */
2010-08-11 11:54:25 +00:00
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
2011-05-13 21:47:09 +00:00
static const value_string v9_forwarding_status_unknown_code [ ] = {
{ 0 , NULL }
} ;
static const value_string v9_forwarding_status_forward_code [ ] = {
{ 0 , " Forwarded (Unknown) " } ,
{ 1 , " Forwarded Fragmented " } ,
{ 2 , " Forwarded not Fragmented " } ,
{ 0 , NULL }
} ;
static const value_string v9_forwarding_status_drop_code [ ] = {
{ 0 , " Dropped (Unknown) " } ,
{ 1 , " Drop ACL Deny " } ,
{ 2 , " Drop ACL drop " } ,
{ 3 , " Drop Unroutable " } ,
{ 4 , " Drop Adjacency " } ,
{ 5 , " Drop Fragmentation & DF set " } ,
{ 6 , " Drop Bad header checksum " } ,
{ 7 , " Drop Bad total Length " } ,
{ 8 , " Drop Bad Header Length " } ,
{ 9 , " Drop bad TTL " } ,
{ 10 , " Drop Policer " } ,
{ 11 , " Drop WRED " } ,
{ 12 , " Drop RPF " } ,
{ 13 , " Drop For us " } ,
{ 14 , " Drop Bad output interface " } ,
{ 15 , " Drop Hardware " } ,
{ 0 , NULL }
} ;
static const value_string v9_forwarding_status_consume_code [ ] = {
{ 0 , " Consumed (Unknown) " } ,
{ 1 , " Terminate Punt Adjacency " } ,
{ 2 , " Terminate Incomplete Adjacency " } ,
{ 3 , " Terminate For us " } ,
{ 0 , NULL }
2010-08-11 11:54:25 +00:00
} ;
2010-11-03 22:08:49 +00:00
2010-08-11 11:54:25 +00:00
static const value_string v9_firewall_event [ ] = {
{ 0 , " Default (ignore) " } ,
{ 1 , " Flow created " } ,
{ 2 , " Flow deleted " } ,
{ 3 , " Flow denied " } ,
2011-04-14 16:17:09 +00:00
{ 4 , " Flow alert " } ,
2010-08-11 11:54:25 +00:00
{ 0 , NULL }
} ;
static const value_string v9_extended_firewall_event [ ] = {
2010-09-17 01:45:29 +00:00
{ 0 , " ignore " } ,
2010-08-11 11:54:25 +00:00
{ 1001 , " Flow denied by an ingress ACL " } ,
{ 1002 , " Flow denied by an egress ACL " } ,
{ 1003 , " Flow denied by security appliance " } ,
2010-09-17 01:45:29 +00:00
{ 1004 , " Flow denied (TCP flow beginning with not TCP SYN) " } ,
2010-08-11 11:54:25 +00:00
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
2010-08-11 11:54:25 +00:00
static const value_string engine_type [ ] = {
{ 0 , " RP " } ,
{ 1 , " VIP/Linecard " } ,
{ 2 , " PFC/DFC " } ,
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
2010-08-11 11:54:25 +00:00
static const value_string v9_flow_end_reason [ ] = {
{ 0 , " Unknown " } ,
{ 1 , " Idle timeout " } ,
{ 2 , " Active timeout " } ,
{ 3 , " End of Flow detected " } ,
{ 4 , " Forced end " } ,
2010-09-17 01:45:29 +00:00
{ 5 , " Lack of resources " } ,
2010-08-11 11:54:25 +00:00
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
2010-08-11 11:54:25 +00:00
static const value_string v9_biflow_direction [ ] = {
{ 0 , " Arbitrary " } ,
{ 1 , " Initiator " } ,
{ 2 , " ReverseInitiator " } ,
{ 3 , " Perimeter " } ,
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
2010-08-11 11:54:25 +00:00
static const value_string selector_algorithm [ ] = {
{ 0 , " Reserved " } ,
{ 1 , " Systematic count-based Sampling " } ,
{ 2 , " Systematic time-based Sampling " } ,
{ 3 , " Random n-out-of-N Sampling " } ,
{ 4 , " Uniform probabilistic Sampling " } ,
{ 5 , " Property match Filtering " } ,
{ 6 , " Hash based Filtering using BOB " } ,
2010-12-07 03:46:10 +00:00
{ 7 , " Hash based Filtering using IPSX " } ,
2010-09-17 01:45:29 +00:00
{ 8 , " Hash based Filtering using CRC " } ,
2010-08-11 11:54:25 +00:00
{ 0 , NULL }
} ;
2010-11-03 22:08:49 +00:00
static value_string_ext selector_algorithm_ext = VALUE_STRING_EXT_INIT ( selector_algorithm ) ;
2010-08-11 11:54:25 +00:00
/*
* wireshark tree identifiers
*/
2010-09-17 01:45:29 +00:00
static int proto_netflow = - 1 ;
static int ett_netflow = - 1 ;
static int ett_unixtime = - 1 ;
static int ett_flow = - 1 ;
static int ett_flowtime = - 1 ;
2010-12-07 03:46:10 +00:00
static int ett_str_len = - 1 ;
2010-09-17 01:45:29 +00:00
static int ett_template = - 1 ;
static int ett_field = - 1 ;
static int ett_dataflowset = - 1 ;
static int ett_fwdstat = - 1 ;
2010-08-11 11:54:25 +00:00
/*
* cflow header
*/
2010-09-17 01:45:29 +00:00
static int hf_cflow_version = - 1 ;
static int hf_cflow_count = - 1 ;
static int hf_cflow_len = - 1 ;
static int hf_cflow_sysuptime = - 1 ;
static int hf_cflow_exporttime = - 1 ;
static int hf_cflow_unix_secs = - 1 ;
static int hf_cflow_unix_nsecs = - 1 ;
static int hf_cflow_timestamp = - 1 ;
static int hf_cflow_samplingmode = - 1 ;
static int hf_cflow_samplerate = - 1 ;
static int hf_cflow_unknown_field_type = - 1 ;
2010-08-11 11:54:25 +00:00
/*
* cflow version specific info
*/
2010-09-17 01:45:29 +00:00
static int hf_cflow_sequence = - 1 ;
static int hf_cflow_engine_type = - 1 ;
static int hf_cflow_engine_id = - 1 ;
static int hf_cflow_source_id = - 1 ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
static int hf_cflow_aggmethod = - 1 ;
static int hf_cflow_aggversion = - 1 ;
2010-08-11 11:54:25 +00:00
/* Version 9 */
2010-09-17 01:45:29 +00:00
static int hf_cflow_flowset_id = - 1 ;
static int hf_cflow_flowset_length = - 1 ;
static int hf_cflow_template_id = - 1 ;
static int hf_cflow_template_field_count = - 1 ;
static int hf_cflow_template_field_type = - 1 ;
static int hf_cflow_template_field_length = - 1 ;
static int hf_cflow_option_scope_length = - 1 ;
static int hf_cflow_option_length = - 1 ;
2010-08-11 11:54:25 +00:00
static int hf_cflow_template_scope_field_type = - 1 ;
2010-09-17 01:45:29 +00:00
static int hf_cflow_scope_system = - 1 ;
static int hf_cflow_scope_interface = - 1 ;
static int hf_cflow_scope_linecard = - 1 ;
static int hf_cflow_scope_cache = - 1 ;
static int hf_cflow_scope_template = - 1 ;
2010-08-11 11:54:25 +00:00
/* IPFIX */
2010-09-17 01:45:29 +00:00
static int hf_cflow_template_ipfix_total_field_count = - 1 ;
static int hf_cflow_template_ipfix_scope_field_count = - 1 ;
static int hf_cflow_template_ipfix_pen_provided = - 1 ;
static int hf_cflow_template_ipfix_field_type = - 1 ;
static int hf_cflow_template_ipfix_field_type_enterprise = - 1 ;
static int hf_cflow_template_ipfix_field_pen = - 1 ;
2010-08-11 11:54:25 +00:00
2010-12-07 03:46:10 +00:00
/* IPFIX / vendor */
static int hf_cflow_template_plixer_field_type = - 1 ;
static int hf_cflow_template_ntop_field_type = - 1 ;
2010-08-11 11:54:25 +00:00
/*
* pdu storage
*/
2010-09-17 01:45:29 +00:00
static int hf_cflow_srcaddr = - 1 ;
static int hf_cflow_srcaddr_v6 = - 1 ;
static int hf_cflow_srcnet = - 1 ;
static int hf_cflow_dstaddr = - 1 ;
static int hf_cflow_dstaddr_v6 = - 1 ;
static int hf_cflow_dstnet = - 1 ;
static int hf_cflow_nexthop = - 1 ;
static int hf_cflow_nexthop_v6 = - 1 ;
static int hf_cflow_bgpnexthop = - 1 ;
static int hf_cflow_bgpnexthop_v6 = - 1 ;
static int hf_cflow_inputint = - 1 ;
static int hf_cflow_outputint = - 1 ;
static int hf_cflow_flows = - 1 ;
static int hf_cflow_flows64 = - 1 ;
static int hf_cflow_packets = - 1 ;
static int hf_cflow_packets64 = - 1 ;
static int hf_cflow_octets = - 1 ;
static int hf_cflow_octets64 = - 1 ;
static int hf_cflow_length_min = - 1 ;
static int hf_cflow_length_max = - 1 ;
static int hf_cflow_timedelta = - 1 ;
static int hf_cflow_sys_init_time = - 1 ;
static int hf_cflow_timestart = - 1 ;
static int hf_cflow_timeend = - 1 ;
static int hf_cflow_srcport = - 1 ;
static int hf_cflow_dstport = - 1 ;
static int hf_cflow_prot = - 1 ;
static int hf_cflow_tos = - 1 ;
static int hf_cflow_flags = - 1 ;
static int hf_cflow_tcpflags = - 1 ;
static int hf_cflow_dstas = - 1 ;
static int hf_cflow_srcas = - 1 ;
static int hf_cflow_dstmask = - 1 ;
static int hf_cflow_dstmask_v6 = - 1 ;
static int hf_cflow_srcmask = - 1 ;
static int hf_cflow_srcmask_v6 = - 1 ;
static int hf_cflow_routersc = - 1 ;
static int hf_cflow_mulpackets = - 1 ;
static int hf_cflow_muloctets = - 1 ;
static int hf_cflow_octets_exp = - 1 ;
static int hf_cflow_octets_exp64 = - 1 ;
static int hf_cflow_packets_exp = - 1 ;
static int hf_cflow_packets_exp64 = - 1 ;
static int hf_cflow_flows_exp = - 1 ;
static int hf_cflow_flows_exp64 = - 1 ;
static int hf_cflow_srcprefix = - 1 ;
static int hf_cflow_dstprefix = - 1 ;
static int hf_cflow_flow_class = - 1 ;
static int hf_cflow_ttl_minimum = - 1 ;
static int hf_cflow_ttl_maximum = - 1 ;
static int hf_cflow_ipv4_id = - 1 ;
static int hf_cflow_ip_version = - 1 ;
static int hf_cflow_icmp_type = - 1 ;
static int hf_cflow_igmp_type = - 1 ;
static int hf_cflow_sampling_interval = - 1 ;
static int hf_cflow_sampling_algorithm = - 1 ;
static int hf_cflow_flow_active_timeout = - 1 ;
static int hf_cflow_flow_inactive_timeout = - 1 ;
static int hf_cflow_mpls_top_label_type = - 1 ;
static int hf_cflow_mpls_pe_addr = - 1 ;
static int hf_cflow_sampler_id = - 1 ;
static int hf_cflow_sampler_mode = - 1 ;
2010-08-11 11:54:25 +00:00
static int hf_cflow_sampler_random_interval = - 1 ;
2010-09-17 01:45:29 +00:00
static int hf_cflow_direction = - 1 ;
static int hf_cflow_if_name = - 1 ;
static int hf_cflow_if_descr = - 1 ;
static int hf_cflow_sampler_name = - 1 ;
static int hf_cflow_forwarding_status = - 1 ;
2011-05-13 21:47:09 +00:00
static int hf_cflow_forwarding_status_unknown_code = - 1 ;
static int hf_cflow_forwarding_status_forward_code = - 1 ;
static int hf_cflow_forwarding_status_consume_code = - 1 ;
static int hf_cflow_forwarding_status_drop_code = - 1 ;
2010-09-17 01:45:29 +00:00
static int hf_cflow_nbar_appl_desc = - 1 ;
static int hf_cflow_nbar_appl_id = - 1 ;
static int hf_cflow_nbar_appl_name = - 1 ;
static int hf_cflow_peer_srcas = - 1 ;
static int hf_cflow_peer_dstas = - 1 ;
static int hf_cflow_flow_exporter = - 1 ;
static int hf_cflow_icmp_ipv4_type = - 1 ;
static int hf_cflow_icmp_ipv4_code = - 1 ;
static int hf_cflow_icmp_ipv6_type = - 1 ;
static int hf_cflow_icmp_ipv6_code = - 1 ;
static int hf_cflow_tcp_window_size = - 1 ;
static int hf_cflow_ipv4_total_length = - 1 ;
static int hf_cflow_ip_ttl = - 1 ;
static int hf_cflow_ip_tos = - 1 ;
static int hf_cflow_ip_dscp = - 1 ;
static int hf_cflow_octets_squared64 = - 1 ;
static int hf_cflow_udp_length = - 1 ;
static int hf_cflow_is_multicast = - 1 ;
static int hf_cflow_ip_header_words = - 1 ;
static int hf_cflow_option_map = - 1 ;
static int hf_cflow_section_header = - 1 ;
static int hf_cflow_section_payload = - 1 ;
2010-08-11 11:54:25 +00:00
/* IPFIX (version 10) Information Elements */
static int hf_cflow_post_octets = - 1 ;
static int hf_cflow_post_octets64 = - 1 ;
static int hf_cflow_post_packets = - 1 ;
static int hf_cflow_post_packets64 = - 1 ;
static int hf_cflow_ipv6_flowlabel = - 1 ;
static int hf_cflow_ipv6_flowlabel24 = - 1 ;
static int hf_cflow_post_tos = - 1 ;
static int hf_cflow_srcmac = - 1 ;
static int hf_cflow_post_dstmac = - 1 ;
static int hf_cflow_vlanid = - 1 ;
static int hf_cflow_post_vlanid = - 1 ;
static int hf_cflow_ipv6_exthdr = - 1 ;
static int hf_cflow_dstmac = - 1 ;
static int hf_cflow_post_srcmac = - 1 ;
2011-04-16 12:03:50 +00:00
static int hf_cflow_permanent_packets = - 1 ;
static int hf_cflow_permanent_packets64 = - 1 ;
static int hf_cflow_permanent_octets = - 1 ;
static int hf_cflow_permanent_octets64 = - 1 ;
2010-08-11 11:54:25 +00:00
static int hf_cflow_fragment_offset = - 1 ;
static int hf_cflow_mpls_vpn_rd = - 1 ;
static int hf_cflow_mpls_top_label_prefix_length = - 1 ; /* ID: 91 */
static int hf_cflow_post_ip_diff_serv_code_point = - 1 ; /* ID: 98 */
static int hf_cflow_multicast_replication_factor = - 1 ; /* ID: 99 */
static int hf_cflow_exporter_addr = - 1 ;
static int hf_cflow_exporter_addr_v6 = - 1 ;
static int hf_cflow_drop_octets = - 1 ;
static int hf_cflow_drop_octets64 = - 1 ;
static int hf_cflow_drop_packets = - 1 ;
static int hf_cflow_drop_packets64 = - 1 ;
static int hf_cflow_drop_total_octets = - 1 ;
static int hf_cflow_drop_total_octets64 = - 1 ;
static int hf_cflow_drop_total_packets = - 1 ;
static int hf_cflow_drop_total_packets64 = - 1 ;
static int hf_cflow_flow_end_reason = - 1 ;
static int hf_cflow_common_properties_id = - 1 ;
static int hf_cflow_observation_point_id = - 1 ;
static int hf_cflow_mpls_pe_addr_v6 = - 1 ;
static int hf_cflow_port_id = - 1 ;
static int hf_cflow_mp_id = - 1 ;
static int hf_cflow_wlan_channel_id = - 1 ;
static int hf_cflow_wlan_ssid = - 1 ;
static int hf_cflow_flow_id = - 1 ;
static int hf_cflow_od_id = - 1 ;
static int hf_cflow_abstimestart = - 1 ;
static int hf_cflow_abstimeend = - 1 ;
static int hf_cflow_dstnet_v6 = - 1 ;
static int hf_cflow_srcnet_v6 = - 1 ;
static int hf_cflow_ignore_packets = - 1 ;
static int hf_cflow_ignore_packets64 = - 1 ;
static int hf_cflow_ignore_octets = - 1 ;
static int hf_cflow_ignore_octets64 = - 1 ;
static int hf_cflow_notsent_flows = - 1 ;
static int hf_cflow_notsent_flows64 = - 1 ;
static int hf_cflow_notsent_packets = - 1 ;
static int hf_cflow_notsent_packets64 = - 1 ;
static int hf_cflow_notsent_octets = - 1 ;
static int hf_cflow_notsent_octets64 = - 1 ;
static int hf_cflow_post_total_octets = - 1 ;
static int hf_cflow_post_total_octets64 = - 1 ;
static int hf_cflow_post_total_packets = - 1 ;
static int hf_cflow_post_total_packets64 = - 1 ;
static int hf_cflow_key = - 1 ;
static int hf_cflow_post_total_mulpackets = - 1 ;
static int hf_cflow_post_total_mulpackets64 = - 1 ;
static int hf_cflow_post_total_muloctets = - 1 ;
static int hf_cflow_post_total_muloctets64 = - 1 ;
static int hf_cflow_tcp_seq_num = - 1 ;
static int hf_cflow_tcp_ack_num = - 1 ;
static int hf_cflow_tcp_urg_ptr = - 1 ;
static int hf_cflow_tcp_header_length = - 1 ;
static int hf_cflow_ip_header_length = - 1 ;
static int hf_cflow_ipv6_payload_length = - 1 ;
static int hf_cflow_ipv6_next_hdr = - 1 ;
static int hf_cflow_ip_precedence = - 1 ;
static int hf_cflow_ip_fragment_flags = - 1 ;
static int hf_cflow_mpls_top_label_ttl = - 1 ;
static int hf_cflow_mpls_label_length = - 1 ;
static int hf_cflow_mpls_label_depth = - 1 ;
static int hf_cflow_mpls_top_label_exp = - 1 ;
static int hf_cflow_ip_payload_length = - 1 ;
static int hf_cflow_tcp_option_map = - 1 ;
static int hf_cflow_collector_addr = - 1 ;
static int hf_cflow_collector_addr_v6 = - 1 ;
static int hf_cflow_export_interface = - 1 ;
static int hf_cflow_export_protocol_version = - 1 ;
static int hf_cflow_export_prot = - 1 ;
static int hf_cflow_collector_port = - 1 ;
static int hf_cflow_exporter_port = - 1 ;
static int hf_cflow_total_tcp_syn = - 1 ;
static int hf_cflow_total_tcp_fin = - 1 ;
static int hf_cflow_total_tcp_rst = - 1 ;
static int hf_cflow_total_tcp_psh = - 1 ;
static int hf_cflow_total_tcp_ack = - 1 ;
static int hf_cflow_total_tcp_urg = - 1 ;
2010-09-17 01:45:29 +00:00
static int hf_cflow_ip_total_length = - 1 ;
static int hf_cflow_post_natsource_ipv4_address = - 1 ; /* ID: 225 */
static int hf_cflow_post_natdestination_ipv4_address = - 1 ; /* ID: 226 */
static int hf_cflow_post_naptsource_transport_port = - 1 ; /* ID: 227 */
static int hf_cflow_post_naptdestination_transport_port = - 1 ; /* ID: 228 */
static int hf_cflow_nat_originating_address_realm = - 1 ; /* ID: 229 */
static int hf_cflow_nat_event = - 1 ; /* ID: 230 */
static int hf_cflow_initiator_octets = - 1 ; /* ID: 231 */
static int hf_cflow_responder_octets = - 1 ; /* ID: 232 */
static int hf_cflow_firewall_event = - 1 ; /* ID: 233 */
static int hf_cflow_ingress_vrfid = - 1 ; /* ID: 234 */
static int hf_cflow_egress_vrfid = - 1 ; /* ID: 235 */
static int hf_cflow_vrfname = - 1 ; /* ID: 236 */
static int hf_cflow_post_mpls_top_label_exp = - 1 ; /* ID: 237 */
static int hf_cflow_tcp_window_scale = - 1 ; /* ID: 238 */
static int hf_cflow_biflow_direction = - 1 ;
static int hf_cflow_ethernet_header_length = - 1 ; /* ID: 240 */
static int hf_cflow_ethernet_payload_length = - 1 ; /* ID: 241 */
static int hf_cflow_ethernet_total_length = - 1 ; /* ID: 242 */
static int hf_cflow_dot1q_vlan_id = - 1 ; /* ID: 243 */
static int hf_cflow_dot1q_priority = - 1 ; /* ID: 244 */
static int hf_cflow_dot1q_customer_vlan_id = - 1 ; /* ID: 245 */
static int hf_cflow_dot1q_customer_priority = - 1 ; /* ID: 246 */
static int hf_cflow_metro_evc_id = - 1 ; /* ID: 247 */
static int hf_cflow_metro_evc_type = - 1 ; /* ID: 248 */
static int hf_cflow_pseudo_wire_id = - 1 ; /* ID: 249 */
static int hf_cflow_pseudo_wire_type = - 1 ; /* ID: 250 */
static int hf_cflow_pseudo_wire_control_word = - 1 ; /* ID: 251 */
static int hf_cflow_ingress_physical_interface = - 1 ; /* ID: 252 */
static int hf_cflow_egress_physical_interface = - 1 ; /* ID: 253 */
static int hf_cflow_post_dot1q_vlan_id = - 1 ; /* ID: 254 */
static int hf_cflow_post_dot1q_customer_vlan_id = - 1 ; /* ID: 255 */
static int hf_cflow_ethernet_type = - 1 ; /* ID: 256 */
static int hf_cflow_post_ip_precedence = - 1 ; /* ID: 257 */
static int hf_cflow_collection_time_milliseconds = - 1 ; /* ID: 258 */
static int hf_cflow_export_sctp_stream_id = - 1 ; /* ID: 259 */
static int hf_cflow_max_export_seconds = - 1 ; /* ID: 260 */
static int hf_cflow_max_flow_end_seconds = - 1 ; /* ID: 261 */
static int hf_cflow_message_md5_checksum = - 1 ; /* ID: 262 */
static int hf_cflow_message_scope = - 1 ; /* ID: 263 */
static int hf_cflow_min_export_seconds = - 1 ; /* ID: 264 */
static int hf_cflow_min_flow_start_seconds = - 1 ; /* ID: 265 */
static int hf_cflow_opaque_octets = - 1 ; /* ID: 266 */
static int hf_cflow_session_scope = - 1 ; /* ID: 267 */
static int hf_cflow_max_flow_end_microseconds = - 1 ; /* ID: 268 */
static int hf_cflow_max_flow_end_milliseconds = - 1 ; /* ID: 269 */
static int hf_cflow_max_flow_end_nanoseconds = - 1 ; /* ID: 270 */
static int hf_cflow_min_flow_start_microseconds = - 1 ; /* ID: 271 */
static int hf_cflow_min_flow_start_milliseconds = - 1 ; /* ID: 272 */
static int hf_cflow_min_flow_start_nanoseconds = - 1 ; /* ID: 273 */
static int hf_cflow_collector_certificate = - 1 ; /* ID: 274 */
static int hf_cflow_exporter_certificate = - 1 ; /* ID: 275 */
static int hf_cflow_selection_sequence_id = - 1 ; /* ID: 301 */
static int hf_cflow_selector_id = - 1 ; /* ID: 302 */
static int hf_cflow_information_element_id = - 1 ; /* ID: 303 */
static int hf_cflow_selector_algorithm = - 1 ; /* ID: 304 */
static int hf_cflow_sampling_packet_interval = - 1 ; /* ID: 305 */
static int hf_cflow_sampling_packet_space = - 1 ; /* ID: 306 */
static int hf_cflow_sampling_time_interval = - 1 ; /* ID: 307 */
static int hf_cflow_sampling_time_space = - 1 ; /* ID: 308 */
static int hf_cflow_sampling_size = - 1 ; /* ID: 309 */
static int hf_cflow_sampling_population = - 1 ; /* ID: 310 */
static int hf_cflow_sampling_probability = - 1 ; /* ID: 311 */
static int hf_cflow_mpls_label_stack_section = - 1 ; /* ID: 316 */
static int hf_cflow_mpls_payload_packet_section = - 1 ; /* ID: 317 */
static int hf_cflow_selector_id_total_pkts_observed = - 1 ; /* ID: 318 */
static int hf_cflow_selector_id_total_pkts_selected = - 1 ; /* ID: 319 */
static int hf_cflow_absolute_error = - 1 ; /* ID: 320 */
static int hf_cflow_relative_error = - 1 ; /* ID: 321 */
static int hf_cflow_observation_time_seconds = - 1 ; /* ID: 322 */
static int hf_cflow_observation_time_milliseconds = - 1 ; /* ID: 323 */
static int hf_cflow_observation_time_microseconds = - 1 ; /* ID: 324 */
static int hf_cflow_observation_time_nanoseconds = - 1 ; /* ID: 325 */
static int hf_cflow_digest_hash_value = - 1 ; /* ID: 326 */
static int hf_cflow_hash_ippayload_offset = - 1 ; /* ID: 327 */
static int hf_cflow_hash_ippayload_size = - 1 ; /* ID: 328 */
static int hf_cflow_hash_output_range_min = - 1 ; /* ID: 329 */
static int hf_cflow_hash_output_range_max = - 1 ; /* ID: 330 */
static int hf_cflow_hash_selected_range_min = - 1 ; /* ID: 331 */
static int hf_cflow_hash_selected_range_max = - 1 ; /* ID: 332 */
static int hf_cflow_hash_digest_output = - 1 ; /* ID: 333 */
static int hf_cflow_hash_initialiser_value = - 1 ; /* ID: 334 */
static int hf_cflow_selector_name = - 1 ; /* ID: 335 */
static int hf_cflow_upper_cilimit = - 1 ; /* ID: 336 */
static int hf_cflow_lower_cilimit = - 1 ; /* ID: 337 */
static int hf_cflow_confidence_level = - 1 ; /* ID: 338 */
static int hf_cflow_information_element_data_type = - 1 ; /* ID: 339 */
static int hf_cflow_information_element_description = - 1 ; /* ID: 340 */
static int hf_cflow_information_element_name = - 1 ; /* ID: 341 */
static int hf_cflow_information_element_range_begin = - 1 ; /* ID: 342 */
static int hf_cflow_information_element_range_end = - 1 ; /* ID: 343 */
static int hf_cflow_information_element_semantics = - 1 ; /* ID: 344 */
static int hf_cflow_information_element_units = - 1 ; /* ID: 345 */
static int hf_cflow_private_enterprise_number = - 1 ; /* ID: 346 */
2010-08-11 11:54:25 +00:00
/* Cisco ASA 5500 Series */
static int hf_cflow_ingress_acl_id = - 1 ; /* NF_F_INGRESS_ACL_ID (33000) */
static int hf_cflow_egress_acl_id = - 1 ; /* NF_F_EGRESS_ACL_ID (33001) */
static int hf_cflow_fw_ext_event = - 1 ; /* NF_F_FW_EXT_EVENT (33002) */
static int hf_cflow_aaa_username = - 1 ; /* NF_F_USERNAME[_MAX] (40000) */
2010-09-17 01:45:29 +00:00
static int hf_ipfix_enterprise_private_entry = - 1 ;
2010-08-11 11:54:25 +00:00
/* pie = private information element */
static int hf_pie_cace_local_ipv4_address = - 1 ;
static int hf_pie_cace_remote_ipv4_address = - 1 ;
static int hf_pie_cace_local_ipv6_address = - 1 ;
static int hf_pie_cace_remote_ipv6_address = - 1 ;
static int hf_pie_cace_local_port = - 1 ;
static int hf_pie_cace_remote_port = - 1 ;
static int hf_pie_cace_local_ipv4_id = - 1 ;
static int hf_pie_cace_local_icmp_id = - 1 ;
static int hf_pie_cace_local_uid = - 1 ;
static int hf_pie_cace_local_pid = - 1 ;
static int hf_pie_cace_local_username_len = - 1 ;
static int hf_pie_cace_local_username = - 1 ;
static int hf_pie_cace_local_cmd_len = - 1 ;
static int hf_pie_cace_local_cmd = - 1 ;
2010-12-07 03:46:10 +00:00
static int hf_pie_ntop_fragmented = - 1 ;
static int hf_pie_ntop_fingerprint = - 1 ;
static int hf_pie_ntop_client_nw_delay_sec = - 1 ;
static int hf_pie_ntop_client_nw_delay_usec = - 1 ;
static int hf_pie_ntop_server_nw_delay_sec = - 1 ;
static int hf_pie_ntop_server_nw_delay_usec = - 1 ;
static int hf_pie_ntop_appl_latency_sec = - 1 ;
static int hf_pie_ntop_icmp_flags = - 1 ;
static int hf_pie_ntop_src_ip_country = - 1 ;
static int hf_pie_ntop_src_ip_city = - 1 ;
static int hf_pie_ntop_dst_ip_country = - 1 ;
static int hf_pie_ntop_dst_ip_city = - 1 ;
static int hf_pie_ntop_flow_proto_port = - 1 ;
static int hf_pie_ntop_longest_flow_pkt = - 1 ;
static int hf_pie_ntop_ooorder_in_pkts = - 1 ;
static int hf_pie_ntop_ooorder_out_pkts = - 1 ;
static int hf_pie_ntop_retransmitted_in_pkts = - 1 ;
static int hf_pie_ntop_retransmitted_out_pkts = - 1 ;
static int hf_pie_ntop_shortest_flow_pkt = - 1 ;
static int hf_pie_ntop_tunnel_id = - 1 ;
static int hf_pie_ntop_untunneled_ipv4_dst_addr = - 1 ;
static int hf_pie_ntop_untunneled_ipv4_src_addr = - 1 ;
static int hf_pie_ntop_untunneled_l4_dst_port = - 1 ;
static int hf_pie_ntop_untunneled_l4_src_port = - 1 ;
static int hf_pie_ntop_untunneled_protocol = - 1 ;
static int hf_pie_ntop_dump_path = - 1 ;
static int hf_pie_ntop_sip_call_id = - 1 ;
static int hf_pie_ntop_sip_calling_party = - 1 ;
static int hf_pie_ntop_sip_called_party = - 1 ;
static int hf_pie_ntop_sip_rtp_codecs = - 1 ;
static int hf_pie_ntop_sip_invite_time = - 1 ;
static int hf_pie_ntop_sip_trying_time = - 1 ;
static int hf_pie_ntop_sip_ringing_time = - 1 ;
static int hf_pie_ntop_sip_ok_time = - 1 ;
static int hf_pie_ntop_sip_bye_time = - 1 ;
static int hf_pie_ntop_sip_rtp_src_ip = - 1 ;
static int hf_pie_ntop_sip_rtp_src_port = - 1 ;
static int hf_pie_ntop_sip_rtp_dst_ip = - 1 ;
static int hf_pie_ntop_sip_rtp_dst_port = - 1 ;
static int hf_pie_ntop_rtp_first_ssrc = - 1 ;
static int hf_pie_ntop_rtp_first_ts = - 1 ;
static int hf_pie_ntop_rtp_last_ssrc = - 1 ;
static int hf_pie_ntop_rtp_last_ts = - 1 ;
static int hf_pie_ntop_rtp_in_jitter = - 1 ;
static int hf_pie_ntop_rtp_out_jitter = - 1 ;
static int hf_pie_ntop_rtp_in_pkt_lost = - 1 ;
static int hf_pie_ntop_rtp_out_pkt_lost = - 1 ;
static int hf_pie_ntop_rtp_out_payload_type = - 1 ;
static int hf_pie_ntop_rtp_in_max_delta = - 1 ;
static int hf_pie_ntop_rtp_out_max_delta = - 1 ;
static int hf_pie_ntop_proc_id = - 1 ;
static int hf_pie_ntop_proc_name = - 1 ;
static int hf_pie_ntop_http_url = - 1 ;
static int hf_pie_ntop_http_ret_code = - 1 ;
static int hf_pie_ntop_smtp_mail_from = - 1 ;
static int hf_pie_ntop_smtp_rcpt_to = - 1 ;
static int hf_pie_ntop_mysql_server_version = - 1 ;
static int hf_pie_ntop_mysql_username = - 1 ;
static int hf_pie_ntop_mysql_db = - 1 ;
static int hf_pie_ntop_mysql_query = - 1 ;
static int hf_pie_ntop_mysql_response = - 1 ;
static int hf_pie_plixer_client_ip_v4 = - 1 ;
static int hf_pie_plixer_client_hostname = - 1 ; /* string */
static int hf_pie_plixer_partner_name = - 1 ; /* string */
static int hf_pie_plixer_server_hostname = - 1 ; /* string */
static int hf_pie_plixer_server_ip_v4 = - 1 ;
static int hf_pie_plixer_recipient_address = - 1 ; /* string */
static int hf_pie_plixer_event_id = - 1 ;
static int hf_pie_plixer_msgid = - 1 ; /* string */
static int hf_pie_plixer_priority = - 1 ;
static int hf_pie_plixer_recipient_report_status = - 1 ;
static int hf_pie_plixer_number_recipients = - 1 ;
static int hf_pie_plixer_origination_time = - 1 ;
static int hf_pie_plixer_encryption = - 1 ; /* string */
static int hf_pie_plixer_service_version = - 1 ; /* string */
static int hf_pie_plixer_linked_msgid = - 1 ; /* string */
static int hf_pie_plixer_message_subject = - 1 ; /* string */
static int hf_pie_plixer_sender_address = - 1 ; /* string */
static int hf_pie_plixer_date_time = - 1 ;
static int hf_string_len_short = - 1 ;
static int hf_string_len_long = - 1 ;
2010-09-17 01:45:29 +00:00
static const value_string special_mpls_top_label_type [ ] = {
2010-08-11 11:54:25 +00:00
{ 0 , " Unknown " } ,
{ 1 , " TE-MIDPT " } ,
{ 2 , " ATOM " } ,
{ 3 , " VPN " } ,
{ 4 , " BGP " } ,
{ 5 , " LDP " } ,
{ 0 , NULL }
} ;
static proto_item *
2010-09-17 01:45:29 +00:00
proto_tree_add_mpls_label ( proto_tree * pdutree , tvbuff_t * tvb , int offset , int length , int level )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
proto_item * ti ;
2010-08-11 11:54:25 +00:00
if ( length = = 3 ) {
guint8 b0 = tvb_get_guint8 ( tvb , offset ) ;
guint8 b1 = tvb_get_guint8 ( tvb , offset + 1 ) ;
guint8 b2 = tvb_get_guint8 ( tvb , offset + 2 ) ;
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" MPLS-Label%d: %u exp-bits: %u %s " , level ,
( ( b0 < < 12 ) + ( b1 < < 4 ) + ( b2 > > 4 ) ) ,
( ( b2 > > 1 ) & 0x7 ) ,
( ( b2 & 0x1 ) ? " top-of-stack " : " " ) ) ;
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" MPLS-Label%d: bad length %d " , level , length ) ;
}
return ti ;
}
2010-12-03 23:04:45 +00:00
static void
nbar_fmt_id ( gchar * result , guint32 nbar_id )
{
guint32 nbar_id_type = ( nbar_id > > 24 ) & 0xFF ;
nbar_id & = 0xFFFFFF ;
g_snprintf ( result , ITEM_LABEL_LENGTH ,
" NBAR Application ID: %d:%d (type:id) " , nbar_id_type , nbar_id ) ;
}
2010-08-11 11:54:25 +00:00
void proto_reg_handoff_netflow ( void ) ;
typedef struct _hdrinfo_t {
2010-09-17 01:45:29 +00:00
guint8 vspec ;
guint32 src_id ; /* SourceID in NetFlow V9, Observation Domain ID in IPFIX */
2010-08-11 11:54:25 +00:00
address net_src ;
2010-09-17 01:45:29 +00:00
time_t export_time_secs ; /* secs since epoch */
2010-08-11 11:54:25 +00:00
} hdrinfo_t ;
2010-09-17 01:45:29 +00:00
typedef int dissect_pdu_t ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , int offset ,
hdrinfo_t * hdrinfo ) ;
static int dissect_pdu ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree , int offset ,
hdrinfo_t * hdrinfo ) ;
static int dissect_v8_aggpdu ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , hdrinfo_t * hdrinfo ) ;
static int dissect_v8_flowpdu ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , hdrinfo_t * hdrinfo ) ;
static int dissect_v9_v10_flowset ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , hdrinfo_t * hdrinfo ) ;
static int dissect_v9_v10_data ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , guint16 id , guint length , hdrinfo_t * hdrinfo ) ;
static guint dissect_v9_v10_pdu ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , struct v9_v10_template * tplt , hdrinfo_t * hdrinfo ) ;
static guint dissect_v9_pdu_scope ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , struct v9_v10_template * tplt ) ;
static guint dissect_v9_v10_pdu_data ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , struct v9_v10_template * tplt , hdrinfo_t * hdrinfo ,
v9_v10_template_fields_type_t fields_type ) ;
static int dissect_v9_v10_options_template ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , int len , hdrinfo_t * hdrinfo , guint16 flowset_id ) ;
static int dissect_v9_v10_data_template ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree ,
int offset , int len , hdrinfo_t * hdrinfo , guint16 flowset_id ) ;
static int v9_v10_template_hash ( guint16 id , const address * net_src ,
2010-08-11 11:54:25 +00:00
guint32 src_id ) ;
2010-09-17 01:45:29 +00:00
static struct v9_v10_template * v9_v10_template_get ( guint16 id , address * net_src ,
2010-08-11 11:54:25 +00:00
guint32 src_id ) ;
2010-09-17 01:45:29 +00:00
static const gchar * getprefix ( const guint32 * address , int prefix ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
static int flow_process_ints ( proto_tree * pdutree , tvbuff_t * tvb ,
2010-08-11 11:54:25 +00:00
int offset ) ;
2010-09-17 01:45:29 +00:00
static int flow_process_ports ( proto_tree * pdutree , tvbuff_t * tvb ,
2010-08-11 11:54:25 +00:00
int offset ) ;
2010-09-17 01:45:29 +00:00
static int flow_process_timeperiod ( proto_tree * pdutree , tvbuff_t * tvb ,
2010-08-11 11:54:25 +00:00
int offset ) ;
2010-09-17 01:45:29 +00:00
static int flow_process_aspair ( proto_tree * pdutree , tvbuff_t * tvb ,
2010-08-11 11:54:25 +00:00
int offset ) ;
2010-09-17 01:45:29 +00:00
static int flow_process_sizecount ( proto_tree * pdutree , tvbuff_t * tvb ,
2010-08-11 11:54:25 +00:00
int offset ) ;
2010-09-17 01:45:29 +00:00
static int flow_process_textfield ( proto_tree * pdutree , tvbuff_t * tvb ,
2010-08-11 11:54:25 +00:00
int offset , int bytes ,
const char * text ) ;
2010-12-07 03:46:10 +00:00
static int pen_to_type_hf_list ( guint32 pen ) {
switch ( pen ) {
case VENDOR_PLIXER :
return TF_PLIXER ;
case VENDOR_NTOP :
return TF_NTOP ;
default :
return TF_NO_VENDOR_INFO ;
}
}
2010-08-11 11:54:25 +00:00
static int
2010-09-17 01:45:29 +00:00
dissect_netflow ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * tree )
2010-08-11 11:54:25 +00:00
{
proto_tree * netflow_tree = NULL ;
proto_tree * ti ;
proto_item * timeitem , * pduitem ;
proto_tree * timetree , * pdutree ;
2010-09-17 01:45:29 +00:00
unsigned int pduret , ver , pdus , x ;
2010-08-11 11:54:25 +00:00
hdrinfo_t hdrinfo ;
gint flow_len = - 1 ;
guint available , pdusize , offset = 0 ;
nstime_t ts ;
dissect_pdu_t * pduptr ;
2010-10-20 00:36:53 +00:00
ipfix_debug0 ( " dissect_netflow: start " ) ;
2010-08-11 11:54:25 +00:00
ver = tvb_get_ntohs ( tvb , offset ) ;
2010-11-03 22:08:49 +00:00
2010-10-20 00:36:53 +00:00
ipfix_debug1 ( " dissect_netflow: found version %d " , ver ) ;
2010-08-11 11:54:25 +00:00
switch ( ver ) {
case 1 :
pdusize = V1PDU_SIZE ;
pduptr = & dissect_pdu ;
break ;
case 5 :
pdusize = V5PDU_SIZE ;
pduptr = & dissect_pdu ;
break ;
case 7 :
pdusize = V7PDU_SIZE ;
pduptr = & dissect_pdu ;
break ;
case 8 :
pdusize = - 1 ; /* deferred */
pduptr = & dissect_v8_aggpdu ;
break ;
case 9 :
case 10 : /* IPFIX */
pdusize = - 1 ; /* deferred */
2010-09-17 01:45:29 +00:00
pduptr = & dissect_v9_v10_flowset ;
2010-08-11 11:54:25 +00:00
break ;
default :
/* This does not appear to be a valid netflow packet;
* return 0 to let another dissector have a chance at
* dissecting it .
*/
return 0 ;
}
col_set_str ( pinfo - > cinfo , COL_PROTOCOL , " CFLOW " ) ;
col_clear ( pinfo - > cinfo , COL_INFO ) ;
2010-10-20 00:36:53 +00:00
ipfix_debug0 ( " dissect_netflow: column cleared " ) ;
2010-08-11 11:54:25 +00:00
if ( tree ) {
ti = proto_tree_add_item ( tree , proto_netflow , tvb ,
2010-09-17 01:45:29 +00:00
offset , - 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
netflow_tree = proto_item_add_subtree ( ti , ett_netflow ) ;
}
2010-10-20 00:36:53 +00:00
ipfix_debug0 ( " dissect_netflow: tree added " ) ;
2010-08-11 11:54:25 +00:00
hdrinfo . vspec = ver ;
hdrinfo . src_id = 0 ;
SET_ADDRESS ( & hdrinfo . net_src , pinfo - > net_src . type , pinfo - > net_src . len ,
pinfo - > net_src . data ) ;
if ( tree )
proto_tree_add_uint ( netflow_tree , hf_cflow_version , tvb ,
offset , 2 , ver ) ;
offset + = 2 ;
pdus = tvb_get_ntohs ( tvb , offset ) ;
if ( tree ) {
if ( ver = = 10 ) {
proto_tree_add_uint ( netflow_tree , hf_cflow_len , tvb ,
offset , 2 , pdus ) ;
flow_len = pdus ;
} else {
proto_tree_add_uint ( netflow_tree , hf_cflow_count , tvb ,
offset , 2 , pdus ) ;
flow_len = - 1 ;
}
}
offset + = 2 ;
/*
* set something interesting in the display now that we have info
*/
if ( check_col ( pinfo - > cinfo , COL_INFO ) ) {
if ( ver = = 9 ) {
col_add_fstr ( pinfo - > cinfo , COL_INFO ,
" total: %u (v%u) record%s " , pdus , ver ,
plurality ( pdus , " " , " s " ) ) ;
} else if ( ver = = 10 ) {
2010-09-17 01:45:29 +00:00
gint remaining = tvb_reported_length_remaining ( tvb , offset ) + 4 ;
2010-08-11 11:54:25 +00:00
if ( remaining = = flow_len )
col_add_fstr ( pinfo - > cinfo , COL_INFO , " IPFIX flow (%d bytes) " , flow_len ) ;
else
col_add_fstr ( pinfo - > cinfo , COL_INFO ,
" IPFIX partial flow (%u/%u bytes) " ,
remaining , flow_len ) ;
} else {
col_add_fstr ( pinfo - > cinfo , COL_INFO ,
2010-09-17 01:45:29 +00:00
" total: %u (v%u) flow%s " , pdus , ver ,
plurality ( pdus , " " , " s " ) ) ;
2010-08-11 11:54:25 +00:00
}
}
/*
2010-09-17 01:45:29 +00:00
* The rest is only interesting if we ' re displaying / searching the
* packet or if V9 / V10 so we need to keep going to find any templates
2010-08-11 11:54:25 +00:00
*/
2010-09-17 01:45:29 +00:00
if ( ( ver ! = 9 ) & & ( ver ! = 10 ) & & ! tree )
2010-08-11 11:54:25 +00:00
return tvb_length ( tvb ) ;
if ( ver ! = 10 ) {
proto_tree_add_item ( netflow_tree , hf_cflow_sysuptime , tvb ,
2010-09-17 01:45:29 +00:00
offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
}
2010-09-17 01:45:29 +00:00
2010-08-11 11:54:25 +00:00
ts . secs = tvb_get_ntohl ( tvb , offset ) ;
2010-09-17 01:45:29 +00:00
hdrinfo . export_time_secs = ts . secs ;
2010-08-11 11:54:25 +00:00
if ( ( ver ! = 9 ) & & ( ver ! = 10 ) ) {
ts . nsecs = tvb_get_ntohl ( tvb , offset + 4 ) ;
timeitem = proto_tree_add_time ( netflow_tree ,
hf_cflow_timestamp , tvb , offset ,
8 , & ts ) ;
} else {
ts . nsecs = 0 ;
timeitem = proto_tree_add_time ( netflow_tree ,
hf_cflow_timestamp , tvb , offset ,
4 , & ts ) ;
}
timetree = proto_item_add_subtree ( timeitem , ett_unixtime ) ;
proto_tree_add_item ( timetree ,
( ver = = 10 ) ? hf_cflow_exporttime : hf_cflow_unix_secs ,
2010-09-17 01:45:29 +00:00
tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
if ( ( ver ! = 9 ) & & ( ver ! = 10 ) ) {
proto_tree_add_item ( timetree , hf_cflow_unix_nsecs , tvb ,
2010-09-17 01:45:29 +00:00
offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
}
/*
* version specific header
*/
if ( ver = = 5 | | ver = = 7 | | ver = = 8 | | ver = = 9 | | ver = = 10 ) {
proto_tree_add_item ( netflow_tree , hf_cflow_sequence ,
2010-09-17 01:45:29 +00:00
tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
}
if ( ver = = 5 | | ver = = 8 ) {
proto_tree_add_item ( netflow_tree , hf_cflow_engine_type ,
2010-09-17 01:45:29 +00:00
tvb , offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
proto_tree_add_item ( netflow_tree , hf_cflow_engine_id ,
2010-09-17 01:45:29 +00:00
tvb , offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else if ( ( ver = = 9 ) | | ( ver = = 10 ) ) {
proto_tree_add_item ( netflow_tree ,
( ver = = 9 ) ? hf_cflow_source_id : hf_cflow_od_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
hdrinfo . src_id = tvb_get_ntohl ( tvb , offset ) ;
offset + = 4 ;
}
if ( ver = = 8 ) {
hdrinfo . vspec = tvb_get_guint8 ( tvb , offset ) ;
switch ( hdrinfo . vspec ) {
case V8PDU_AS_METHOD :
pdusize = V8PDU_AS_SIZE ;
break ;
case V8PDU_PROTO_METHOD :
pdusize = V8PDU_PROTO_SIZE ;
break ;
case V8PDU_SPREFIX_METHOD :
pdusize = V8PDU_SPREFIX_SIZE ;
break ;
case V8PDU_DPREFIX_METHOD :
pdusize = V8PDU_DPREFIX_SIZE ;
break ;
case V8PDU_MATRIX_METHOD :
pdusize = V8PDU_MATRIX_SIZE ;
break ;
case V8PDU_DESTONLY_METHOD :
pdusize = V8PDU_DESTONLY_SIZE ;
pduptr = & dissect_v8_flowpdu ;
break ;
case V8PDU_SRCDEST_METHOD :
pdusize = V8PDU_SRCDEST_SIZE ;
pduptr = & dissect_v8_flowpdu ;
break ;
case V8PDU_FULL_METHOD :
pdusize = V8PDU_FULL_SIZE ;
pduptr = & dissect_v8_flowpdu ;
break ;
case V8PDU_TOSAS_METHOD :
pdusize = V8PDU_TOSAS_SIZE ;
break ;
case V8PDU_TOSPROTOPORT_METHOD :
pdusize = V8PDU_TOSPROTOPORT_SIZE ;
break ;
case V8PDU_TOSSRCPREFIX_METHOD :
pdusize = V8PDU_TOSSRCPREFIX_SIZE ;
break ;
case V8PDU_TOSDSTPREFIX_METHOD :
pdusize = V8PDU_TOSDSTPREFIX_SIZE ;
break ;
case V8PDU_TOSMATRIX_METHOD :
pdusize = V8PDU_TOSMATRIX_SIZE ;
break ;
case V8PDU_PREPORTPROTOCOL_METHOD :
pdusize = V8PDU_PREPORTPROTOCOL_SIZE ;
break ;
default :
pdusize = - 1 ;
hdrinfo . vspec = 0 ;
break ;
}
proto_tree_add_uint ( netflow_tree , hf_cflow_aggmethod ,
tvb , offset + + , 1 , hdrinfo . vspec ) ;
proto_tree_add_item ( netflow_tree , hf_cflow_aggversion ,
2010-09-17 01:45:29 +00:00
tvb , offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
}
if ( ver = = 7 | | ver = = 8 )
offset = flow_process_textfield ( netflow_tree , tvb , offset , 4 ,
" reserved " ) ;
else if ( ver = = 5 ) {
proto_tree_add_item ( netflow_tree , hf_cflow_samplingmode ,
2010-09-17 01:45:29 +00:00
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
proto_tree_add_item ( netflow_tree , hf_cflow_samplerate ,
2010-09-17 01:45:29 +00:00
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
}
2010-09-17 01:45:29 +00:00
if ( pdus = = 0 ) { /* no payload to decode - in theory */
2010-12-07 03:46:10 +00:00
/* This is absurd, but does happen in practice. */
2010-08-11 11:54:25 +00:00
proto_tree_add_text ( netflow_tree , tvb , offset , tvb_length_remaining ( tvb , offset ) ,
2010-12-07 03:46:10 +00:00
" FlowSets impossible - PDU Count is %d " , pdus ) ;
2010-08-11 11:54:25 +00:00
return tvb_length ( tvb ) ;
}
/*
* everything below here should be payload
*/
2010-09-17 01:45:29 +00:00
available = tvb_reported_length_remaining ( tvb , offset ) ;
for ( x = 1 ; ( ( ver ! = 10 ) & & ( x < pdus + 1 ) ) | | ( ( ver = = 10 ) & & ( ( available - pdusize ) > 0 ) ) ; x + + ) {
/*
2010-08-11 11:54:25 +00:00
* make sure we have a pdu ' s worth of data
*/
2010-09-17 01:45:29 +00:00
available = tvb_reported_length_remaining ( tvb , offset ) ;
2010-08-11 11:54:25 +00:00
if ( ( ( ver = = 9 ) | | ( ver = = 10 ) ) & & available > = 4 ) {
2010-09-17 01:45:29 +00:00
/* pdusize can be different for each v9/v10 flowset */
2010-08-11 11:54:25 +00:00
pdusize = tvb_get_ntohs ( tvb , offset + 2 ) ;
}
if ( available < pdusize )
break ;
if ( ( ver = = 9 ) | | ( ver = = 10 ) ) {
pduitem = proto_tree_add_text ( netflow_tree , tvb ,
offset , pdusize ,
( ver = = 9 ) ? " FlowSet %u " : " Set %u " , x ) ;
} else {
pduitem = proto_tree_add_text ( netflow_tree , tvb ,
2010-09-17 01:45:29 +00:00
offset , pdusize , " pdu %u/%u " , x , pdus ) ;
2010-08-11 11:54:25 +00:00
}
pdutree = proto_item_add_subtree ( pduitem , ett_flow ) ;
pduret = pduptr ( tvb , pinfo , pdutree , offset , & hdrinfo ) ;
if ( pduret < pdusize ) pduret = pdusize ; /* padding */
/*
* if we came up short , stop processing
*/
2010-09-17 01:45:29 +00:00
if ( ( pduret = = pdusize ) & & ( pduret ! = 0 ) )
2010-08-11 11:54:25 +00:00
offset + = pduret ;
else
break ;
}
return tvb_length ( tvb ) ;
}
/*
* flow_process_ * = = common groups of fields , probably could be inline
*/
static int
2010-09-17 01:45:29 +00:00
flow_process_ints ( proto_tree * pdutree , tvbuff_t * tvb , int offset )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_inputint , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
proto_tree_add_item ( pdutree , hf_cflow_outputint , tvb , offset , 2 ,
2010-09-17 01:45:29 +00:00
ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
return offset ;
}
static int
2010-09-17 01:45:29 +00:00
flow_process_ports ( proto_tree * pdutree , tvbuff_t * tvb , int offset )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_srcport , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_dstport , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
return offset ;
}
static int
2010-09-17 01:45:29 +00:00
flow_process_timeperiod ( proto_tree * pdutree , tvbuff_t * tvb , int offset )
2010-08-11 11:54:25 +00:00
{
nstime_t ts_start , ts_end ;
int offset_s , offset_e ;
nstime_t ts_delta ;
guint32 msec_start , msec_end ;
guint32 msec_delta ;
2010-09-17 01:45:29 +00:00
proto_tree * timetree ;
proto_item * timeitem ;
2010-08-11 11:54:25 +00:00
msec_start = tvb_get_ntohl ( tvb , offset ) ;
ts_start . secs = msec_start / 1000 ;
ts_start . nsecs = ( msec_start % 1000 ) * 1000000 ;
offset_s = offset ;
offset + = 4 ;
msec_end = tvb_get_ntohl ( tvb , offset ) ;
ts_end . secs = msec_end / 1000 ;
ts_end . nsecs = ( msec_end % 1000 ) * 1000000 ;
offset_e = offset ;
offset + = 4 ;
msec_delta = msec_end - msec_start ;
ts_delta . secs = msec_delta / 1000 ;
ts_delta . nsecs = ( msec_delta % 1000 ) * 1000000 ;
timeitem = proto_tree_add_time ( pdutree , hf_cflow_timedelta , tvb ,
offset_s , 8 , & ts_delta ) ;
PROTO_ITEM_SET_GENERATED ( timeitem ) ;
timetree = proto_item_add_subtree ( timeitem , ett_flowtime ) ;
proto_tree_add_time ( timetree , hf_cflow_timestart , tvb , offset_s , 4 ,
& ts_start ) ;
proto_tree_add_time ( timetree , hf_cflow_timeend , tvb , offset_e , 4 ,
& ts_end ) ;
return offset ;
}
static int
2010-09-17 01:45:29 +00:00
flow_process_aspair ( proto_tree * pdutree , tvbuff_t * tvb , int offset )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_srcas , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_dstas , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
return offset ;
}
static int
2010-09-17 01:45:29 +00:00
flow_process_sizecount ( proto_tree * pdutree , tvbuff_t * tvb , int offset )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_packets , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_octets , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
return offset ;
}
static int
2010-09-17 01:45:29 +00:00
flow_process_textfield ( proto_tree * pdutree , tvbuff_t * tvb , int offset ,
2010-08-11 11:54:25 +00:00
int bytes , const char * text )
{
proto_tree_add_text ( pdutree , tvb , offset , bytes , " %s " , text ) ;
offset + = bytes ;
return offset ;
}
static int
2010-09-17 01:45:29 +00:00
dissect_v8_flowpdu ( tvbuff_t * tvb _U_ , packet_info * pinfo _U_ , proto_tree * pdutree , int offset ,
hdrinfo_t * hdrinfo )
2010-08-11 11:54:25 +00:00
{
int startoffset = offset ;
guint8 verspec ;
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_dstaddr , tvb , offset , 4 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
verspec = hdrinfo - > vspec ;
if ( verspec ! = V8PDU_DESTONLY_METHOD ) {
proto_tree_add_item ( pdutree , hf_cflow_srcaddr , tvb , offset , 4 ,
2010-09-17 01:45:29 +00:00
ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
}
if ( verspec = = V8PDU_FULL_METHOD ) {
proto_tree_add_item ( pdutree , hf_cflow_dstport , tvb , offset , 2 ,
2010-09-17 01:45:29 +00:00
ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
proto_tree_add_item ( pdutree , hf_cflow_srcport , tvb , offset , 2 ,
2010-09-17 01:45:29 +00:00
ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
}
offset = flow_process_sizecount ( pdutree , tvb , offset ) ;
offset = flow_process_timeperiod ( pdutree , tvb , offset ) ;
proto_tree_add_item ( pdutree , hf_cflow_outputint , tvb , offset , 2 ,
2010-09-17 01:45:29 +00:00
ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
if ( verspec ! = V8PDU_DESTONLY_METHOD ) {
proto_tree_add_item ( pdutree , hf_cflow_inputint , tvb , offset , 2 ,
2010-09-17 01:45:29 +00:00
ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
}
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_tos , tvb , offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
if ( verspec = = V8PDU_FULL_METHOD )
proto_tree_add_item ( pdutree , hf_cflow_prot , tvb , offset + + , 1 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset = flow_process_textfield ( pdutree , tvb , offset , 1 , " marked tos " ) ;
if ( verspec = = V8PDU_SRCDEST_METHOD )
offset =
flow_process_textfield ( pdutree , tvb , offset , 2 ,
" reserved " ) ;
else if ( verspec = = V8PDU_FULL_METHOD )
offset =
flow_process_textfield ( pdutree , tvb , offset , 1 , " padding " ) ;
offset =
flow_process_textfield ( pdutree , tvb , offset , 4 , " extra packets " ) ;
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_routersc , tvb , offset , 4 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
return ( offset - startoffset ) ;
}
/*
* dissect a version 8 pdu , returning the length of the pdu processed
*/
static int
2010-09-17 01:45:29 +00:00
dissect_v8_aggpdu ( tvbuff_t * tvb _U_ , packet_info * pinfo _U_ , proto_tree * pdutree , int offset ,
hdrinfo_t * hdrinfo )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
int startoffset = offset ;
guint8 verspec ;
int local_cflow_as ; /* hf_cflow_srcas || hf_cflow_dstas */
int local_cflow_net ; /* hf_cflow_srcnet || hf_cflow_dstnet */
int local_cflow_int ; /* hf_cflow_outputint || hf_cflow_inputint */
int local_cflow_mask ; /* hf_cflow_srcmask || hf_cflow_dstmask */
proto_tree_add_item ( pdutree , hf_cflow_flows , tvb , offset , 4 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
offset = flow_process_sizecount ( pdutree , tvb , offset ) ;
offset = flow_process_timeperiod ( pdutree , tvb , offset ) ;
verspec = hdrinfo - > vspec ;
switch ( verspec ) {
case V8PDU_AS_METHOD :
case V8PDU_TOSAS_METHOD :
offset = flow_process_aspair ( pdutree , tvb , offset ) ;
if ( verspec = = V8PDU_TOSAS_METHOD ) {
proto_tree_add_item ( pdutree , hf_cflow_tos , tvb ,
2010-09-17 01:45:29 +00:00
offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset =
flow_process_textfield ( pdutree , tvb , offset , 1 ,
" padding " ) ;
offset =
flow_process_textfield ( pdutree , tvb , offset , 2 ,
" reserved " ) ;
2010-09-17 01:45:29 +00:00
}
2010-08-11 11:54:25 +00:00
/* ACF - Seen in the wild and documented here...
2010-09-17 01:45:29 +00:00
http : //www.caida.org/tools/measurement/cflowd/configuration/configuration-9.html#ss9.1
2010-08-11 11:54:25 +00:00
*/
offset = flow_process_ints ( pdutree , tvb , offset ) ;
break ;
case V8PDU_PROTO_METHOD :
case V8PDU_TOSPROTOPORT_METHOD :
proto_tree_add_item ( pdutree , hf_cflow_prot , tvb , offset + + , 1 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2010-08-11 11:54:25 +00:00
if ( verspec = = V8PDU_PROTO_METHOD )
offset =
flow_process_textfield ( pdutree , tvb , offset , 1 ,
" padding " ) ;
else if ( verspec = = V8PDU_TOSPROTOPORT_METHOD )
proto_tree_add_item ( pdutree , hf_cflow_tos , tvb ,
2010-09-17 01:45:29 +00:00
offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset =
flow_process_textfield ( pdutree , tvb , offset , 2 ,
" reserved " ) ;
offset = flow_process_ports ( pdutree , tvb , offset ) ;
if ( verspec = = V8PDU_TOSPROTOPORT_METHOD )
offset = flow_process_ints ( pdutree , tvb , offset ) ;
break ;
case V8PDU_SPREFIX_METHOD :
case V8PDU_DPREFIX_METHOD :
case V8PDU_TOSSRCPREFIX_METHOD :
case V8PDU_TOSDSTPREFIX_METHOD :
switch ( verspec ) {
case V8PDU_SPREFIX_METHOD :
case V8PDU_TOSSRCPREFIX_METHOD :
local_cflow_net = hf_cflow_srcnet ;
local_cflow_mask = hf_cflow_srcmask ;
local_cflow_as = hf_cflow_srcas ;
local_cflow_int = hf_cflow_inputint ;
break ;
case V8PDU_DPREFIX_METHOD :
case V8PDU_TOSDSTPREFIX_METHOD :
default : /* stop warning that :
' local_cflow_ * ' may be used
uninitialized in this function */
local_cflow_net = hf_cflow_dstnet ;
local_cflow_mask = hf_cflow_dstmask ;
local_cflow_as = hf_cflow_dstas ;
local_cflow_int = hf_cflow_outputint ;
break ;
}
proto_tree_add_item ( pdutree ,
2010-09-17 01:45:29 +00:00
local_cflow_net , tvb , offset , 4 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
proto_tree_add_item ( pdutree ,
2010-09-17 01:45:29 +00:00
local_cflow_mask , tvb , offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
if ( verspec = = V8PDU_SPREFIX_METHOD
| | verspec = = V8PDU_DPREFIX_METHOD )
offset =
flow_process_textfield ( pdutree , tvb , offset , 1 ,
" padding " ) ;
else if ( verspec = = V8PDU_TOSSRCPREFIX_METHOD
| | verspec = = V8PDU_TOSDSTPREFIX_METHOD )
proto_tree_add_item ( pdutree , hf_cflow_tos , tvb ,
2010-09-17 01:45:29 +00:00
offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
proto_tree_add_item ( pdutree ,
2010-09-17 01:45:29 +00:00
local_cflow_as , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
proto_tree_add_item ( pdutree ,
2010-09-17 01:45:29 +00:00
local_cflow_int , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
offset =
flow_process_textfield ( pdutree , tvb , offset , 2 ,
" reserved " ) ;
break ;
case V8PDU_MATRIX_METHOD :
case V8PDU_TOSMATRIX_METHOD :
case V8PDU_PREPORTPROTOCOL_METHOD :
proto_tree_add_item ( pdutree , hf_cflow_srcnet , tvb , offset , 4 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
proto_tree_add_item ( pdutree , hf_cflow_dstnet , tvb , offset , 4 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2010-08-11 11:54:25 +00:00
offset + = 4 ;
proto_tree_add_item ( pdutree , hf_cflow_srcmask , tvb , offset + + ,
2010-09-17 01:45:29 +00:00
1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
proto_tree_add_item ( pdutree , hf_cflow_dstmask , tvb , offset + + ,
2010-09-17 01:45:29 +00:00
1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
if ( verspec = = V8PDU_TOSMATRIX_METHOD | |
verspec = = V8PDU_PREPORTPROTOCOL_METHOD ) {
proto_tree_add_item ( pdutree , hf_cflow_tos , tvb ,
2010-09-17 01:45:29 +00:00
offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
if ( verspec = = V8PDU_TOSMATRIX_METHOD ) {
offset =
flow_process_textfield ( pdutree , tvb ,
offset , 1 ,
" padding " ) ;
} else if ( verspec = = V8PDU_PREPORTPROTOCOL_METHOD ) {
proto_tree_add_item ( pdutree , hf_cflow_prot ,
2010-09-17 01:45:29 +00:00
tvb , offset + + , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
}
} else {
offset =
flow_process_textfield ( pdutree , tvb , offset , 2 ,
" reserved " ) ;
}
if ( verspec = = V8PDU_MATRIX_METHOD
| | verspec = = V8PDU_TOSMATRIX_METHOD ) {
offset = flow_process_aspair ( pdutree , tvb , offset ) ;
} else if ( verspec = = V8PDU_PREPORTPROTOCOL_METHOD ) {
offset = flow_process_ports ( pdutree , tvb , offset ) ;
}
offset = flow_process_ints ( pdutree , tvb , offset ) ;
break ;
}
return ( offset - startoffset ) ;
}
/* Dissect a version 9 FlowSet and return the length we processed. */
static int
2010-09-17 01:45:29 +00:00
dissect_v9_v10_flowset ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree , int offset , hdrinfo_t * hdrinfo )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
int length ;
2010-08-11 11:54:25 +00:00
guint16 flowset_id ;
2010-09-17 01:45:29 +00:00
guint8 ver ;
2010-08-11 11:54:25 +00:00
ver = hdrinfo - > vspec ;
if ( ( ver ! = 9 ) & & ( ver ! = 10 ) )
return ( 0 ) ;
flowset_id = tvb_get_ntohs ( tvb , offset ) ;
length = tvb_get_ntohs ( tvb , offset + 2 ) ;
if ( length < 4 ) {
expert_add_info_format ( pinfo , NULL , PI_MALFORMED , PI_WARN ,
" Length (%u) too short " , length ) ;
return tvb_length_remaining ( tvb , offset ) ;
}
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_flowset_id , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_flowset_length , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
switch ( flowset_id ) {
case FLOWSET_ID_V9_DATA_TEMPLATE :
case FLOWSET_ID_V10_DATA_TEMPLATE :
dissect_v9_v10_data_template ( tvb , pinfo , pdutree , offset , length - 4 , hdrinfo , flowset_id ) ;
break ;
case FLOWSET_ID_V9_OPTIONS_TEMPLATE :
case FLOWSET_ID_V10_OPTIONS_TEMPLATE :
dissect_v9_v10_options_template ( tvb , pinfo , pdutree , offset , length - 4 , hdrinfo , flowset_id ) ;
break ;
default :
if ( flowset_id > = FLOWSET_ID_DATA_MIN ) {
dissect_v9_v10_data ( tvb , pinfo , pdutree , offset , flowset_id , ( guint ) length - 4 , hdrinfo ) ;
}
break ;
2010-08-11 11:54:25 +00:00
}
return ( length ) ;
}
static int
2010-09-17 01:45:29 +00:00
dissect_v9_v10_data ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree , int offset ,
guint16 id , guint length , hdrinfo_t * hdrinfo )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
struct v9_v10_template * tplt ;
2010-08-11 11:54:25 +00:00
proto_tree * data_tree ;
proto_item * data_item ;
2010-09-17 01:45:29 +00:00
guint pdu_len ;
2010-08-11 11:54:25 +00:00
if ( length = = 0 ) {
expert_add_info_format ( pinfo , pdutree , PI_MALFORMED ,
PI_WARN , " No flow information " ) ;
}
2010-09-17 01:45:29 +00:00
tplt = v9_v10_template_get ( id , & hdrinfo - > net_src , hdrinfo - > src_id ) ;
2010-08-11 11:54:25 +00:00
if ( tplt ! = NULL & & tplt - > length ! = 0 ) {
int count = 1 ;
2010-09-17 01:45:29 +00:00
/* Note: If the flow contains variable length fields then */
/* tplt->length will be less then actual length of the flow. */
2010-08-11 11:54:25 +00:00
while ( length > = tplt - > length ) {
data_item = proto_tree_add_text ( pdutree , tvb ,
offset , tplt - > length , " Flow %d " , count + + ) ;
2010-09-17 01:45:29 +00:00
data_tree = proto_item_add_subtree ( data_item , ett_dataflowset ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
pdu_len = dissect_v9_v10_pdu ( tvb , pinfo , data_tree , offset , tplt , hdrinfo ) ;
2010-08-11 11:54:25 +00:00
offset + = pdu_len ;
2010-09-17 01:45:29 +00:00
/* XXX - Throw an exception */
length - = ( pdu_len < length ) ? pdu_len : length ;
2010-08-11 11:54:25 +00:00
}
if ( length ! = 0 ) {
proto_tree_add_text ( pdutree , tvb , offset , length ,
" Padding (%u byte%s) " ,
length , plurality ( length , " " , " s " ) ) ;
}
} else {
proto_tree_add_text ( pdutree , tvb , offset , length ,
" Data (%u byte%s), no template found " ,
length , plurality ( length , " " , " s " ) ) ;
}
return ( 0 ) ;
}
# define GOT_LOCAL_ADDR (1 << 0)
# define GOT_REMOTE_ADDR (1 << 1)
# define GOT_LOCAL_PORT (1 << 2)
# define GOT_REMOTE_PORT (1 << 3)
# define GOT_IPv4_ID (1 << 4)
# define GOT_ICMP_ID (1 << 5)
# define GOT_UID (1 << 6)
# define GOT_PID (1 << 7)
# define GOT_USERNAME (1 << 8)
# define GOT_COMMAND (1 << 9)
# define GOT_BASE ( \
2010-09-17 01:45:29 +00:00
GOT_LOCAL_ADDR | \
GOT_REMOTE_ADDR | \
GOT_UID | \
GOT_PID | \
GOT_USERNAME | \
GOT_COMMAND \
)
2010-08-11 11:54:25 +00:00
# define GOT_TCP_UDP (GOT_BASE | GOT_LOCAL_PORT | GOT_REMOTE_PORT)
2010-09-17 01:45:29 +00:00
# define GOT_ICMP (GOT_BASE | GOT_IPv4_ID | GOT_ICMP_ID)
2010-08-11 11:54:25 +00:00
static guint
2010-09-17 01:45:29 +00:00
dissect_v9_v10_pdu ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree , int offset ,
struct v9_v10_template * tplt , hdrinfo_t * hdrinfo )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
int orig_offset = offset ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
if ( ( tplt - > fields [ TF_SCOPES ] ! = NULL )
& & ( tplt - > field_count [ TF_SCOPES ] > 0 ) ) {
2010-08-11 11:54:25 +00:00
if ( hdrinfo - > vspec = = 9 ) {
offset + = dissect_v9_pdu_scope ( tvb , pinfo , pdutree , offset , tplt ) ;
} else if ( hdrinfo - > vspec = = 10 ) {
2010-09-17 01:45:29 +00:00
offset + = dissect_v9_v10_pdu_data ( tvb , pinfo , pdutree , offset , tplt , hdrinfo , TF_SCOPES ) ;
2010-08-11 11:54:25 +00:00
}
}
2010-09-17 01:45:29 +00:00
offset + = dissect_v9_v10_pdu_data ( tvb , pinfo , pdutree , offset , tplt , hdrinfo , TF_ENTRIES ) ;
2010-08-11 11:54:25 +00:00
return ( guint ) ( offset - orig_offset ) ;
}
static guint
2010-09-17 01:45:29 +00:00
dissect_v9_pdu_scope ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree , int offset ,
struct v9_v10_template * tplt )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
int orig_offset ;
proto_item * ti ;
int i ;
DISSECTOR_ASSERT ( tplt - > fields [ TF_SCOPES ] ! = NULL ) ;
orig_offset = offset ;
for ( i = 0 ; i < tplt - > field_count [ TF_SCOPES ] ; i + + ) {
guint16 type = tplt - > fields [ TF_SCOPES ] [ i ] . type ;
guint16 length = tplt - > fields [ TF_SCOPES ] [ i ] . length ;
if ( length = = 0 ) { /* XXX: Zero length fields probably shouldn't be included in the cached template */
2011-04-14 16:17:09 +00:00
/* YYY: Maybe. If you don't cache the zero length fields can you still compare that you actually have the same template with the same ID. See WMeier comment "c." above */
2010-09-17 01:45:29 +00:00
continue ;
}
switch ( type ) {
2010-12-07 03:46:10 +00:00
/* XXX: template length fields should be validated during template processing ... */
2010-09-17 01:45:29 +00:00
case 1 : /* system */
ti = proto_tree_add_item ( pdutree , hf_cflow_scope_system ,
tvb , offset , length , ENC_NA ) ;
if ( length ! = 4 ) {
expert_add_info_format ( pinfo , ti , PI_MALFORMED , PI_WARN ,
" ScopeSystem: invalid size %u " , length ) ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
break ;
case 2 : /* interface */
ti = proto_tree_add_item ( pdutree , hf_cflow_scope_interface ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
if ( length ! = 4 ) {
expert_add_info_format ( pinfo , ti , PI_MALFORMED , PI_WARN ,
" ScopeInterface: invalid size %u " , length ) ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
break ;
case 3 : /* linecard */
proto_tree_add_item ( pdutree , hf_cflow_scope_linecard ,
tvb , offset , length , ENC_NA ) ;
break ;
case 4 : /* netflow cache */
proto_tree_add_item ( pdutree , hf_cflow_scope_cache ,
tvb , offset , length , ENC_NA ) ;
break ;
case 5 : /* tplt */
proto_tree_add_item ( pdutree , hf_cflow_scope_template ,
tvb , offset , length , ENC_NA ) ;
break ;
default : /* unknown */
proto_tree_add_item ( pdutree , hf_cflow_unknown_field_type ,
tvb , offset , length , ENC_NA ) ;
break ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
offset + = length ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
return ( guint ) ( offset - orig_offset ) ;
2010-08-11 11:54:25 +00:00
}
static guint
2010-09-17 01:45:29 +00:00
dissect_v9_v10_pdu_data ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree , int offset ,
struct v9_v10_template * tplt , hdrinfo_t * hdrinfo , v9_v10_template_fields_type_t fields_type )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
int orig_offset ;
2010-08-11 11:54:25 +00:00
int rev ;
nstime_t ts_start [ 2 ] , ts_end [ 2 ] ;
int offset_s [ 2 ] , offset_e [ 2 ] ;
nstime_t ts ;
guint32 msec_start [ 2 ] , msec_end [ 2 ] ;
guint32 msec_delta ;
2010-09-17 01:45:29 +00:00
nstime_t ts_delta ;
guint32 usec ;
int i ;
2010-08-11 11:54:25 +00:00
address local_addr , remote_addr ;
guint16 local_port = 0 , remote_port = 0 , ipv4_id = 0 , icmp_id = 0 ;
guint32 uid = 0 , pid = 0 ;
int uname_len ;
2010-09-17 01:45:29 +00:00
gchar * uname_str = NULL ;
2010-08-11 11:54:25 +00:00
int cmd_len ;
2010-09-17 01:45:29 +00:00
gchar * cmd_str = NULL ;
2010-08-11 11:54:25 +00:00
guint16 got_flags = 0 ;
2010-12-07 03:46:10 +00:00
int string_len_short = 0 ;
int string_len_long = 0 ;
proto_tree * string_tree ;
2011-03-31 14:03:23 +00:00
gchar * gen_str = NULL ;
2010-12-07 03:46:10 +00:00
int gen_str_offset = 0 ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
proto_item * ti ;
guint16 count ;
struct v9_v10_template_entry * entries ;
proto_tree * fwdstattree ;
entries = tplt - > fields [ fields_type ] ;
2010-08-11 11:54:25 +00:00
if ( entries = = NULL ) {
/* I don't think we can actually hit this condition.
If we can , what would cause it ? Does this need a
warn ? If so what ?
*/
return 0 ;
}
2010-09-17 01:45:29 +00:00
orig_offset = offset ;
count = tplt - > field_count [ fields_type ] ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
offset_s [ 0 ] = offset_s [ 1 ] = offset_e [ 0 ] = offset_e [ 1 ] = 0 ;
2010-08-11 11:54:25 +00:00
msec_start [ 0 ] = msec_start [ 1 ] = msec_end [ 0 ] = msec_end [ 1 ] = 0 ;
for ( i = 0 ; i < count ; i + + ) {
2010-09-17 01:45:29 +00:00
guint64 pen_type ;
guint16 type ;
guint16 masked_type ;
guint16 length ;
guint32 pen ;
const gchar * pen_str ;
int vstr_len ;
type = entries [ i ] . type ;
length = entries [ i ] . length ;
pen = entries [ i ] . pen ;
pen_str = entries [ i ] . pen_str ;
if ( length = = 0 ) { /* XXX: Zero length fields probably shouldn't be included in the cached template */
2011-04-14 16:17:09 +00:00
/* YYY: Maybe. If you don't cache the zero length fields can you still compare that you actually have the same template with the same ID. See WMeier comment "c." above */
2010-09-17 01:45:29 +00:00
continue ;
}
/* See if variable length field */
vstr_len = 0 ;
if ( length = = VARIABLE_LENGTH ) {
vstr_len = 1 ;
2010-12-07 03:46:10 +00:00
string_len_short = length = tvb_get_guint8 ( tvb , offset ) ;
2010-09-17 01:45:29 +00:00
if ( length = = 255 ) {
vstr_len = 3 ;
2010-12-07 03:46:10 +00:00
string_len_long = length = tvb_get_ntohs ( tvb , offset + 1 ) ;
2010-09-17 01:45:29 +00:00
}
offset + = vstr_len ;
2010-12-07 03:46:10 +00:00
gen_str_offset = offset ;
2010-09-17 01:45:29 +00:00
}
/* v9 types
* 0 x 0000 0000 0000 to
* 0 x 0000 0000 ffff
* v10 global types ( presumably consistent with v9 types 0x0000 - 0x7fff )
* 0 x 0000 0000 0000 to
* 0 x 0000 0000 7ff f
* V10 Enterprise types
* 0 x 0000 0001 0000 to
* 0 x ffff ffff 7ff f
*/
pen_type = masked_type = type ;
rev = 0 ;
if ( ( hdrinfo - > vspec = = 10 ) & & ( type & 0x8000 ) ) {
pen_type = masked_type = type & 0x7fff ;
if ( pen = = REVPEN ) { /* reverse PEN */
rev = 1 ;
} else if ( pen = = 0 ) {
pen_type = ( 0xffff < < 16 ) | pen_type ; /* hack to force "unknown" */
} else {
pen_type = ( pen < < 16 ) | pen_type ;
}
2010-08-11 11:54:25 +00:00
}
ti = NULL ;
switch ( pen_type ) {
case 1 : /* bytes */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_octets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Octets: length %u " , length ) ;
}
break ;
case 2 : /* packets */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_packets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_packets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Packets: length %u " , length ) ;
}
break ;
case 163 : /* observedFlowTotalCount */
case 3 : /* flows */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_flows ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_flows64 ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Flows: length %u " , length ) ;
}
break ;
case 4 : /* proto */
ti = proto_tree_add_item ( pdutree , hf_cflow_prot ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 5 : /* TOS */
ti = proto_tree_add_item ( pdutree , hf_cflow_tos ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 6 : /* TCP flags */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcpflags ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 7 : /* source port */
case 180 : /* udpSourcePort */
case 182 : /* tcpSourcePort */
ti = proto_tree_add_item ( pdutree , hf_cflow_srcport ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 8 : /* source IP */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_srcaddr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_srcaddr_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" SrcAddr: length %u " , length ) ;
}
break ;
case 9 : /* source mask */
ti = proto_tree_add_item ( pdutree , hf_cflow_srcmask ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 10 : /* input SNMP */
ti = proto_tree_add_item ( pdutree , hf_cflow_inputint ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 11 : /* dest port */
case 181 : /* udpDestinationPort */
case 183 : /* tcpDestinationPort */
ti = proto_tree_add_item ( pdutree , hf_cflow_dstport ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 12 : /* dest IP */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_dstaddr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_dstaddr_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" DstAddr: length %u " , length ) ;
}
break ;
case 13 : /* dest mask */
ti = proto_tree_add_item ( pdutree , hf_cflow_dstmask ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 14 : /* output SNMP */
ti = proto_tree_add_item ( pdutree , hf_cflow_outputint ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 15 : /* nexthop IP */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_nexthop ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" NextHop: length %u " , length ) ;
}
break ;
case 16 : /* source AS */
ti = proto_tree_add_item ( pdutree , hf_cflow_srcas ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 17 : /* dest AS */
ti = proto_tree_add_item ( pdutree , hf_cflow_dstas ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 18 : /* BGP nexthop IP */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_bgpnexthop ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_bgpnexthop_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" BGPNextHop: length %u " , length ) ;
}
break ;
case 19 : /* multicast packets */
ti = proto_tree_add_item ( pdutree , hf_cflow_mulpackets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 20 : /* multicast octets */
ti = proto_tree_add_item ( pdutree , hf_cflow_muloctets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 21 : /* last switched */
2010-09-17 01:45:29 +00:00
offset_e [ rev ] = offset ;
msec_end [ rev ] = tvb_get_ntohl ( tvb , offset ) ;
ts_end [ rev ] . secs = msec_end [ rev ] / 1000 ;
ts_end [ rev ] . nsecs = ( msec_end [ rev ] % 1000 ) * 1000000 ;
goto timestamp_common ;
break ;
case 22 : /* first switched */
offset_s [ rev ] = offset ;
msec_start [ rev ] = tvb_get_ntohl ( tvb , offset ) ;
ts_start [ rev ] . secs = msec_start [ rev ] / 1000 ;
ts_start [ rev ] . nsecs = ( msec_start [ rev ] % 1000 ) * 1000000 ;
goto timestamp_common ;
break ;
2010-08-11 11:54:25 +00:00
case 150 : /* flowStartSeconds */
2010-09-17 01:45:29 +00:00
offset_s [ rev ] = offset ;
ts_start [ rev ] . secs = tvb_get_ntohl ( tvb , offset ) ;
ts_start [ rev ] . nsecs = 0 ;
goto timestamp_common ;
break ;
2010-08-11 11:54:25 +00:00
case 151 : /* flowEndSeconds */
2010-09-17 01:45:29 +00:00
offset_e [ rev ] = offset ;
ts_end [ rev ] . secs = tvb_get_ntohl ( tvb , offset ) ;
ts_end [ rev ] . nsecs = 0 ;
goto timestamp_common ;
break ;
case 152 : /* flowStartMilliseconds: 64-bit integer */
offset_s [ rev ] = offset ;
ts_start [ rev ] . secs = tvb_get_ntoh64 ( tvb , offset ) / 1000 ;
ts_start [ rev ] . nsecs = ( tvb_get_ntoh64 ( tvb , offset ) % 1000 ) * 1000000 ;
goto timestamp_common ;
break ;
case 153 : /* flowEndMilliseconds; 64-bit integer */
offset_e [ rev ] = offset ;
ts_end [ rev ] . secs = ( tvb_get_ntoh64 ( tvb , offset ) / 1000 ) ;
ts_end [ rev ] . nsecs = ( tvb_get_ntoh64 ( tvb , offset ) % 1000 ) * 1000000 ;
goto timestamp_common ;
break ;
case 154 : /* flowStartMicroseconds: 64-bit NTP format */
offset_s [ rev ] = offset ;
2011-02-09 03:24:12 +00:00
ntp_to_nstime ( tvb , offset , & ts_start [ rev ] ) ;
2010-09-17 01:45:29 +00:00
goto timestamp_common ;
break ;
case 155 : /* flowEndMicroseconds: 64-bit NTP format */
/* XXX: Not tested ... */
offset_e [ rev ] = offset ;
2011-02-09 03:24:12 +00:00
ntp_to_nstime ( tvb , offset , & ts_end [ rev ] ) ;
2010-09-17 01:45:29 +00:00
goto timestamp_common ;
break ;
case 156 : /* flowStartNanoseconds: 64-bit NTP format */
/* XXX: Not tested ... */
offset_s [ rev ] = offset ;
2011-02-09 03:24:12 +00:00
ntp_to_nstime ( tvb , offset , & ts_start [ rev ] ) ;
2010-09-17 01:45:29 +00:00
goto timestamp_common ;
break ;
case 157 : /* flowEndNanoseconds: 64-bit NTP format */
/* XXX: Not tested ... */
offset_e [ rev ] = offset ;
2011-02-09 03:24:12 +00:00
ntp_to_nstime ( tvb , offset , & ts_end [ rev ] ) ;
2010-09-17 01:45:29 +00:00
goto timestamp_common ;
break ;
case 158 : /* flowStartDeltaMicroseconds: 32-bit integer; negative time offset */
/* relative to the export time specified in the IPFIX Message Header */
/* XXX: Not tested ... */
offset_s [ rev ] = offset ;
usec = tvb_get_ntohl ( tvb , offset ) ;
ts_start [ rev ] . secs = ( ( ( guint64 ) ( hdrinfo - > export_time_secs ) * 1000000 - usec ) / 1000000 ) ;
ts_start [ rev ] . nsecs = ( ( ( guint64 ) ( hdrinfo - > export_time_secs ) * 1000000 - usec ) % 1000000 ) * 1000 ;
goto timestamp_common ;
break ;
case 159 : /* flowEndDeltaMicroseconds: 32-bit integer; negative time offset */
/* relative to the export time specified in the IPFIX Message Header */
/* XXX: Not tested ... */
offset_e [ rev ] = offset ;
usec = tvb_get_ntohl ( tvb , offset ) ;
ts_end [ rev ] . secs = ( ( ( guint64 ) ( hdrinfo - > export_time_secs ) * 1000000 - usec ) / 1000000 ) ;
ts_end [ rev ] . nsecs = ( ( ( guint64 ) ( hdrinfo - > export_time_secs ) * 1000000 - usec ) % 1000000 ) * 1000 ;
/* This code executed for all timestamp fields above */
/* !! Assumption: Only 1 set of time fields in a flow */
timestamp_common :
2010-08-11 11:54:25 +00:00
if ( offset_s [ rev ] & & offset_e [ rev ] ) {
2010-09-17 01:45:29 +00:00
proto_tree * timetree ;
proto_item * timeitem ;
2010-08-11 11:54:25 +00:00
nstime_delta ( & ts_delta , & ts_end [ rev ] , & ts_start [ rev ] ) ;
timeitem =
proto_tree_add_time ( pdutree , hf_cflow_timedelta , tvb ,
offset_s [ rev ] , 0 , & ts_delta ) ;
PROTO_ITEM_SET_GENERATED ( timeitem ) ;
timetree = proto_item_add_subtree ( timeitem , ett_flowtime ) ;
2010-09-17 01:45:29 +00:00
/* Note: length of "start" is assumed to match that of "end" */
2010-08-11 11:54:25 +00:00
if ( msec_start [ rev ] ) {
proto_tree_add_time ( timetree , hf_cflow_timestart , tvb ,
offset_s [ rev ] , length , & ts_start [ rev ] ) ;
} else {
proto_tree_add_time ( timetree , hf_cflow_abstimestart , tvb ,
offset_s [ rev ] , length , & ts_start [ rev ] ) ;
}
if ( msec_end [ rev ] ) {
proto_tree_add_time ( timetree , hf_cflow_timeend , tvb ,
offset_e [ rev ] , length , & ts_end [ rev ] ) ;
} else {
proto_tree_add_time ( timetree , hf_cflow_abstimeend , tvb ,
offset_e [ rev ] , length , & ts_end [ rev ] ) ;
}
}
break ;
case 23 : /* postOctetDeltaCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_octets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Post Octets: length %u " , length ) ;
}
break ;
case 24 : /* postPacketDeltaCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_packets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_packets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Post Packets: length %u " , length ) ;
}
break ;
case 25 : /* length_min */
ti = proto_tree_add_item ( pdutree , hf_cflow_length_min ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 26 : /* length_max */
ti = proto_tree_add_item ( pdutree , hf_cflow_length_max ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 27 : /* IPv6 src addr */
ti = proto_tree_add_item ( pdutree , hf_cflow_srcaddr_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 28 : /* IPv6 dst addr */
ti = proto_tree_add_item ( pdutree , hf_cflow_dstaddr_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 29 : /* IPv6 src addr mask */
ti = proto_tree_add_item ( pdutree , hf_cflow_srcmask_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 30 : /* IPv6 dst addr mask */
ti = proto_tree_add_item ( pdutree , hf_cflow_dstmask_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 31 : /* flowLabelIPv6 */
/* RFC5102 defines that Abstract Data Type of this
Information Element is unsigned32 */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_ipv6_flowlabel ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
}
/* RFC3954 defines that length of this field is 3
Bytes */
else if ( length = = 3 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_ipv6_flowlabel24 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
}
break ;
case 32 : /* ICMP_TYPE */
ti = proto_tree_add_item ( pdutree , hf_cflow_icmp_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 33 : /* IGMP_TYPE */
ti = proto_tree_add_item ( pdutree , hf_cflow_igmp_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 34 : /* sampling interval */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_interval ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 35 : /* sampling algorithm */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_algorithm ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 36 : /* flow active timeout */
ti = proto_tree_add_item ( pdutree , hf_cflow_flow_active_timeout ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 37 : /* flow inactive timeout */
ti = proto_tree_add_item ( pdutree , hf_cflow_flow_inactive_timeout ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 38 : /* engine type */
ti = proto_tree_add_item ( pdutree , hf_cflow_engine_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 39 : /* engine id*/
ti = proto_tree_add_item ( pdutree , hf_cflow_engine_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 40 : /* bytes exported */
if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_octets_exp64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_octets_exp ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" BytesExported: length %u " , length ) ;
}
break ;
case 41 : /* packets exported */
if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_packets_exp64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_packets_exp ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" PacketsExported: length %u " , length ) ;
}
break ;
case 42 : /* flows exported */
if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_flows_exp64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_flows_exp ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" FlowsExported: length %u " , length ) ;
}
break ;
case 44 : /* IP source prefix */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_srcprefix ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" SrcPrefix: length %u " , length ) ;
}
break ;
case 45 : /* IP destination prefix */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_dstprefix ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" DstPrefix: length %u " , length ) ;
}
break ;
case 46 : /* top MPLS label type*/
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_top_label_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 47 : /* top MPLS label PE address*/
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_pe_addr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 48 : /* Flow Sampler ID */
2010-09-17 01:45:29 +00:00
#if 0
/* XXX: Why was code originally add_text for just this one case ? */
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" FlowSamplerID: %d " , tvb_get_guint8 ( tvb , offset ) ) ;
2010-09-17 01:45:29 +00:00
# endif
ti = proto_tree_add_item ( pdutree , hf_cflow_sampler_id ,
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 49 : /* FLOW_SAMPLER_MODE */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampler_mode ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 50 : /* FLOW_SAMPLER_RANDOM_INTERVAL */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampler_random_interval ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 51 : /* FLOW_CLASS */
ti = proto_tree_add_item ( pdutree , hf_cflow_flow_class ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 52 : /* TTL_MINIMUM */
ti = proto_tree_add_item ( pdutree , hf_cflow_ttl_minimum ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 53 : /* TTL_MAXIMUM */
ti = proto_tree_add_item ( pdutree , hf_cflow_ttl_maximum ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 54 : /* IPV4_ID */
ti = proto_tree_add_item ( pdutree , hf_cflow_ipv4_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 55 : /* postIpClassOfService */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_tos ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 56 : /* sourceMacAddress */
ti = proto_tree_add_item ( pdutree , hf_cflow_srcmac ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 57 : /* postDestinationMacAddress */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_dstmac ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 58 : /* vlanId */
ti = proto_tree_add_item ( pdutree , hf_cflow_vlanid ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 59 : /* postVlanId */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_vlanid ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 60 : /* IP_VERSION */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_version ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 61 : /* DIRECTION */
ti = proto_tree_add_item ( pdutree , hf_cflow_direction ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 62 : /* IPV6_NEXT_HOP */
if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_nexthop_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" NextHop: length %u " , length ) ;
}
break ;
case 63 : /* BGP_IPV6_NEXT_HOP */
if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_bgpnexthop_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" BGPNextHop: length %u " , length ) ;
}
break ;
case 64 : /* ipv6ExtensionHeaders */
ti = proto_tree_add_item ( pdutree , hf_cflow_ipv6_exthdr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 70 : /* MPLS label1*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 1 ) ;
break ;
case 71 : /* MPLS label2*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 2 ) ;
break ;
case 72 : /* MPLS label3*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 3 ) ;
break ;
case 73 : /* MPLS label4*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 4 ) ;
break ;
case 74 : /* MPLS label5*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 5 ) ;
break ;
case 75 : /* MPLS label6*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 6 ) ;
break ;
case 76 : /* MPLS label7*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 7 ) ;
break ;
case 77 : /* MPLS label8*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 8 ) ;
break ;
case 78 : /* MPLS label9*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 9 ) ;
break ;
case 79 : /* MPLS label10*/
ti = proto_tree_add_mpls_label ( pdutree , tvb , offset , length , 10 ) ;
break ;
case 80 : /* destinationMacAddress */
ti = proto_tree_add_item ( pdutree , hf_cflow_dstmac ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 81 : /* postSourceMacAddress */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_srcmac ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 82 : /* IF_NAME */
ti = proto_tree_add_item ( pdutree , hf_cflow_if_name ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 83 : /* IF_DESCR */
ti = proto_tree_add_item ( pdutree , hf_cflow_if_descr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 84 : /* SAMPLER_NAME */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampler_name ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
2011-04-16 12:03:50 +00:00
case 85 : /* BYTES_PERMANENT */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_permanent_octets ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_permanent_octets64 ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Running Octets: length %u " , length ) ;
}
break ;
case 86 : /* PACKETS_PERMANENT */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_permanent_packets ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_permanent_packets64 ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Running Packets: length %u " , length ) ;
}
break ;
2010-09-17 01:45:29 +00:00
case 88 : /* fragmentOffset */
ti = proto_tree_add_item ( pdutree , hf_cflow_fragment_offset ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
2011-05-13 21:47:09 +00:00
case 89 : {
/* FORWARDING_STATUS */
2010-08-11 11:54:25 +00:00
/* Forwarding status is encoded on 1 byte with
* the 2 left bits giving the status and the 6
* remaining bits giving the reason code . */
2011-05-13 21:47:09 +00:00
guint8 forwarding_status ;
const value_string * x_vs ;
int x_hf ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_text ( pdutree , tvb , offset , length , " Forwarding Status " ) ;
2011-05-13 21:47:09 +00:00
fwdstattree = proto_item_add_subtree ( ti , ett_fwdstat ) ;
2010-08-11 11:54:25 +00:00
2011-05-13 21:47:09 +00:00
forwarding_status = tvb_get_guint8 ( tvb , offset ) > > 6 ;
switch ( forwarding_status ) {
2011-05-13 22:10:42 +00:00
default :
2011-05-13 21:47:09 +00:00
case FORWARDING_STATUS_UNKNOWN :
x_vs = v9_forwarding_status_unknown_code ;
x_hf = hf_cflow_forwarding_status_unknown_code ;
break ;
case FORWARDING_STATUS_FORWARD :
x_vs = v9_forwarding_status_forward_code ;
x_hf = hf_cflow_forwarding_status_forward_code ;
break ;
case FORWARDING_STATUS_DROP :
x_vs = v9_forwarding_status_drop_code ;
x_hf = hf_cflow_forwarding_status_drop_code ;
break ;
case FORWARDING_STATUS_CONSUME :
x_vs = v9_forwarding_status_consume_code ;
x_hf = hf_cflow_forwarding_status_consume_code ;
break ;
}
2010-08-11 11:54:25 +00:00
proto_tree_add_item ( fwdstattree , hf_cflow_forwarding_status ,
2011-05-13 21:47:09 +00:00
tvb , offset , length , ENC_NA ) ;
proto_tree_add_item ( fwdstattree , x_hf ,
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
/* add status code to tree summary */
if ( length = = 1 ) {
2011-05-13 21:47:09 +00:00
proto_item_append_text ( ti , " : %s " , val_to_str_const ( forwarding_status ,
v9_forwarding_status , " (Unknown) " ) ) ;
proto_item_append_text ( ti , " : %s " , val_to_str_const ( ( tvb_get_guint8 ( tvb , offset ) & 0x3F ) ,
x_vs , " (Unknown) " ) ) ;
2010-08-11 11:54:25 +00:00
} ;
2011-05-13 21:47:09 +00:00
}
2010-08-11 11:54:25 +00:00
break ;
2010-09-17 01:45:29 +00:00
case 90 : /* mplsVpnRouteDistinguisher */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_vpn_rd ,
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 91 : /* mplsTopLabelPrefixLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_top_label_prefix_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 94 : /* NBAR applicationDesc */
ti = proto_tree_add_item ( pdutree , hf_cflow_nbar_appl_desc ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 95 : /* NBAR applicationId */
ti = proto_tree_add_item ( pdutree , hf_cflow_nbar_appl_id ,
2010-12-03 23:04:45 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 96 : /* NBAR applicationName */
ti = proto_tree_add_item ( pdutree , hf_cflow_nbar_appl_name ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 98 : /* postIpDiffServCodePoint */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_ip_diff_serv_code_point ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 99 : /* multicastReplicationFactor */
ti = proto_tree_add_item ( pdutree , hf_cflow_multicast_replication_factor ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
2011-02-22 21:19:13 +00:00
case 128 : /* dest AS Peer */
ti = proto_tree_add_item ( pdutree , hf_cflow_peer_dstas ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
2011-02-22 21:19:13 +00:00
case 129 : /* source AS Peer*/
ti = proto_tree_add_item ( pdutree , hf_cflow_peer_srcas ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
2010-09-17 01:45:29 +00:00
case 130 : /* exporterIPv4Address */
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_exporter_addr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
2010-09-17 01:45:29 +00:00
case 131 : /* exporterIPv6Address */
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_item ( pdutree ,
hf_cflow_exporter_addr_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 132 : /* droppedOctetDeltaCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_octets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" Dropped Octets: length %u " ,
length ) ;
}
break ;
2010-09-17 01:45:29 +00:00
case 133 : /* droppedPacketDeltaCount */
2010-08-11 11:54:25 +00:00
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_packets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_packets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" Dropped Packets: length %u " ,
length ) ;
}
break ;
case 134 : /* droppedOctetTotalCount */
2010-09-17 01:45:29 +00:00
if ( length = = 4 ) {
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_total_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_total_octets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" Dropped Total Octets: length %u " , length ) ;
}
break ;
case 135 : /* droppedPacketTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_total_packets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_drop_total_packets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" Dropped Total Packets: length %u " , length ) ;
}
break ;
case 136 : /* flowEndReason */
ti = proto_tree_add_item ( pdutree , hf_cflow_flow_end_reason ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 137 : /* commonPropertiesId */
2010-09-17 01:45:29 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_common_properties_id ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
2010-09-17 01:45:29 +00:00
case 138 : /* observationPointId */
ti = proto_tree_add_item ( pdutree , hf_cflow_observation_point_id ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 139 : /* icmpTypeCodeIPv6 */
ti = proto_tree_add_item ( pdutree , hf_cflow_icmp_ipv6_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_icmp_ipv6_code ,
2010-09-17 01:45:29 +00:00
tvb , offset + 1 , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 140 : /* mplsTopLabelIPv6Address */
if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree ,
hf_cflow_mpls_pe_addr_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" mplsTopLabelIPv6Addr: length %u " ,
length ) ;
}
break ;
case 141 : /* lineCardId */
ti = proto_tree_add_item ( pdutree , hf_cflow_scope_linecard ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 142 : /* portId */
ti = proto_tree_add_item ( pdutree , hf_cflow_port_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
2010-09-17 01:45:29 +00:00
case 143 : /* meteringProcessId */
ti = proto_tree_add_item ( pdutree , hf_cflow_mp_id ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 144 : /* FLOW EXPORTER */
ti = proto_tree_add_item ( pdutree , hf_cflow_flow_exporter ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 145 : /* templateId */
ti = proto_tree_add_item ( pdutree , hf_cflow_template_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 146 : /* wlanChannelId */
ti = proto_tree_add_item ( pdutree , hf_cflow_wlan_channel_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 147 : /* wlanSSID */
ti = proto_tree_add_item ( pdutree , hf_cflow_wlan_ssid ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 148 : /* flowId */
ti = proto_tree_add_item ( pdutree , hf_cflow_flow_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 149 : /* observationDomainId */
ti = proto_tree_add_item ( pdutree , hf_cflow_od_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 160 : /* systemInitTimeMilliseconds */
2010-09-17 01:45:29 +00:00
ts . secs = ( tvb_get_ntoh64 ( tvb , offset ) / 1000 ) ;
ts . nsecs = ( tvb_get_ntoh64 ( tvb , offset ) % 1000 ) * 1000000 ;
ti = proto_tree_add_time ( pdutree ,
hf_cflow_sys_init_time ,
tvb , offset , length , & ts ) ;
2010-08-11 11:54:25 +00:00
break ;
case 161 : /* flowDurationMilliseconds */
msec_delta = tvb_get_ntohl ( tvb , offset ) ;
ts_delta . secs = msec_delta / 1000 ;
ts_delta . nsecs = ( msec_delta % 1000 ) * 1000000 ;
ti = proto_tree_add_time ( pdutree , hf_cflow_timedelta , tvb ,
offset , length , & ts_delta ) ;
break ;
case 162 : /* flowDurationMicroseconds */
msec_delta = tvb_get_ntohl ( tvb , offset ) ;
ts_delta . secs = msec_delta / 1000000 ;
ts_delta . nsecs = ( msec_delta % 1000000 ) * 1000000 ;
ti = proto_tree_add_time ( pdutree , hf_cflow_timedelta , tvb ,
offset , length , & ts_delta ) ;
break ;
case 164 : /* ignoredPacketTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_ignore_packets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_ignore_packets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Ignored Packets: length %u " , length ) ;
}
break ;
case 165 : /* ignoredOctetTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_ignore_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_ignore_octets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Ignored Octets: length %u " , length ) ;
}
break ;
case 166 : /* notSentFlowTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_notsent_flows ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_notsent_flows64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Not Sent Flows: length %u " , length ) ;
}
break ;
case 167 : /* notSentPacketTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_notsent_packets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_notsent_packets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Not Sent Packets: length %u " , length ) ;
}
break ;
case 168 : /* notSentOctetTotalCount */
if ( length = = 4 ) {
2010-09-17 01:45:29 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_notsent_octets ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
2010-09-17 01:45:29 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_notsent_octets64 ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Not Sent Packets: length %u " , length ) ;
}
break ;
case 169 : /* destinationIPv6Prefix */
if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_dstnet_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" DstPrefix: length %u " , length ) ;
}
break ;
case 170 : /* sourceIPv6Prefix */
if ( length = = 16 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_srcnet_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
} else if ( length ! = 4 & & length ! = 16 ) {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" SrcPrefix: length %u " , length ) ;
}
break ;
case 171 : /* postOctetTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_octets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Post Total Octets: length %u " , length ) ;
}
break ;
case 172 : /* postPacketTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_packets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_packets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Post Total Packets: length %u " , length ) ;
}
break ;
case 173 : /* flowKeyIndicator */
ti = proto_tree_add_item ( pdutree , hf_cflow_key ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 174 : /* postMCastPacketTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_mulpackets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_mulpackets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Post Total Multicast Packets: length %u " , length ) ;
}
break ;
case 175 : /* postMCastOctetTotalCount */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_muloctets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_post_total_muloctets64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" Post Total Multicast Octets: length %u " , length ) ;
}
break ;
case 176 : /* ICMP_IPv4_TYPE */
ti = proto_tree_add_item ( pdutree , hf_cflow_icmp_ipv4_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 177 : /* ICMP_IPv4_CODE */
ti = proto_tree_add_item ( pdutree , hf_cflow_icmp_ipv4_code ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 178 : /* ICMP_IPv6_TYPE */
ti = proto_tree_add_item ( pdutree , hf_cflow_icmp_ipv6_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 179 : /* ICMP_IPv6_CODE */
ti = proto_tree_add_item ( pdutree , hf_cflow_icmp_ipv6_code ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 184 : /* tcpSequenceNumber */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcp_seq_num ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 185 : /* tcpAcknowledgementNumber */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcp_ack_num ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 186 : /* TCP_WINDOWS_SIZE */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcp_window_size ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 187 : /* tcpUrgentPointer */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcp_urg_ptr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 188 : /* tcpHeaderLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcp_header_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 189 : /* ipHeaderLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_header_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
2010-09-17 01:45:29 +00:00
case 190 : /* IPV4_TOTAL_LENGTH */
ti = proto_tree_add_item ( pdutree , hf_cflow_ipv4_total_length ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 191 : /* payloadLengthIPv6 */
ti = proto_tree_add_item ( pdutree , hf_cflow_ipv6_payload_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 192 : /* IP_TTL */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_ttl ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 193 : /* nextHeaderIPv6 */
ti = proto_tree_add_item ( pdutree , hf_cflow_ipv6_next_hdr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 194 : /* IP_TOS */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_tos ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 195 : /* IP_DSCP */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_dscp ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 196 : /* ipPrecedence */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_precedence ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 197 : /* fragmentFlags */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_fragment_flags ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 198 : /* BYTES_SQUARED */
case 199 : /* BYTES_SQUARED_PERMANENT */
if ( length = = 8 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_octets_squared64 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" Bytes Squared: length %u " , length ) ;
}
break ;
case 200 : /* mplsTopLabelTTL */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_top_label_ttl ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 201 : /* mplsLabelStackLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_label_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 202 : /* mplsLabelStackDepth */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_label_depth ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 203 : /* mplsTopLabelExp */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_top_label_exp ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 204 : /* ipPayloadLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_payload_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 205 : /* UDP_LENGTH */
ti = proto_tree_add_item ( pdutree , hf_cflow_udp_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 206 : /* IS_MULTICAST */
ti = proto_tree_add_item ( pdutree , hf_cflow_is_multicast ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 207 : /* IP_HEADER_WORDS */
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_header_words ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 208 : /* OPTION_MAP */
ti = proto_tree_add_item ( pdutree , hf_cflow_option_map ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 209 : /* tcpOptions */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcp_option_map ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 210 : /* paddingOctets */
ti = proto_tree_add_text ( pdutree , tvb , offset , length ,
" Padding (%u byte%s) " ,
length , plurality ( length , " " , " s " ) ) ;
break ;
case 211 : /* collectorIPv4Address */
ti = proto_tree_add_item ( pdutree , hf_cflow_collector_addr ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 212 : /* collectorIPv6Address */
ti = proto_tree_add_item ( pdutree , hf_cflow_collector_addr_v6 ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 213 : /* exportInterface */
if ( length = = 4 ) {
ti = proto_tree_add_item ( pdutree , hf_cflow_export_interface ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
} else {
ti = proto_tree_add_text ( pdutree ,
tvb , offset , length ,
" exportInterface: invalid size %d " , length ) ;
}
break ;
case 214 : /* exportProtocolVersion */
ti = proto_tree_add_item ( pdutree , hf_cflow_export_protocol_version ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 215 : /* exportTransportProtocol */
ti = proto_tree_add_item ( pdutree , hf_cflow_export_prot ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 216 : /* collectorTransportPort */
ti = proto_tree_add_item ( pdutree , hf_cflow_collector_port ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 217 : /* exporterTransportPort */
ti = proto_tree_add_item ( pdutree , hf_cflow_exporter_port ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 218 : /* tcpSynTotalCount */
ti = proto_tree_add_item ( pdutree , hf_cflow_total_tcp_syn ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 219 : /* tcpFinTotalCount */
ti = proto_tree_add_item ( pdutree , hf_cflow_total_tcp_fin ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 220 : /* tcpRstTotalCount */
ti = proto_tree_add_item ( pdutree , hf_cflow_total_tcp_rst ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 221 : /* tcpPshTotalCount */
ti = proto_tree_add_item ( pdutree , hf_cflow_total_tcp_psh ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 222 : /* tcpAckTotalCount */
ti = proto_tree_add_item ( pdutree , hf_cflow_total_tcp_ack ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 223 : /* tcpUrgTotalCount */
ti = proto_tree_add_item ( pdutree , hf_cflow_total_tcp_urg ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 224 : /* IP_TOTAL_LENGTH */
2010-09-17 01:45:29 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_ip_total_length ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 225 : /* postNATSourceIPv4Address */
case 40001 : /* NF_F_XLATE_SRC_ADDR_IPV4 (Cisco ASA 5500 Series) */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_natsource_ipv4_address ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 226 : /* postNATDestinationIPv4Address */
case 40002 : /* NF_F_XLATE_DST_ADDR_IPV4 (Cisco ASA 5500 Series) */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_natdestination_ipv4_address ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 227 : /* postNAPTSourceTransportPort */
case 40003 : /* NF_F_XLATE_SRC_PORT (Cisco ASA 5500 Series) */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_naptsource_transport_port ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 228 : /* postNAPTDestinationTransportPort */
case 40004 : /* NF_F_XLATE_DST_PORT (Cisco ASA 5500 Series) */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_naptdestination_transport_port ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 229 : /* natOriginatingAddressRealm */
ti = proto_tree_add_item ( pdutree , hf_cflow_nat_originating_address_realm ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 230 : /* natEvent */
ti = proto_tree_add_item ( pdutree , hf_cflow_nat_event ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 231 : /* initiatorOctets */
ti = proto_tree_add_item ( pdutree , hf_cflow_initiator_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 232 : /* responderOctets */
ti = proto_tree_add_item ( pdutree , hf_cflow_responder_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 233 : /* firewallEvent */
case 40005 : /* NF_F_FW_EVENT (Cisco ASA 5500 Series) */
ti = proto_tree_add_item ( pdutree , hf_cflow_firewall_event ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 234 : /* ingressVRFID */
ti = proto_tree_add_item ( pdutree , hf_cflow_ingress_vrfid ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 235 : /* egressVRFID */
ti = proto_tree_add_item ( pdutree , hf_cflow_egress_vrfid ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 236 : /* VRFname */
ti = proto_tree_add_item ( pdutree , hf_cflow_vrfname ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 237 : /* postMplsTopLabelExp */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_mpls_top_label_exp ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 238 : /* tcpWindowScale */
ti = proto_tree_add_item ( pdutree , hf_cflow_tcp_window_scale ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 239 : /* biflowDirection */
ti = proto_tree_add_item ( pdutree , hf_cflow_biflow_direction ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 240 : /* ethernetHeaderLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_ethernet_header_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 241 : /* ethernetPayloadLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_ethernet_payload_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 242 : /* ethernetTotalLength */
ti = proto_tree_add_item ( pdutree , hf_cflow_ethernet_total_length ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 243 : /* dot1qVlanId */
ti = proto_tree_add_item ( pdutree , hf_cflow_dot1q_vlan_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 244 : /* dot1qPriority */
ti = proto_tree_add_item ( pdutree , hf_cflow_dot1q_priority ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 245 : /* dot1qCustomerVlanId */
ti = proto_tree_add_item ( pdutree , hf_cflow_dot1q_customer_vlan_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 246 : /* dot1qCustomerPriority */
ti = proto_tree_add_item ( pdutree , hf_cflow_dot1q_customer_priority ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 247 : /* metroEvcId */
ti = proto_tree_add_item ( pdutree , hf_cflow_metro_evc_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 248 : /* metroEvcType */
ti = proto_tree_add_item ( pdutree , hf_cflow_metro_evc_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 249 : /* pseudoWireId */
ti = proto_tree_add_item ( pdutree , hf_cflow_pseudo_wire_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 250 : /* pseudoWireType */
ti = proto_tree_add_item ( pdutree , hf_cflow_pseudo_wire_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 251 : /* pseudoWireControlWord */
ti = proto_tree_add_item ( pdutree , hf_cflow_pseudo_wire_control_word ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 252 : /* ingressPhysicalInterface */
ti = proto_tree_add_item ( pdutree , hf_cflow_ingress_physical_interface ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 253 : /* egressPhysicalInterface */
ti = proto_tree_add_item ( pdutree , hf_cflow_egress_physical_interface ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 254 : /* postDot1qVlanId */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_dot1q_vlan_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 255 : /* postDot1qCustomerVlanId */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_dot1q_customer_vlan_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 256 : /* ethernetType */
ti = proto_tree_add_item ( pdutree , hf_cflow_ethernet_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 257 : /* postIpPrecedence */
ti = proto_tree_add_item ( pdutree , hf_cflow_post_ip_precedence ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 258 : /* collectionTimeMilliseconds */
2010-09-17 01:45:29 +00:00
ts . secs = ( tvb_get_ntoh64 ( tvb , offset ) / 1000 ) ;
ts . nsecs = ( tvb_get_ntoh64 ( tvb , offset ) % 1000 ) * 1000000 ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_time ( pdutree ,
2010-09-17 01:45:29 +00:00
hf_cflow_collection_time_milliseconds ,
tvb , offset , length , & ts ) ;
2010-08-11 11:54:25 +00:00
break ;
case 259 : /* exportSctpStreamId */
ti = proto_tree_add_item ( pdutree , hf_cflow_export_sctp_stream_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 260 : /* maxExportSeconds */
ts . secs = tvb_get_ntohl ( tvb , offset ) ;
ts . nsecs = 0 ;
ti = proto_tree_add_time ( pdutree , hf_cflow_max_export_seconds ,
tvb , offset , length , & ts ) ;
break ;
case 261 : /* maxFlowEndSeconds */
ts . secs = tvb_get_ntohl ( tvb , offset ) ;
ts . nsecs = 0 ;
ti = proto_tree_add_time ( pdutree , hf_cflow_max_flow_end_seconds ,
tvb , offset , length , & ts ) ;
break ;
case 262 : /* messageMD5Checksum */
ti = proto_tree_add_item ( pdutree , hf_cflow_message_md5_checksum ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 263 : /* messageScope */
ti = proto_tree_add_item ( pdutree , hf_cflow_message_scope ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 264 : /* minExportSeconds */
ts . secs = tvb_get_ntohl ( tvb , offset ) ;
ts . nsecs = 0 ;
ti = proto_tree_add_time ( pdutree , hf_cflow_min_export_seconds ,
tvb , offset , length , & ts ) ;
break ;
case 265 : /* minFlowStartSeconds */
ts . secs = tvb_get_ntohl ( tvb , offset ) ;
ts . nsecs = 0 ;
ti = proto_tree_add_time ( pdutree , hf_cflow_min_flow_start_seconds ,
tvb , offset , length , & ts ) ;
break ;
case 266 : /* opaqueOctets */
ti = proto_tree_add_item ( pdutree , hf_cflow_opaque_octets ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 267 : /* sessionScope */
ti = proto_tree_add_item ( pdutree , hf_cflow_session_scope ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 268 : /* maxFlowEndMicroseconds */
2011-02-09 02:27:41 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_max_flow_end_microseconds ,
tvb , offset , length , ENC_TIME_NTP | ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 269 : /* maxFlowEndMilliseconds */
2010-09-17 01:45:29 +00:00
ts . secs = ( tvb_get_ntoh64 ( tvb , offset ) / 1000 ) ;
ts . nsecs = ( tvb_get_ntoh64 ( tvb , offset ) % 1000 ) * 1000000 ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_time ( pdutree , hf_cflow_max_flow_end_milliseconds ,
tvb , offset , length , & ts ) ;
break ;
case 270 : /* maxFlowEndNanoseconds */
2011-02-09 02:27:41 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_max_flow_end_nanoseconds ,
tvb , offset , length , ENC_TIME_NTP | ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 271 : /* minFlowStartMicroseconds */
2011-02-09 02:27:41 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_min_flow_start_microseconds ,
tvb , offset , length , ENC_TIME_NTP | ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 272 : /* minFlowStartMilliseconds */
2010-09-17 01:45:29 +00:00
ts . secs = ( tvb_get_ntohl ( tvb , offset ) / 1000 ) ;
ts . nsecs = ( tvb_get_ntohl ( tvb , offset ) % 1000 ) * 1000000 ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_time ( pdutree , hf_cflow_min_flow_start_milliseconds ,
tvb , offset , length , & ts ) ;
break ;
case 273 : /* minFlowStartNanoseconds */
2011-02-09 02:27:41 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_min_flow_start_nanoseconds ,
tvb , offset , length , ENC_TIME_NTP | ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 274 : /* collectorCertificate */
ti = proto_tree_add_item ( pdutree , hf_cflow_collector_certificate ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 275 : /* exporterCertificate */
ti = proto_tree_add_item ( pdutree , hf_cflow_exporter_certificate ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 301 : /* selectionSequenceId */
ti = proto_tree_add_item ( pdutree , hf_cflow_selection_sequence_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 302 : /* selectorId */
ti = proto_tree_add_item ( pdutree , hf_cflow_selector_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 303 : /* informationElementId */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 304 : /* selectorAlgorithm */
ti = proto_tree_add_item ( pdutree , hf_cflow_selector_algorithm ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 305 : /* samplingPacketInterval */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_packet_interval ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 306 : /* samplingPacketSpace */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_packet_space ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 307 : /* samplingTimeInterval */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_time_interval ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 308 : /* samplingTimeSpace */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_time_space ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 309 : /* samplingSize */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_size ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 310 : /* samplingPopulation */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_population ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 311 : /* samplingProbability */
ti = proto_tree_add_item ( pdutree , hf_cflow_sampling_probability ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 313 : /* SECTION_HEADER */
ti = proto_tree_add_item ( pdutree , hf_cflow_section_header ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 314 : /* SECTION_PAYLOAD */
ti = proto_tree_add_item ( pdutree , hf_cflow_section_payload ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 316 : /* mplsLabelStackSection */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_label_stack_section ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 317 : /* mplsPayloadPacketSection */
ti = proto_tree_add_item ( pdutree , hf_cflow_mpls_payload_packet_section ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 318 : /* selectorIdTotalPktsObserved */
ti = proto_tree_add_item ( pdutree , hf_cflow_selector_id_total_pkts_observed ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 319 : /* selectorIdTotalPktsSelected */
ti = proto_tree_add_item ( pdutree , hf_cflow_selector_id_total_pkts_selected ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 320 : /* absoluteError */
ti = proto_tree_add_item ( pdutree , hf_cflow_absolute_error ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 321 : /* relativeError */
ti = proto_tree_add_item ( pdutree , hf_cflow_relative_error ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 322 : /* observationTimeSeconds */
ts . secs = tvb_get_ntohl ( tvb , offset ) ;
ts . nsecs = 0 ;
ti = proto_tree_add_time ( pdutree , hf_cflow_observation_time_seconds ,
tvb , offset , length , & ts ) ;
break ;
case 323 : /* observationTimeMilliseconds */
2010-09-17 01:45:29 +00:00
ts . secs = ( tvb_get_ntoh64 ( tvb , offset ) / 1000 ) ;
ts . nsecs = ( tvb_get_ntoh64 ( tvb , offset ) % 1000 ) * 1000000 ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_time ( pdutree , hf_cflow_observation_time_milliseconds ,
tvb , offset , length , & ts ) ;
break ;
case 324 : /* observationTimeMicroseconds */
2011-02-09 02:27:41 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_observation_time_microseconds ,
tvb , offset , length , ENC_TIME_NTP | ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 325 : /* observationTimeNanoseconds */
2011-02-09 02:27:41 +00:00
ti = proto_tree_add_item ( pdutree , hf_cflow_observation_time_nanoseconds ,
tvb , offset , length , ENC_TIME_NTP | ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 326 : /* digestHashValue */
ti = proto_tree_add_item ( pdutree , hf_cflow_digest_hash_value ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 327 : /* hashIPPayloadOffset */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_ippayload_offset ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 328 : /* hashIPPayloadSize */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_ippayload_size ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 329 : /* hashOutputRangeMin */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_output_range_min ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 330 : /* hashOutputRangeMax */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_output_range_max ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 331 : /* hashSelectedRangeMin */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_selected_range_min ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 332 : /* hashSelectedRangeMax */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_selected_range_max ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 333 : /* hashDigestOutput */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_digest_output ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 334 : /* hashInitialiserValue */
ti = proto_tree_add_item ( pdutree , hf_cflow_hash_initialiser_value ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 335 : /* selectorName */
ti = proto_tree_add_item ( pdutree , hf_cflow_selector_name ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 336 : /* upperCILimit */
ti = proto_tree_add_item ( pdutree , hf_cflow_upper_cilimit ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 337 : /* lowerCILimit */
ti = proto_tree_add_item ( pdutree , hf_cflow_lower_cilimit ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 338 : /* confidenceLevel */
ti = proto_tree_add_item ( pdutree , hf_cflow_confidence_level ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 339 : /* informationElementDataType */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_data_type ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 340 : /* informationElementDescription */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_description ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 341 : /* informationElementName */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_name ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 342 : /* informationElementRangeBegin */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_range_begin ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 343 : /* informationElementRangeEnd */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_range_end ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 344 : /* informationElementSemantics */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_semantics ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 345 : /* informationElementUnits */
ti = proto_tree_add_item ( pdutree , hf_cflow_information_element_units ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 346 : /* privateEnterpriseNumber */
ti = proto_tree_add_item ( pdutree , hf_cflow_private_enterprise_number ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
/* Cisco ASA 5500 Series */
case 33000 : /* NF_F_INGRESS_ACL_ID */
proto_tree_add_item ( pdutree , hf_cflow_ingress_acl_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 33001 : /* NF_F_EGRESS_ACL_ID */
proto_tree_add_item ( pdutree , hf_cflow_egress_acl_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
case 33002 : /* NF_F_FW_EXT_EVENT */
proto_tree_add_item ( pdutree , hf_cflow_fw_ext_event ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
break ;
case 40000 : /* NF_F_USERNAME[_MAX] */
proto_tree_add_item ( pdutree , hf_cflow_aaa_username ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
break ;
2010-09-17 01:45:29 +00:00
/* CACE Technologies */
2010-08-11 11:54:25 +00:00
case VENDOR_CACE < < 16 | 0 : /* caceLocalIPv4Address */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_local_ipv4_address ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
SET_ADDRESS ( & local_addr , AT_IPv4 , 4 , tvb_get_ptr ( tvb , offset , 4 ) ) ;
got_flags | = GOT_LOCAL_ADDR ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 1 : /* caceRemoteIPv4Address */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_remote_ipv4_address ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
SET_ADDRESS ( & remote_addr , AT_IPv4 , 4 , tvb_get_ptr ( tvb , offset , 4 ) ) ;
got_flags | = GOT_REMOTE_ADDR ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 2 : /* caceLocalIPv6Address */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_local_ipv6_address ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
SET_ADDRESS ( & local_addr , AT_IPv6 , 16 , tvb_get_ptr ( tvb , offset , 16 ) ) ;
got_flags | = GOT_LOCAL_ADDR ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 3 : /* caceRemoteIPv6Address */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_remote_ipv6_address ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_NA ) ;
SET_ADDRESS ( & remote_addr , AT_IPv6 , 16 , tvb_get_ptr ( tvb , offset , 16 ) ) ;
got_flags | = GOT_REMOTE_ADDR ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 4 : /* caceLocalTransportPort */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_local_port ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
local_port = tvb_get_ntohs ( tvb , offset ) ;
got_flags | = GOT_LOCAL_PORT ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 5 : /* caceRemoteTransportPort */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_remote_port ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
remote_port = tvb_get_ntohs ( tvb , offset ) ;
got_flags | = GOT_REMOTE_PORT ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 6 : /* caceLocalIPv4id */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_local_ipv4_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
ipv4_id = tvb_get_ntohs ( tvb , offset ) ;
got_flags | = GOT_IPv4_ID ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 7 : /* caceLocalICMPid */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_local_icmp_id ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
icmp_id = tvb_get_ntohs ( tvb , offset ) ;
got_flags | = GOT_ICMP_ID ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 8 : /* caceLocalProcessUserId */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_local_uid ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
uid = tvb_get_ntohl ( tvb , offset ) ;
got_flags | = GOT_UID ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 9 : /* caceLocalProcessId */
ti = proto_tree_add_item ( pdutree , hf_pie_cace_local_pid ,
2010-09-17 01:45:29 +00:00
tvb , offset , length , ENC_BIG_ENDIAN ) ;
pid = tvb_get_ntohl ( tvb , offset ) ;
got_flags | = GOT_PID ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 10 : /* caceLocalProcessUserName */
2010-09-17 01:45:29 +00:00
uname_len = tvb_get_guint8 ( tvb , offset ) ;
uname_str = tvb_format_text ( tvb , offset + 1 , uname_len ) ;
2010-08-11 11:54:25 +00:00
proto_tree_add_item ( pdutree , hf_pie_cace_local_username_len ,
2010-09-17 01:45:29 +00:00
tvb , offset , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_string ( pdutree , hf_pie_cace_local_username ,
tvb , offset + 1 , uname_len , uname_str ) ;
2010-09-17 01:45:29 +00:00
length = uname_len + 1 ;
got_flags | = GOT_USERNAME ;
2010-08-11 11:54:25 +00:00
break ;
case VENDOR_CACE < < 16 | 11 : /* caceLocalProcessCommand */
2010-09-17 01:45:29 +00:00
cmd_len = tvb_get_guint8 ( tvb , offset ) ;
cmd_str = tvb_format_text ( tvb , offset + 1 , cmd_len ) ;
2010-08-11 11:54:25 +00:00
proto_tree_add_item ( pdutree , hf_pie_cace_local_cmd_len ,
2010-09-17 01:45:29 +00:00
tvb , offset , 1 , ENC_NA ) ;
2010-08-11 11:54:25 +00:00
ti = proto_tree_add_string ( pdutree , hf_pie_cace_local_cmd ,
tvb , offset + 1 , cmd_len , cmd_str ) ;
2010-09-17 01:45:29 +00:00
length = cmd_len + 1 ;
got_flags | = GOT_COMMAND ;
break ;
2010-12-07 03:46:10 +00:00
/* START NTOP */
case ( NTOP_BASE + 80 ) : /* FRAGMENTED */
case ( ( VENDOR_NTOP < < 16 ) | 80 ) : /* FRAGMENTED */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_fragmented ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 81 ) : /* FINGERPRINT */
case ( ( VENDOR_NTOP < < 16 ) | 81 ) : /* FINGERPRINT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_fingerprint ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 82 ) : /* CLIENT_NW_DELAY_SEC */
case ( ( VENDOR_NTOP < < 16 ) | 82 ) : /* CLIENT_NW_DELAY_SEC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_client_nw_delay_sec ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 83 ) : /* /\* CLIENT_NW_DELAY_USEC *\/ */
case ( ( VENDOR_NTOP < < 16 ) | 83 ) : /* CLIENT_NW_DELAY_USEC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_client_nw_delay_usec ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 84 ) : /* SERVER_NW_DELAY_SEC */
case ( ( VENDOR_NTOP < < 16 ) | 84 ) : /* SERVER_NW_DELAY_SEC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_server_nw_delay_sec ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 85 ) : /* SERVER_NW_DELAY_USEC */
case ( ( VENDOR_NTOP < < 16 ) | 85 ) : /* SERVER_NW_DELAY_USEC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_server_nw_delay_usec ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 86 ) : /* APPL_LATENCY_SEC */
case ( ( VENDOR_NTOP < < 16 ) | 86 ) : /* APPL_LATENCY_SEC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_appl_latency_sec ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 87 ) : /* APPL_LATENCY_USEC */
case ( ( VENDOR_NTOP < < 16 ) | 87 ) : /* APPL_LATENCY_USEC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_appl_latency_sec ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 98 ) : /* ICMP_FLAGS */
case ( ( VENDOR_NTOP < < 16 ) | 98 ) : /* ICMP_FLAGS */
/* Cumulative of all flow ICMP types */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_icmp_flags ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 101 ) : /* SRC_IP_COUNTRY */
case ( ( VENDOR_NTOP < < 16 ) | 101 ) : /* SRC_IP_COUNTRY */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_src_ip_country ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 102 ) : /* SRC_IP_CITY */
case ( ( VENDOR_NTOP < < 16 ) | 102 ) : /* SRC_IP_CITY */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_src_ip_city ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 103 ) : /* DST_IP_COUNTRY */
case ( ( VENDOR_NTOP < < 16 ) | 103 ) : /* DST_IP_COUNTRY */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_dst_ip_country ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 104 ) : /* DST_IP_CITY */
case ( ( VENDOR_NTOP < < 16 ) | 104 ) : /* DST_IP_CITY */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_dst_ip_city ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 105 ) : /* FLOW_PROTO_PORT */
case ( ( VENDOR_NTOP < < 16 ) | 105 ) : /* FLOW_PROTO_PORT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_flow_proto_port ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 106 ) : /* TUNNEL_ID */
case ( ( VENDOR_NTOP < < 16 ) | 106 ) : /* TUNNEL_ID */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_tunnel_id ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 107 ) : /* LONGEST_FLOW_PKT */
case ( ( VENDOR_NTOP < < 16 ) | 107 ) : /* LONGEST_FLOW_PKT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_longest_flow_pkt ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 108 ) : /* SHORTEST_FLOW_PKT */
case ( ( VENDOR_NTOP < < 16 ) | 108 ) : /* SHORTEST_FLOW_PKT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_shortest_flow_pkt ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 109 ) : /* RETRANSMITTED_IN_PKTS */
case ( ( VENDOR_NTOP < < 16 ) | 109 ) : /* RETRANSMITTED_IN_PKTS */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_retransmitted_in_pkts ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 110 ) : /* RETRANSMITTED_OUT_PKTS */
case ( ( VENDOR_NTOP < < 16 ) | 110 ) : /* RETRANSMITTED_OUT_PKTS */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_retransmitted_out_pkts ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 111 ) : /* OOORDER_IN_PKTS */
case ( ( VENDOR_NTOP < < 16 ) | 111 ) : /* OOORDER_IN_PKTS */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_ooorder_in_pkts ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 112 ) : /* OOORDER_OUT_PKTS */
case ( ( VENDOR_NTOP < < 16 ) | 112 ) : /* OOORDER_OUT_PKTS */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_ooorder_out_pkts ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 113 ) : /* UNTUNNELED_PROTOCOL */
case ( ( VENDOR_NTOP < < 16 ) | 113 ) : /* UNTUNNELED_PROTOCOL */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_untunneled_protocol ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 114 ) : /* UNTUNNELED_IPV4_SRC_ADDR */
case ( ( VENDOR_NTOP < < 16 ) | 114 ) : /* UNTUNNELED_IPV4_SRC_ADDR */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_untunneled_ipv4_src_addr ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 115 ) : /* UNTUNNELED_L4_SRC_PORT */
case ( ( VENDOR_NTOP < < 16 ) | 115 ) : /* UNTUNNELED_L4_SRC_PORT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_untunneled_l4_src_port ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 116 ) : /* UNTUNNELED_IPV4_DST_ADDR */
case ( ( VENDOR_NTOP < < 16 ) | 116 ) : /* UNTUNNELED_IPV4_DST_ADDR */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_untunneled_ipv4_dst_addr ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 117 ) : /* UNTUNNELED_L4_DST_PORT */
case ( ( VENDOR_NTOP < < 16 ) | 117 ) : /* UNTUNNELED_L4_DST_PORT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_untunneled_l4_dst_port ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 120 ) : /* DUMP_PATH */
case ( ( VENDOR_NTOP < < 16 ) | 120 ) : /* DUMP_PATH */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_dump_path ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 130 ) : /* SIP_CALL_ID */
case ( ( VENDOR_NTOP < < 16 ) | 130 ) : /* SIP_CALL_ID */
2011-03-31 14:03:23 +00:00
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_sip_call_id ,
tvb , offset , length , gen_str ) ;
2010-12-07 03:46:10 +00:00
break ;
case ( NTOP_BASE + 131 ) : /* SIP_CALLING_PARTY */
case ( ( VENDOR_NTOP < < 16 ) | 131 ) : /* SIP_CALLING_PARTY */
2011-03-31 14:03:23 +00:00
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_sip_calling_party ,
tvb , offset , length , gen_str ) ;
2010-12-07 03:46:10 +00:00
break ;
case ( NTOP_BASE + 132 ) : /* SIP_CALLED_PARTY */
case ( ( VENDOR_NTOP < < 16 ) | 132 ) : /* SIP_CALLED_PARTY */
2011-03-31 14:03:23 +00:00
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_sip_called_party ,
tvb , offset , length , gen_str ) ;
2010-12-07 03:46:10 +00:00
break ;
case ( NTOP_BASE + 133 ) : /* SIP_RTP_CODECS */
case ( ( VENDOR_NTOP < < 16 ) | 133 ) : /* SIP_RTP_CODECS */
2011-03-31 14:03:23 +00:00
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_sip_rtp_codecs ,
tvb , offset , length , gen_str ) ;
2010-12-07 03:46:10 +00:00
break ;
case ( NTOP_BASE + 134 ) : /* SIP_INVITE_TIME */
case ( ( VENDOR_NTOP < < 16 ) | 134 ) : /* SIP_INVITE_TIME */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_invite_time ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 135 ) : /* SIP_TRYING_TIME */
case ( ( VENDOR_NTOP < < 16 ) | 135 ) : /* SIP_TRYING_TIME */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_trying_time ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 136 ) : /* SIP_RINGING_TIME */
case ( ( VENDOR_NTOP < < 16 ) | 136 ) : /* SIP_RINGING_TIME */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_ringing_time ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 137 ) : /* SIP_OK_TIME */
case ( ( VENDOR_NTOP < < 16 ) | 137 ) : /* SIP_OK_TIME */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_ok_time ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 138 ) : /* SIP_BYE_TIME */
case ( ( VENDOR_NTOP < < 16 ) | 138 ) : /* SIP_BYE_TIME */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_bye_time ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 139 ) : /* SIP_RTP_SRC_IP */
case ( ( VENDOR_NTOP < < 16 ) | 139 ) : /* SIP_RTP_SRC_IP */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_rtp_src_ip ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 140 ) : /* SIP_RTP_SRC_PORT */
case ( ( VENDOR_NTOP < < 16 ) | 140 ) : /* SIP_RTP_SRC_PORT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_rtp_src_port ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 141 ) : /* SIP_RTP_DST_IP */
case ( ( VENDOR_NTOP < < 16 ) | 141 ) : /* SIP_RTP_DST_IP */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_rtp_dst_ip ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 142 ) : /* SIP_RTP_DST_PORT */
case ( ( VENDOR_NTOP < < 16 ) | 142 ) : /* SIP_RTP_DST_PORT */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_sip_rtp_dst_port ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 150 ) : /* RTP_FIRST_SSRC */
case ( ( VENDOR_NTOP < < 16 ) | 150 ) : /* RTP_FIRST_SSRC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_first_ssrc ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 151 ) : /* RTP_FIRST_TS */
case ( ( VENDOR_NTOP < < 16 ) | 151 ) : /* RTP_FIRST_TS */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_first_ts ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 152 ) : /* RTP_LAST_SSRC */
case ( ( VENDOR_NTOP < < 16 ) | 152 ) : /* RTP_LAST_SSRC */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_last_ssrc ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 153 ) : /* RTP_LAST_TS */
case ( ( VENDOR_NTOP < < 16 ) | 153 ) : /* RTP_LAST_TS */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_last_ts ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 154 ) : /* RTP_IN_JITTER */
case ( ( VENDOR_NTOP < < 16 ) | 154 ) : /* RTP_IN_JITTER */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_in_jitter ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 155 ) : /* RTP_OUT_JITTER */
case ( ( VENDOR_NTOP < < 16 ) | 155 ) : /* RTP_OUT_JITTER */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_out_jitter ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 156 ) : /* RTP_IN_PKT_LOST */
case ( ( VENDOR_NTOP < < 16 ) | 156 ) : /* RTP_IN_PKT_LOST */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_in_pkt_lost ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 157 ) : /* RTP_OUT_PKT_LOST */
case ( ( VENDOR_NTOP < < 16 ) | 157 ) : /* RTP_OUT_PKT_LOST */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_out_pkt_lost ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 158 ) : /* RTP_OUT_PAYLOAD_TYPE */
case ( ( VENDOR_NTOP < < 16 ) | 158 ) : /* RTP_OUT_PAYLOAD_TYPE */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_out_payload_type ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 159 ) : /* RTP_IN_MAX_DELTA */
case ( ( VENDOR_NTOP < < 16 ) | 159 ) : /* RTP_IN_MAX_DELTA */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_in_max_delta ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 160 ) : /* RTP_OUT_MAX_DELTA */
case ( ( VENDOR_NTOP < < 16 ) | 160 ) : /* RTP_OUT_MAX_DELTA */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_rtp_out_max_delta ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 168 ) : /* PROC_ID */
case ( ( VENDOR_NTOP < < 16 ) | 168 ) : /* PROC_ID */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_proc_id ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 169 ) : /* PROC_NAME */
case ( ( VENDOR_NTOP < < 16 ) | 169 ) : /* PROC_NAME */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_proc_name ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 180 ) : /* HTTP_URL */
case ( ( VENDOR_NTOP < < 16 ) | 180 ) : /* HTTP_URL */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_http_url ,
tvb , offset , length , gen_str ) ;
break ;
case ( NTOP_BASE + 181 ) : /* HTTP_RET_CODE */
case ( ( VENDOR_NTOP < < 16 ) | 181 ) : /* HTTP_RET_CODE */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_http_ret_code ,
tvb , offset , length , FALSE ) ;
break ;
case ( NTOP_BASE + 182 ) : /* HTTP_REFERER */
case ( ( VENDOR_NTOP < < 16 ) | 182 ) : /* HTTP_REFERER */
break ;
case ( NTOP_BASE + 183 ) : /* HTTP_UA */
case ( ( VENDOR_NTOP < < 16 ) | 183 ) : /* HTTP_UA */
break ;
case ( NTOP_BASE + 184 ) : /* HTTP_MIME */
case ( ( VENDOR_NTOP < < 16 ) | 184 ) : /* HTTP_MIME */
break ;
case ( NTOP_BASE + 185 ) : /* SMTP_MAIL_FROM */
case ( ( VENDOR_NTOP < < 16 ) | 185 ) : /* SMTP_MAIL_FROM */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_smtp_mail_from ,
tvb , offset , length , gen_str ) ;
break ;
case ( NTOP_BASE + 186 ) : /* SMTP_RCPT_TO */
case ( ( VENDOR_NTOP < < 16 ) | 186 ) : /* SMTP_RCPT_TO */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_smtp_rcpt_to ,
tvb , offset , length , gen_str ) ;
break ;
case ( NTOP_BASE + 190 ) : /* FLOW_ID */
case ( ( VENDOR_NTOP < < 16 ) | 190 ) : /* FLOW_ID */
ti = proto_tree_add_item ( pdutree , hf_cflow_flow_id ,
tvb , offset , length , ENC_BIG_ENDIAN ) ;
break ;
case ( NTOP_BASE + 195 ) : /* MYSQL_SERVER_VERSION */
case ( ( VENDOR_NTOP < < 16 ) | 195 ) : /* MYSQL_SERVER_VERSION */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_mysql_server_version ,
tvb , offset , length , gen_str ) ;
break ;
case ( NTOP_BASE + 196 ) : /* MYSQL_USERNAME */
case ( ( VENDOR_NTOP < < 16 ) | 196 ) : /* MYSQL_USERNAME */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_mysql_username ,
tvb , offset , length , gen_str ) ;
break ;
case ( NTOP_BASE + 197 ) : /* MYSQL_DB */
case ( ( VENDOR_NTOP < < 16 ) | 197 ) : /* MYSQL_DB */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_mysql_db ,
tvb , offset , length , gen_str ) ;
break ;
case ( NTOP_BASE + 198 ) : /* MYSQL_QUERY */
case ( ( VENDOR_NTOP < < 16 ) | 198 ) : /* MYSQL_QUERY */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_ntop_mysql_query ,
tvb , offset , length , gen_str ) ;
break ;
case ( NTOP_BASE + 199 ) : /* MYSQL_RESPONSE */
case ( ( VENDOR_NTOP < < 16 ) | 199 ) : /* MYSQL_RESPONSE */
ti = proto_tree_add_item ( pdutree , hf_pie_ntop_mysql_response ,
tvb , offset , length , FALSE ) ;
break ;
/* END NTOP */
/* START Plixer International */
case ( ( VENDOR_PLIXER < < 16 ) | 100 ) : /* client_ip_v4 */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_client_ip_v4 ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 101 ) : /* client_hostname */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_client_hostname ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 102 ) : /* partner_name */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_partner_name ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 103 ) : /* server_hostname */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_server_hostname ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 104 ) : /* server_ip_v4 */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_server_ip_v4 ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 105 ) : /* recipient_address */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_recipient_address ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 106 ) : /* event_id */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_event_id ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 107 ) : /* msgid */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_msgid ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 108 ) : /* priority */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_priority ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 109 ) : /* recipient_report_status */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_recipient_report_status ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 110 ) : /* number_recipients */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_number_recipients ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 111 ) : /* origination_time */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_origination_time ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 112 ) : /* encryption */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_encryption ,
tvb , offset , length , FALSE ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 113 ) : /* service_version */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_service_version ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 114 ) : /* linked_msgid */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_linked_msgid ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 115 ) : /* message_subject */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_message_subject ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 116 ) : /* sender_address */
gen_str = tvb_format_text ( tvb , offset , length ) ;
ti = proto_tree_add_string ( pdutree , hf_pie_plixer_sender_address ,
tvb , offset , length , gen_str ) ;
break ;
case ( ( VENDOR_PLIXER < < 16 ) | 117 ) : /* date_time */
ti = proto_tree_add_item ( pdutree , hf_pie_plixer_date_time ,
tvb , offset , length , FALSE ) ;
break ;
/* END Plixer International */
2010-09-17 01:45:29 +00:00
default : /* Unknown Field ID */
if ( ( hdrinfo - > vspec = = 9 ) | | ( pen = = REVPEN ) ) {
ti = proto_tree_add_bytes_format_value ( pdutree , hf_cflow_unknown_field_type ,
Modify proto_tree_add_bytes_format() and proto_tree_add_bytes_format_value()
so that if the start_ptr is NULL the bytes are extracted from the given TVB
using the given offset and length.
Replace a bunch of:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...])
with:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...])
svn path=/trunk/; revision=35896
2011-02-10 16:31:00 +00:00
tvb , offset , length , NULL ,
2010-09-17 01:45:29 +00:00
" Type %u: Value (hex bytes): %s " ,
masked_type ,
tvb_bytes_to_str_punct ( tvb , offset , length , ' ' ) ) ;
} else { /* v10 PEN */
ti = proto_tree_add_bytes_format_value ( pdutree , hf_ipfix_enterprise_private_entry ,
Modify proto_tree_add_bytes_format() and proto_tree_add_bytes_format_value()
so that if the start_ptr is NULL the bytes are extracted from the given TVB
using the given offset and length.
Replace a bunch of:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, tvb_get_ptr(tvb, offset, length), [...])
with:
proto_tree_add_bytes_format*(tree, hf, tvb, offset, length, NULL, [...])
svn path=/trunk/; revision=35896
2011-02-10 16:31:00 +00:00
tvb , offset , length , NULL ,
2010-09-17 01:45:29 +00:00
" (%s) Type %u: Value (hex bytes): %s " ,
2011-05-16 17:02:22 +00:00
pen_str ? pen_str : " (null) " ,
2010-09-17 01:45:29 +00:00
masked_type ,
tvb_bytes_to_str_punct ( tvb , offset , length , ' ' ) ) ;
2010-08-11 11:54:25 +00:00
}
break ;
2010-12-07 03:46:10 +00:00
2010-09-17 01:45:29 +00:00
} /* switch (pen_type) */
2010-12-07 03:46:10 +00:00
if ( ti & & ( vstr_len ! = 0 ) ) {
/* XXX: ugh: not very pretty: how to show/highlight actual length bytes ?? */
/* YYY: added the length in a tree. Not sure if this is best. */
2010-09-17 01:45:29 +00:00
proto_item_append_text ( ti , " (Variable Length) " ) ;
2010-12-07 03:46:10 +00:00
PROTO_ITEM_SET_GENERATED ( ti ) ;
string_tree = proto_item_add_subtree ( ti , ett_str_len ) ;
proto_tree_add_uint ( string_tree , hf_string_len_short , tvb ,
gen_str_offset - vstr_len , 1 , string_len_short ) ;
if ( vstr_len = = 3 ) {
proto_tree_add_uint ( string_tree , hf_string_len_long , tvb ,
gen_str_offset - 2 , 2 , string_len_long ) ;
}
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
if ( ti & & ( pen = = REVPEN ) ) {
/* XXX: why showing type ? type not shown if not reverse */
2010-08-11 11:54:25 +00:00
proto_item_append_text ( ti , " (Reverse Type %u %s) " ,
2010-09-17 01:45:29 +00:00
masked_type ,
2010-10-29 17:48:39 +00:00
val_to_str_ext_const ( masked_type , & v9_v10_template_types_ext , " Unknown " ) ) ;
2010-08-11 11:54:25 +00:00
}
offset + = length ;
2010-09-17 01:45:29 +00:00
} /* for (i=0; i < count; i++) */
/* If only "start" or "end" time, show it here */
2010-12-07 03:46:10 +00:00
/* XXX: length is actually 8 if millisec, microsec, nanosec time */
2010-08-11 11:54:25 +00:00
for ( i = 0 ; i < 2 ; i + + ) {
if ( ! ( offset_s [ i ] & & offset_e [ i ] ) ) {
if ( offset_s [ i ] ) {
if ( msec_start [ i ] ) {
proto_tree_add_time ( pdutree , hf_cflow_timestart , tvb ,
offset_s [ i ] , 4 , & ts_start [ i ] ) ;
} else {
proto_tree_add_time ( pdutree , hf_cflow_abstimestart , tvb ,
offset_s [ i ] , 4 , & ts_start [ i ] ) ;
}
}
if ( offset_e [ i ] ) {
if ( msec_end [ i ] ) {
proto_tree_add_time ( pdutree , hf_cflow_timeend , tvb ,
offset_e [ i ] , 4 , & ts_end [ i ] ) ;
} else {
proto_tree_add_time ( pdutree , hf_cflow_abstimeend , tvb ,
offset_s [ i ] , 4 , & ts_start [ i ] ) ;
}
}
}
}
2010-09-17 01:45:29 +00:00
/* XXX - These IDs are currently hard-coded in procflow.py. */
if ( got_flags = = GOT_TCP_UDP & & ( tplt - > id = = 256 | | tplt - > id = = 258 ) ) {
add_tcp_process_info ( pinfo - > fd - > num , & local_addr , & remote_addr , local_port , remote_port , uid , pid , uname_str , cmd_str ) ;
}
if ( got_flags = = GOT_TCP_UDP & & ( tplt - > id = = 257 | | tplt - > id = = 259 ) ) {
add_udp_process_info ( pinfo - > fd - > num , & local_addr , & remote_addr , local_port , remote_port , uid , pid , uname_str , cmd_str ) ;
}
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
return ( guint ) ( offset - orig_offset ) ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
/* --- Dissect Template ---*/
/* Template Fields Dissection */
static const int * v9_template_type_hf_list [ TF_NUM ] = {
& hf_cflow_template_scope_field_type , /* scope */
& hf_cflow_template_field_type } ; /* entry */
2010-12-07 03:46:10 +00:00
static const int * v10_template_type_hf_list [ TF_NUM_EXT ] = {
2010-09-17 01:45:29 +00:00
& hf_cflow_template_ipfix_field_type , /* scope */
2010-12-07 03:46:10 +00:00
& hf_cflow_template_ipfix_field_type ,
& hf_cflow_template_plixer_field_type ,
& hf_cflow_template_ntop_field_type ,
NULL } ;
2010-09-17 01:45:29 +00:00
2010-10-29 17:48:39 +00:00
static value_string_ext * v9_template_type_vse_list [ TF_NUM ] = {
& v9_scope_field_types_ext , /* scope */
& v9_v10_template_types_ext } ; /* entry */
2010-12-07 03:46:10 +00:00
static value_string_ext * v10_template_type_vse_list [ TF_NUM_EXT ] = {
2010-10-29 17:48:39 +00:00
& v9_v10_template_types_ext , /* scope */
2010-12-07 03:46:10 +00:00
& v9_v10_template_types_ext , /* entry */
& v10_template_types_plixer_ext ,
& v10_template_types_ntop_ext ,
NULL } ;
2010-09-17 01:45:29 +00:00
2010-08-11 11:54:25 +00:00
static int
2010-09-17 01:45:29 +00:00
dissect_v9_v10_template_fields ( tvbuff_t * tvb , packet_info * pinfo _U_ , proto_tree * tplt_tree , int offset ,
hdrinfo_t * hdrinfo ,
struct v9_v10_template * tplt ,
v9_v10_template_fields_type_t fields_type )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
int ver ;
int count ;
int i ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
DISSECTOR_ASSERT ( ( fields_type = = TF_SCOPES ) | | ( fields_type = = TF_ENTRIES ) ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
ver = hdrinfo - > vspec ;
DISSECTOR_ASSERT ( ( ver = = 9 ) | | ( ver = = 10 ) ) ;
count = tplt - > field_count [ fields_type ] ;
for ( i = 0 ; i < count ; i + + ) {
guint16 type ;
guint16 length ;
2010-11-07 18:21:22 +00:00
guint32 pen ;
2010-09-17 01:45:29 +00:00
const gchar * pen_str ;
proto_tree * field_tree ;
proto_item * field_item ;
proto_item * ti ;
pen = 0 ;
pen_str = NULL ;
type = tvb_get_ntohs ( tvb , offset ) ;
length = tvb_get_ntohs ( tvb , offset + 2 ) ; /* XXX: 0 length should not be allowed ? exception: "ScopeSystem" */
if ( ( ver = = 10 ) & & ( type & 0x8000 ) ) { /* IPFIX only */
pen = tvb_get_ntohl ( tvb , offset + 4 ) ;
2010-09-17 04:51:21 +00:00
pen_str = val_to_str_ext_const ( pen , & sminmpec_values_ext , " (Unknown) " ) ;
2010-09-17 01:45:29 +00:00
}
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
if ( tplt - > fields [ fields_type ] ! = NULL ) {
DISSECTOR_ASSERT ( i < count ) ;
tplt - > fields [ fields_type ] [ i ] . type = type ;
tplt - > fields [ fields_type ] [ i ] . length = length ;
tplt - > fields [ fields_type ] [ i ] . pen = pen ;
tplt - > fields [ fields_type ] [ i ] . pen_str = pen_str ;
if ( length ! = VARIABLE_LENGTH ) { /* Don't include "variable length" in the total */
tplt - > length + = length ;
}
}
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
field_item = proto_tree_add_text ( tplt_tree , tvb , offset , 4 + ( ( pen_str ! = NULL ) ? 4 : 0 ) , " Field (%u/%u) " , i + 1 , count ) ;
field_tree = proto_item_add_subtree ( field_item , ett_field ) ;
if ( fields_type = = TF_SCOPES ) {
proto_item_append_text ( field_item , " [Scope] " ) ;
}
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
if ( ver = = 9 ) { /* v9 */
proto_tree_add_item ( field_tree , * v9_template_type_hf_list [ fields_type ] ,
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
proto_item_append_text ( field_item , " : %s " ,
2010-10-29 17:48:39 +00:00
val_to_str_ext ( type , v9_template_type_vse_list [ fields_type ] , " Unknown(%d) " ) ) ;
2010-09-17 01:45:29 +00:00
} else { /* v10 */
proto_tree_add_item ( field_tree , hf_cflow_template_ipfix_pen_provided ,
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
if ( ! ( type & 0x8000 ) | | ( pen = = REVPEN ) ) {
2011-02-19 00:05:12 +00:00
proto_item * rp_ti ;
rp_ti = proto_tree_add_item ( field_tree , * v10_template_type_hf_list [ fields_type ] ,
2010-09-17 01:45:29 +00:00
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
proto_item_append_text ( field_item , " : %s " ,
2010-10-29 17:48:39 +00:00
val_to_str_ext ( type & 0x7fff , v10_template_type_vse_list [ fields_type ] , " Unknown(%d) " ) ) ;
2010-09-17 01:45:29 +00:00
if ( pen = = REVPEN ) {
2011-02-19 00:05:12 +00:00
proto_item_append_text ( rp_ti , " [Reverse] " ) ;
2010-09-17 01:45:29 +00:00
proto_item_append_text ( field_item , " [Reverse] " ) ;
}
2010-12-07 03:46:10 +00:00
} else {
int fields_type_pen = pen_to_type_hf_list ( pen ) ;
if ( fields_type_pen ! = TF_NO_VENDOR_INFO ) {
2011-05-20 15:44:25 +00:00
proto_tree_add_item ( field_tree , * v10_template_type_hf_list [ fields_type_pen ] ,
2010-12-07 03:46:10 +00:00
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
proto_item_append_text ( field_item , " : %s " ,
val_to_str_ext ( type & 0x7fff , v10_template_type_vse_list [ fields_type_pen ] , " Unknown(%d) " ) ) ;
} else { /* Private Enterprise */
2011-02-19 00:05:12 +00:00
proto_item * pen_ti ;
pen_ti = proto_tree_add_item ( field_tree , hf_cflow_template_ipfix_field_type_enterprise ,
2010-12-07 03:46:10 +00:00
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2011-02-19 00:05:12 +00:00
proto_item_append_text ( pen_ti , " [pen: %s] " , pen_str ) ;
2010-12-07 03:46:10 +00:00
proto_item_append_text ( field_item , " : %3u [pen: %s] " , type & 0x7fff , pen_str ) ;
}
2010-09-17 01:45:29 +00:00
}
}
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
offset + = 2 ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
ti = proto_tree_add_item ( field_tree , hf_cflow_template_field_length , tvb ,
offset , 2 , ENC_BIG_ENDIAN ) ;
if ( length = = VARIABLE_LENGTH ) {
proto_item_append_text ( ti , " [i.e.: \" Variable Length \" ] " ) ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
offset + = 2 ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
/* Private Enterprise Number (IPFIX only) */
if ( ( ver = = 10 ) & & ( type & 0x8000 ) ) {
proto_tree_add_uint_format_value ( field_tree , hf_cflow_template_ipfix_field_pen , tvb , offset , 4 ,
pen , " %s (%u) " , pen_str , pen ) ;
offset + = 4 ;
2010-08-11 11:54:25 +00:00
}
}
2010-09-17 01:45:29 +00:00
return offset ;
}
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
/* Options Template Dissection */
static int
dissect_v9_v10_options_template ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree , int offset , int length ,
hdrinfo_t * hdrinfo , guint16 flowset_id )
{
int remaining ;
remaining = length ;
while ( remaining > 3 ) { /* allow for padding */
struct v9_v10_template tplt ;
proto_tree * tplt_tree ;
proto_item * tplt_item ;
proto_item * ti ;
guint16 id ;
guint16 option_scope_field_count ;
guint16 option_field_count ;
int orig_offset ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
orig_offset = offset ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
id = tvb_get_ntohs ( tvb , offset ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
tplt_item = proto_tree_add_text ( pdutree , tvb , offset , - 1 , " Options Template (Id = %u) " , id ) ;
tplt_tree = proto_item_add_subtree ( tplt_item , ett_template ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( tplt_tree , hf_cflow_template_id , tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
if ( flowset_id = = FLOWSET_ID_V9_OPTIONS_TEMPLATE ) { /* V9 */
/* Note: v9: field_count = fields_byte_length/4 since each entry is 4 bytes */
/* XXX: validate byte_length is a multiple of 4 ? */
option_scope_field_count = tvb_get_ntohs ( tvb , offset ) / 4 ;
proto_tree_add_item ( tplt_tree ,
hf_cflow_option_scope_length ,
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
option_field_count = tvb_get_ntohs ( tvb , offset ) / 4 ;
ti = proto_tree_add_item ( tplt_tree ,
hf_cflow_option_length ,
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
} else { /* IPFIX (V10) */
guint16 option_total_field_count ;
option_total_field_count = tvb_get_ntohs ( tvb , offset ) ;
proto_tree_add_item ( tplt_tree ,
hf_cflow_template_ipfix_total_field_count ,
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
option_scope_field_count = tvb_get_ntohs ( tvb , offset ) ;
ti = proto_tree_add_item ( tplt_tree ,
hf_cflow_template_ipfix_scope_field_count ,
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
offset + = 2 ;
option_field_count = option_total_field_count - option_scope_field_count ;
if ( option_scope_field_count = = 0 ) {
expert_add_info_format ( pinfo , ti , PI_MALFORMED , PI_WARN ,
" No scope fields " ) ;
return 0 ;
}
if ( option_scope_field_count > option_total_field_count ) {
expert_add_info_format ( pinfo , ti , PI_MALFORMED , PI_WARN ,
" More scope fields (%u) than fields (%u) " ,
option_scope_field_count , option_total_field_count ) ;
return 0 ;
2010-08-11 11:54:25 +00:00
}
}
2010-09-17 01:45:29 +00:00
proto_item_append_text ( tplt_item , " (Scope Count = %u; Data Count = %u) " , option_scope_field_count , option_field_count ) ;
proto_item_set_len ( tplt_item , 6 + 4 * ( option_scope_field_count + option_field_count ) ) ;
2011-04-14 16:17:09 +00:00
if ( v9template_max_fields & &
( option_field_count > v9template_max_fields ) ) {
2010-09-17 01:45:29 +00:00
expert_add_info_format ( pinfo , ti , PI_UNDECODED , PI_NOTE ,
2011-04-14 16:17:09 +00:00
" More options (%u) than we can handle. Maximum value can be adjusted in the protocol preferences. " ,
2010-09-17 01:45:29 +00:00
option_field_count ) ;
2010-08-11 11:54:25 +00:00
}
2011-04-14 16:17:09 +00:00
if ( v9template_max_fields & &
( option_scope_field_count > v9template_max_fields ) ) {
2010-09-17 01:45:29 +00:00
expert_add_info_format ( pinfo , ti , PI_UNDECODED , PI_NOTE ,
2011-04-14 16:17:09 +00:00
" More scopes (%u) than we can handle [template won't be used]. Maximum value can be adjusted in the protocol preferences. " ,
2010-09-17 01:45:29 +00:00
option_scope_field_count ) ;
}
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
/* Cache template */
memset ( & tplt , 0 , sizeof ( tplt ) ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
tplt . id = id ;
SE_COPY_ADDRESS ( & tplt . source_addr , & hdrinfo - > net_src ) ;
tplt . source_id = hdrinfo - > src_id ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
tplt . option_template = TRUE ; /* Option template */ /* XXX: ? not used ? */
tplt . field_count [ TF_SCOPES ] = option_scope_field_count ;
tplt . field_count [ TF_ENTRIES ] = option_field_count ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
/* If entry for this hash already exists (whether or not actually for for this id, ...) */
/* tplt.fields[TF_SCOPES] and tplt.fields[TF_ENTRIES] will be NULL and thus this */
/* template will not be cached. */
/* ToDo: expert warning if replacement/collision and new template ignored. */
/* XXX: Is an Options template with only scope fields allowed for V9 ?? */
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
do {
2011-04-14 16:17:09 +00:00
if ( ( option_scope_field_count = = 0 ) | |
( v9template_max_fields & &
( ( option_scope_field_count > v9template_max_fields )
| | ( option_field_count > v9template_max_fields ) ) ) ) {
2010-09-17 01:45:29 +00:00
break ; /* Don't allow cache of this template */
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
if ( v9_v10_template_get ( id , & hdrinfo - > net_src , hdrinfo - > src_id ) ) {
/* Entry for this hash already exists; Can be dup or collision. */
/* XXX: ToDo: use GHashTable so no collisions. */
break ; /* Don't allow cache of this template */
}
tplt . fields [ TF_SCOPES ] = se_alloc0 ( option_scope_field_count * sizeof ( struct v9_v10_template_entry ) ) ;
tplt . fields [ TF_ENTRIES ] = se_alloc0 ( option_field_count * sizeof ( struct v9_v10_template_entry ) ) ;
break ;
} while ( FALSE ) ;
offset = dissect_v9_v10_template_fields ( tvb , pinfo , tplt_tree , offset ,
hdrinfo , & tplt , TF_SCOPES ) ;
offset = dissect_v9_v10_template_fields ( tvb , pinfo , tplt_tree , offset ,
hdrinfo , & tplt , TF_ENTRIES ) ;
if ( tplt . fields [ TF_SCOPES ] | | tplt . fields [ TF_ENTRIES ] ) {
memcpy ( & v9_v10_template_cache [ v9_v10_template_hash ( tplt . id ,
& tplt . source_addr ,
tplt . source_id ) ] ,
& tplt , sizeof ( tplt ) ) ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
remaining - = offset - orig_offset ;
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
if ( remaining > 0 )
flow_process_textfield ( pdutree , tvb , offset , remaining , " [Padding] " ) ;
2003-02-12 08:36:48 +00:00
2010-09-17 01:45:29 +00:00
return length ;
2007-05-04 06:07:30 +00:00
}
2010-09-17 01:45:29 +00:00
/* Data Template Dissection */
2010-08-11 11:54:25 +00:00
static int
2010-09-17 01:45:29 +00:00
dissect_v9_v10_data_template ( tvbuff_t * tvb , packet_info * pinfo , proto_tree * pdutree , int offset , int length ,
hdrinfo_t * hdrinfo , guint16 flowset_id _U_ )
2010-08-11 11:54:25 +00:00
{
2010-09-17 01:45:29 +00:00
int remaining ;
remaining = length ;
while ( remaining > 3 ) { /* allow for padding */
struct v9_v10_template tplt ;
proto_tree * tplt_tree ;
proto_item * tplt_item ;
proto_item * ti ;
guint16 id ;
guint16 count ;
int orig_offset ;
2010-08-11 11:54:25 +00:00
orig_offset = offset ;
id = tvb_get_ntohs ( tvb , offset ) ;
count = tvb_get_ntohs ( tvb , offset + 2 ) ;
tplt_item = proto_tree_add_text ( pdutree , tvb , offset ,
2010-09-17 01:45:29 +00:00
4 + 4 * count /* hdrsiz + count*2*(sizeof guint16)*/ ,
" Template (Id = %u, Count = %u) " , id , count ) ;
2010-08-11 11:54:25 +00:00
tplt_tree = proto_item_add_subtree ( tplt_item , ett_template ) ;
proto_tree_add_item ( tplt_tree , hf_cflow_template_id , tvb ,
2010-09-17 01:45:29 +00:00
offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
ti = proto_tree_add_item ( tplt_tree , hf_cflow_template_field_count ,
2010-09-17 01:45:29 +00:00
tvb , offset , 2 , ENC_BIG_ENDIAN ) ;
2010-08-11 11:54:25 +00:00
offset + = 2 ;
2011-04-14 16:17:09 +00:00
if ( v9template_max_fields & & ( count > v9template_max_fields ) ) {
2010-08-11 11:54:25 +00:00
expert_add_info_format ( pinfo , ti , PI_UNDECODED , PI_NOTE ,
2011-04-14 16:17:09 +00:00
" More entries (%u) than we can handle [template won't be used]. Maximum value can be adjusted in the protocol preferences. " ,
2010-08-11 11:54:25 +00:00
count ) ;
}
/* Cache template */
memset ( & tplt , 0 , sizeof ( tplt ) ) ;
2010-09-17 01:45:29 +00:00
tplt . id = id ;
2010-08-11 11:54:25 +00:00
SE_COPY_ADDRESS ( & tplt . source_addr , & hdrinfo - > net_src ) ;
tplt . source_id = hdrinfo - > src_id ;
2010-09-17 01:45:29 +00:00
tplt . field_count [ TF_ENTRIES ] = count ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
/* If entry for this hash already exists (whether or not actually for for this id, ...) */
/* tplt.fields[TF_ENTRIES]will be NULL and thus this template will not be cached. */
do {
2011-04-14 16:17:09 +00:00
if ( ( count = = 0 )
| | ( v9template_max_fields & & ( count > v9template_max_fields ) ) ) {
2010-09-17 01:45:29 +00:00
break ; /* Don't allow cache of this template */
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
if ( v9_v10_template_get ( id , & hdrinfo - > net_src , hdrinfo - > src_id ) ) {
/* Entry for this hash already exists; Can be dup or collision. */
/* XXX: ToDo: use GHashTable so no collisions. */
break ; /* Don't allow cache of this template */
2010-08-11 11:54:25 +00:00
}
2010-09-17 01:45:29 +00:00
tplt . fields [ TF_ENTRIES ] = se_alloc0 ( count * sizeof ( struct v9_v10_template_entry ) ) ;
break ;
} while ( FALSE ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
offset = dissect_v9_v10_template_fields ( tvb , pinfo , tplt_tree , offset ,
hdrinfo , & tplt , TF_ENTRIES ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
if ( tplt . fields [ TF_ENTRIES ] ) {
memcpy ( & v9_v10_template_cache [ v9_v10_template_hash ( tplt . id ,
& tplt . source_addr ,
tplt . source_id ) ] ,
& tplt , sizeof ( tplt ) ) ;
2010-08-11 11:54:25 +00:00
}
remaining - = offset - orig_offset ;
}
2010-09-17 01:45:29 +00:00
if ( remaining > 0 )
flow_process_textfield ( pdutree , tvb , offset , remaining , " [Padding] " ) ;
2010-08-11 11:54:25 +00:00
2010-09-17 01:45:29 +00:00
return length ;
2010-08-11 11:54:25 +00:00
}
2010-06-16 15:36:02 +00:00
2006-12-21 06:41:11 +00:00
static int
2010-09-17 01:45:29 +00:00
v9_v10_template_hash ( guint16 id , const address * net_src , guint32 src_id )
2006-12-21 06:41:11 +00:00
{
2010-09-17 01:45:29 +00:00
guint32 val ;
2009-08-28 16:36:24 +00:00
const guint8 * p ;
2010-09-17 01:45:29 +00:00
guint32 temp ;
int cnt ;
int i ;
2006-12-21 06:41:11 +00:00
2009-08-28 16:36:24 +00:00
p = ( guint8 * ) ( net_src - > data ) ;
2007-08-21 21:03:59 +00:00
2010-09-17 01:45:29 +00:00
val = id ;
2006-12-21 06:41:11 +00:00
2009-08-28 16:36:24 +00:00
switch ( net_src - > type ) {
case AT_IPv4 :
cnt = 1 ;
break ;
case AT_IPv6 :
cnt = 4 ;
break ;
default :
cnt = 0 ;
break ;
}
for ( i = 0 ; i < cnt ; i + + ) {
memcpy ( ( guint8 * ) & temp , p , 4 ) ;
val + = GUINT32_TO_LE ( temp ) ; /* Use *reverse* of each 4 bytes of IP address when */
/* calculating the hash on both BE and LE machines. */
/* EG: hash of IP address 1.2.3.4 will be 0x04030201 */
/* (Note that we'll get the right result on a LE */
/* machine since the IP address is stored in */
/* network order and GUINT32_TO_LE is a no-op. On */
2010-01-31 22:10:17 +00:00
/* a BE machine GUINT32_TO_LE will swap the bytes. */
2009-08-28 16:36:24 +00:00
p + = 4 ;
2006-12-21 06:41:11 +00:00
}
val + = src_id ;
2010-09-17 01:45:29 +00:00
return val % V9_V10_TEMPLATE_CACHE_MAX_ENTRIES ;
2006-12-21 06:41:11 +00:00
}
2010-09-17 01:45:29 +00:00
static struct v9_v10_template *
v9_v10_template_get ( guint16 id , address * net_src , guint32 src_id )
2003-03-04 03:37:12 +00:00
{
2010-09-17 01:45:29 +00:00
struct v9_v10_template * tplt ;
2003-03-04 03:37:12 +00:00
2010-09-17 01:45:29 +00:00
tplt = & v9_v10_template_cache [ v9_v10_template_hash ( id , net_src , src_id ) ] ;
2003-03-04 03:37:12 +00:00
2009-07-10 23:39:23 +00:00
if ( tplt - > id ! = id | |
! ADDRESSES_EQUAL ( & tplt - > source_addr , net_src ) | |
tplt - > source_id ! = src_id ) {
tplt = NULL ;
2003-02-12 08:36:48 +00:00
}
2009-07-10 23:39:23 +00:00
return ( tplt ) ;
2003-02-12 08:36:48 +00:00
}
2002-09-22 16:13:22 +00:00
/*
* dissect a version 1 , 5 , or 7 pdu and return the length of the pdu we
* processed
*/
2002-09-04 20:23:55 +00:00
2002-09-22 16:13:22 +00:00
static int
2010-09-17 01:45:29 +00:00
dissect_pdu ( tvbuff_t * tvb , packet_info * pinfo _U_ , proto_tree * pdutree , int offset , hdrinfo_t * hdrinfo )
2002-09-22 16:13:22 +00:00
{
2008-05-15 12:54:27 +00:00
proto_item * hidden_item ;
2002-09-22 16:13:22 +00:00
int startoffset = offset ;
guint32 srcaddr , dstaddr ;
guint8 mask ;
nstime_t ts ;
2006-12-21 06:41:11 +00:00
guint8 ver ;
2002-09-22 16:13:22 +00:00
memset ( & ts , ' \0 ' , sizeof ( ts ) ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
/*
2007-08-21 21:03:59 +00:00
* memcpy so we can use the values later to calculate a prefix
2002-09-22 16:13:22 +00:00
*/
2005-09-11 21:25:37 +00:00
srcaddr = tvb_get_ipv4 ( tvb , offset ) ;
2002-09-22 16:13:22 +00:00
proto_tree_add_ipv4 ( pdutree , hf_cflow_srcaddr , tvb , offset , 4 ,
srcaddr ) ;
2002-09-09 20:22:51 +00:00
offset + = 4 ;
2005-09-11 21:25:37 +00:00
dstaddr = tvb_get_ipv4 ( tvb , offset ) ;
2002-09-22 16:13:22 +00:00
proto_tree_add_ipv4 ( pdutree , hf_cflow_dstaddr , tvb , offset , 4 ,
dstaddr ) ;
2002-09-09 20:22:51 +00:00
offset + = 4 ;
2010-09-17 01:45:29 +00:00
proto_tree_add_item ( pdutree , hf_cflow_nexthop , tvb , offset , 4 , ENC_NA ) ;
2002-09-09 20:22:51 +00:00
offset + = 4 ;
2002-09-22 16:13:22 +00:00
offset = flow_process_ints ( pdutree , tvb , offset ) ;
offset = flow_process_sizecount ( pdutree , tvb , offset ) ;
offset = flow_process_timeperiod ( pdutree , tvb , offset ) ;
offset = flow_process_ports ( pdutree , tvb , offset ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
/*
2007-08-21 21:03:59 +00:00
* and the similarities end here
2002-09-22 16:13:22 +00:00
*/
2006-12-21 06:41:11 +00:00
ver = hdrinfo - > vspec ;
2002-09-22 16:13:22 +00:00
if ( ver = = 1 ) {
offset =
flow_process_textfield ( pdutree , tvb , offset , 2 , " padding " ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
proto_tree_add_item ( pdutree , hf_cflow_prot , tvb , offset + + , 1 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
proto_tree_add_item ( pdutree , hf_cflow_tos , tvb , offset + + , 1 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
proto_tree_add_item ( pdutree , hf_cflow_tcpflags , tvb , offset + + ,
2010-09-17 01:45:29 +00:00
1 , ENC_NA ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
offset =
flow_process_textfield ( pdutree , tvb , offset , 3 , " padding " ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
offset =
flow_process_textfield ( pdutree , tvb , offset , 4 ,
" reserved " ) ;
} else {
if ( ver = = 5 )
offset =
flow_process_textfield ( pdutree , tvb , offset , 1 ,
" padding " ) ;
else {
proto_tree_add_item ( pdutree , hf_cflow_flags , tvb ,
2010-09-17 01:45:29 +00:00
offset + + , 1 , ENC_NA ) ;
2002-09-22 16:13:22 +00:00
}
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
proto_tree_add_item ( pdutree , hf_cflow_tcpflags , tvb , offset + + ,
2010-09-17 01:45:29 +00:00
1 , ENC_NA ) ;
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
proto_tree_add_item ( pdutree , hf_cflow_prot , tvb , offset + + , 1 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2002-09-22 16:13:22 +00:00
proto_tree_add_item ( pdutree , hf_cflow_tos , tvb , offset + + , 1 ,
2010-09-17 01:45:29 +00:00
ENC_NA ) ;
2002-09-22 16:13:22 +00:00
offset = flow_process_aspair ( pdutree , tvb , offset ) ;
mask = tvb_get_guint8 ( tvb , offset ) ;
proto_tree_add_text ( pdutree , tvb , offset , 1 ,
" SrcMask: %u (prefix: %s/%u) " ,
mask , getprefix ( & srcaddr , mask ) ,
mask ! = 0 ? mask : 32 ) ;
2008-05-15 12:54:27 +00:00
hidden_item = proto_tree_add_uint ( pdutree , hf_cflow_srcmask , tvb ,
2002-09-22 16:13:22 +00:00
offset + + , 1 , mask ) ;
2008-05-15 12:54:27 +00:00
PROTO_ITEM_SET_HIDDEN ( hidden_item ) ;
2002-09-22 16:13:22 +00:00
mask = tvb_get_guint8 ( tvb , offset ) ;
proto_tree_add_text ( pdutree , tvb , offset , 1 ,
" DstMask: %u (prefix: %s/%u) " ,
mask , getprefix ( & dstaddr , mask ) ,
mask ! = 0 ? mask : 32 ) ;
2008-05-15 12:54:27 +00:00
hidden_item = proto_tree_add_uint ( pdutree , hf_cflow_dstmask , tvb ,
2002-09-22 16:13:22 +00:00
offset + + , 1 , mask ) ;
2008-05-15 12:54:27 +00:00
PROTO_ITEM_SET_HIDDEN ( hidden_item ) ;
2002-09-22 16:13:22 +00:00
offset =
flow_process_textfield ( pdutree , tvb , offset , 2 , " padding " ) ;
if ( ver = = 7 ) {
proto_tree_add_item ( pdutree , hf_cflow_routersc , tvb ,
2010-09-17 01:45:29 +00:00
offset , 4 , ENC_NA ) ;
2002-09-22 16:13:22 +00:00
offset + = 4 ;
2002-09-04 20:23:55 +00:00
}
}
2002-09-09 20:22:51 +00:00
2002-09-22 16:13:22 +00:00
return ( offset - startoffset ) ;
}
2002-09-09 20:22:51 +00:00
2008-06-25 09:12:35 +00:00
static const gchar *
2010-09-17 01:45:29 +00:00
getprefix ( const guint32 * addr , int prefix )
2002-09-22 16:13:22 +00:00
{
2010-09-17 01:45:29 +00:00
guint32 gprefix ;
2002-09-09 20:22:51 +00:00
2010-01-19 00:37:39 +00:00
gprefix = * addr & g_htonl ( ( 0xffffffff < < ( 32 - prefix ) ) ) ;
2002-09-09 20:22:51 +00:00
2002-10-08 08:50:04 +00:00
return ( ip_to_str ( ( const guint8 * ) & gprefix ) ) ;
2002-09-04 20:23:55 +00:00
}
2008-11-03 15:15:56 +00:00
/* Called whenever a pref is changed, a new capture is loaded, & etc */
2004-03-09 20:08:26 +00:00
static void
netflow_reinit ( void )
{
2009-07-02 20:35:58 +00:00
/* Clear out the template cache. */
2010-09-17 01:45:29 +00:00
memset ( v9_v10_template_cache , 0 , sizeof v9_v10_template_cache ) ;
2004-03-09 20:08:26 +00:00
}
2002-09-04 20:23:55 +00:00
void
proto_register_netflow ( void )
{
static hf_register_info hf [ ] = {
2002-09-22 16:13:22 +00:00
/*
2007-08-21 21:03:59 +00:00
* flow header
2002-09-22 16:13:22 +00:00
*/
{ & hf_cflow_version ,
{ " Version " , " cflow.version " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" NetFlow Version " , HFILL }
2006-09-12 19:11:45 +00:00
} ,
{ & hf_cflow_len ,
{ " Length " , " cflow.len " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Length of PDUs " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_count ,
{ " Count " , " cflow.count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Count of PDUs " , HFILL }
} ,
{ & hf_cflow_sysuptime ,
{ " SysUptime " , " cflow.sysuptime " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Time since router booted (in milliseconds) " , HFILL }
2006-09-12 19:11:45 +00:00
} ,
{ & hf_cflow_exporttime ,
{ " ExportTime " , " cflow.exporttime " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Time when the flow has been exported " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_timestamp ,
{ " Timestamp " , " cflow.timestamp " ,
2009-12-19 03:17:44 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2002-09-22 16:13:22 +00:00
" Current seconds since epoch " , HFILL }
} ,
{ & hf_cflow_unix_secs ,
{ " CurrentSecs " , " cflow.unix_secs " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Current seconds since epoch " , HFILL }
} ,
{ & hf_cflow_unix_nsecs ,
{ " CurrentNSecs " , " cflow.unix_nsecs " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Residual nanoseconds since epoch " , HFILL }
} ,
2004-06-01 18:39:13 +00:00
{ & hf_cflow_samplingmode ,
{ " SamplingMode " , " cflow.samplingmode " ,
2004-06-01 18:43:30 +00:00
FT_UINT16 , BASE_DEC , VALS ( v5_sampling_mode ) , 0xC000 ,
2004-06-01 18:39:13 +00:00
" Sampling Mode of exporter " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_samplerate ,
{ " SampleRate " , " cflow.samplerate " ,
2004-06-01 18:39:13 +00:00
FT_UINT16 , BASE_DEC , NULL , 0x3FFF ,
2002-09-22 16:13:22 +00:00
" Sample Frequency of exporter " , HFILL }
} ,
/*
* end version - agnostic header
2007-08-21 21:03:59 +00:00
* version - specific flow header
2002-09-22 16:13:22 +00:00
*/
{ & hf_cflow_sequence ,
{ " FlowSequence " , " cflow.sequence " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Sequence number of flows seen " , HFILL }
} ,
{ & hf_cflow_engine_type ,
{ " EngineType " , " cflow.engine_type " ,
2010-06-28 12:42:40 +00:00
FT_UINT8 , BASE_DEC , VALS ( engine_type ) , 0x0 ,
2002-09-22 16:13:22 +00:00
" Flow switching engine type " , HFILL }
} ,
{ & hf_cflow_engine_id ,
{ " EngineId " , " cflow.engine_id " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Slot number of switching engine " , HFILL }
} ,
2003-02-12 08:36:48 +00:00
{ & hf_cflow_source_id ,
{ " SourceId " , " cflow.source_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Identifier for export device " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_aggmethod ,
{ " AggMethod " , " cflow.aggmethod " ,
2010-11-03 22:08:49 +00:00
FT_UINT8 , BASE_DEC | BASE_EXT_STRING , & v8_agg_ext , 0x0 ,
2002-09-22 16:13:22 +00:00
" CFlow V8 Aggregation Method " , HFILL }
} ,
{ & hf_cflow_aggversion ,
{ " AggVersion " , " cflow.aggversion " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" CFlow V8 Aggregation Version " , HFILL }
} ,
/*
2007-08-21 21:03:59 +00:00
* end version specific header storage
2002-09-22 16:13:22 +00:00
*/
2003-02-12 08:36:48 +00:00
/*
* Version 9
*/
{ & hf_cflow_flowset_id ,
{ " FlowSet Id " , " cflow.flowset_id " ,
2010-09-17 01:45:29 +00:00
FT_UINT16 , BASE_RANGE_STRING | BASE_DEC , RVALS ( rs_flowset_ids ) , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2003-02-12 08:36:48 +00:00
} ,
{ & hf_cflow_flowset_length ,
{ " FlowSet Length " , " cflow.flowset_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2003-02-12 08:36:48 +00:00
} ,
{ & hf_cflow_template_id ,
{ " Template Id " , " cflow.template_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2003-02-12 08:36:48 +00:00
} ,
{ & hf_cflow_template_field_count ,
{ " Field Count " , " cflow.template_field_count " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Template field count " , HFILL }
} ,
{ & hf_cflow_template_field_type ,
2010-01-11 08:05:09 +00:00
{ " Type " , " cflow.template_field_type " ,
2010-10-29 17:48:39 +00:00
FT_UINT16 , BASE_DEC | BASE_EXT_STRING , & v9_v10_template_types_ext , 0x0 ,
2003-02-12 08:36:48 +00:00
" Template field type " , HFILL }
} ,
{ & hf_cflow_template_field_length ,
{ " Length " , " cflow.template_field_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Template field length " , HFILL }
} ,
2004-09-09 06:27:43 +00:00
/* options */
{ & hf_cflow_option_scope_length ,
{ " Option Scope Length " , " cflow.option_scope_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2004-09-09 06:27:43 +00:00
} ,
{ & hf_cflow_option_length ,
{ " Option Length " , " cflow.option_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2004-09-09 06:27:43 +00:00
} ,
{ & hf_cflow_template_scope_field_type ,
{ " Scope Type " , " cflow.scope_field_type " ,
2010-10-29 17:48:39 +00:00
FT_UINT16 , BASE_DEC | BASE_EXT_STRING , & v9_scope_field_types_ext , 0x0 ,
2004-09-09 06:27:43 +00:00
" Scope field type " , HFILL }
2006-09-12 19:11:45 +00:00
} ,
2007-05-04 06:07:30 +00:00
{ & hf_cflow_icmp_type ,
{ " ICMP Type " , " cflow.icmp_type " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_igmp_type ,
{ " IGMP Type " , " cflow.igmp_type " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
2004-09-09 06:27:43 +00:00
{ & hf_cflow_sampling_interval ,
{ " Sampling interval " , " cflow.sampling_interval " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2004-09-09 06:27:43 +00:00
} ,
{ & hf_cflow_sampling_algorithm ,
{ " Sampling algorithm " , " cflow.sampling_algorithm " ,
2010-03-02 06:12:21 +00:00
FT_UINT8 , BASE_DEC , VALS ( v5_sampling_mode ) , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2004-09-09 06:27:43 +00:00
} ,
{ & hf_cflow_flow_active_timeout ,
{ " Flow active timeout " , " cflow.flow_active_timeout " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2004-09-09 06:27:43 +00:00
} ,
{ & hf_cflow_flow_inactive_timeout ,
{ " Flow inactive timeout " , " cflow.flow_inactive_timeout " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2004-09-09 06:27:43 +00:00
} ,
2002-09-22 16:13:22 +00:00
/*
2007-08-21 21:03:59 +00:00
* begin pdu content storage
2002-09-22 16:13:22 +00:00
*/
{ & hf_cflow_srcaddr ,
{ " SrcAddr " , " cflow.srcaddr " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Source Address " , HFILL }
} ,
2003-03-04 03:37:12 +00:00
{ & hf_cflow_srcaddr_v6 ,
{ " SrcAddr " , " cflow.srcaddrv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" Flow Source Address " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_srcnet ,
{ " SrcNet " , " cflow.srcnet " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Source Network " , HFILL }
} ,
{ & hf_cflow_dstaddr ,
{ " DstAddr " , " cflow.dstaddr " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Destination Address " , HFILL }
} ,
2003-03-04 03:37:12 +00:00
{ & hf_cflow_dstaddr_v6 ,
{ " DstAddr " , " cflow.dstaddrv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" Flow Destination Address " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_dstnet ,
2008-08-02 13:53:49 +00:00
{ " DstNet " , " cflow.dstnet " ,
2002-09-22 16:13:22 +00:00
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Destination Network " , HFILL }
} ,
{ & hf_cflow_nexthop ,
{ " NextHop " , " cflow.nexthop " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Router nexthop " , HFILL }
} ,
2003-03-04 03:37:12 +00:00
{ & hf_cflow_nexthop_v6 ,
{ " NextHop " , " cflow.nexthopv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" Router nexthop " , HFILL }
} ,
{ & hf_cflow_bgpnexthop ,
{ " BGPNextHop " , " cflow.bgpnexthop " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" BGP Router Nexthop " , HFILL }
} ,
{ & hf_cflow_bgpnexthop_v6 ,
{ " BGPNextHop " , " cflow.bgpnexthopv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" BGP Router Nexthop " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_inputint ,
{ " InputInt " , " cflow.inputint " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Flow Input Interface " , HFILL }
} ,
{ & hf_cflow_outputint ,
{ " OutputInt " , " cflow.outputint " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Flow Output Interface " , HFILL }
} ,
{ & hf_cflow_flows ,
{ " Flows " , " cflow.flows " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Flows Aggregated in PDU " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_flows64 ,
{ " Flows " , " cflow.flows64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Flows Aggregated in PDU " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_packets ,
{ " Packets " , " cflow.packets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of packets " , HFILL }
} ,
2003-03-04 03:37:12 +00:00
{ & hf_cflow_packets64 ,
{ " Packets " , " cflow.packets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of packets " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_octets ,
{ " Octets " , " cflow.octets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of bytes " , HFILL }
} ,
2003-03-04 03:37:12 +00:00
{ & hf_cflow_octets64 ,
{ " Octets " , " cflow.octets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of bytes " , HFILL }
} ,
2007-05-04 06:07:30 +00:00
{ & hf_cflow_length_min ,
{ " MinLength " , " cflow.length_min " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Packet Length Min " , HFILL }
} ,
{ & hf_cflow_length_max ,
{ " MaxLength " , " cflow.length_max " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Packet Length Max " , HFILL }
} ,
2007-05-11 06:21:18 +00:00
{ & hf_cflow_timedelta ,
{ " Duration " , " cflow.timedelta " ,
FT_RELATIVE_TIME , BASE_NONE , NULL , 0x0 ,
" Duration of flow sample (end - start) " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_timestart ,
{ " StartTime " , " cflow.timestart " ,
FT_RELATIVE_TIME , BASE_NONE , NULL , 0x0 ,
" Uptime at start of flow " , HFILL }
} ,
{ & hf_cflow_timeend ,
{ " EndTime " , " cflow.timeend " ,
FT_RELATIVE_TIME , BASE_NONE , NULL , 0x0 ,
" Uptime at end of flow " , HFILL }
} ,
{ & hf_cflow_srcport ,
{ " SrcPort " , " cflow.srcport " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Flow Source Port " , HFILL }
} ,
{ & hf_cflow_dstport ,
{ " DstPort " , " cflow.dstport " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Flow Destination Port " , HFILL }
} ,
{ & hf_cflow_prot ,
{ " Protocol " , " cflow.protocol " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" IP Protocol " , HFILL }
} ,
{ & hf_cflow_tos ,
{ " IP ToS " , " cflow.tos " ,
FT_UINT8 , BASE_HEX , NULL , 0x0 ,
" IP Type of Service " , HFILL }
} ,
{ & hf_cflow_flags ,
{ " Export Flags " , " cflow.flags " ,
FT_UINT8 , BASE_HEX , NULL , 0x0 ,
" CFlow Flags " , HFILL }
} ,
{ & hf_cflow_tcpflags ,
{ " TCP Flags " , " cflow.tcpflags " ,
FT_UINT8 , BASE_HEX , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2002-09-22 16:13:22 +00:00
} ,
{ & hf_cflow_srcas ,
{ " SrcAS " , " cflow.srcas " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Source AS " , HFILL }
} ,
{ & hf_cflow_dstas ,
{ " DstAS " , " cflow.dstas " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Destination AS " , HFILL }
} ,
{ & hf_cflow_srcmask ,
{ " SrcMask " , " cflow.srcmask " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Source Prefix Mask " , HFILL }
} ,
2007-09-05 06:59:24 +00:00
{ & hf_cflow_srcmask_v6 ,
{ " SrcMask " , " cflow.srcmaskv6 " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" IPv6 Source Prefix Mask " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_dstmask ,
{ " DstMask " , " cflow.dstmask " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Destination Prefix Mask " , HFILL }
} ,
2007-09-05 06:59:24 +00:00
{ & hf_cflow_dstmask_v6 ,
{ " DstMask " , " cflow.dstmaskv6 " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" IPv6 Destination Prefix Mask " , HFILL }
} ,
2002-09-22 16:13:22 +00:00
{ & hf_cflow_routersc ,
{ " Router Shortcut " , " cflow.routersc " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Router shortcut by switch " , HFILL }
2003-03-04 03:37:12 +00:00
} ,
{ & hf_cflow_mulpackets ,
{ " MulticastPackets " , " cflow.mulpackets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of multicast packets " , HFILL }
} ,
{ & hf_cflow_muloctets ,
{ " MulticastOctets " , " cflow.muloctets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of multicast octets " , HFILL }
} ,
{ & hf_cflow_octets_exp ,
{ " OctetsExp " , " cflow.octetsexp " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Octets exported " , HFILL }
} ,
2007-05-04 06:07:30 +00:00
{ & hf_cflow_octets_exp64 ,
2010-09-17 01:45:29 +00:00
{ " OctetsExp " , " cflow.octetsexp64 " ,
2007-05-04 06:07:30 +00:00
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Octets exported " , HFILL }
} ,
2003-03-04 03:37:12 +00:00
{ & hf_cflow_packets_exp ,
{ " PacketsExp " , " cflow.packetsexp " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Packets exported " , HFILL }
} ,
2007-05-04 06:07:30 +00:00
{ & hf_cflow_packets_exp64 ,
2010-09-17 01:45:29 +00:00
{ " PacketsExp " , " cflow.packetsexp64 " ,
2007-05-04 06:07:30 +00:00
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Packets exported " , HFILL }
} ,
{ & hf_cflow_flows_exp ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " FlowsExp " , " cflow.flowsexp " ,
2007-05-04 06:07:30 +00:00
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Flows exported " , HFILL }
} ,
{ & hf_cflow_flows_exp64 ,
2010-09-17 01:45:29 +00:00
{ " FlowsExp " , " cflow.flowsexp64 " ,
2007-05-04 06:07:30 +00:00
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Flows exported " , HFILL }
} ,
{ & hf_cflow_srcprefix ,
{ " SrcPrefix " , " cflow.srcprefix " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Source Prefix " , HFILL }
} ,
{ & hf_cflow_dstprefix ,
{ " DstPrefix " , " cflow.dstprefix " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Destination Prefix " , HFILL }
} ,
2007-08-21 21:03:59 +00:00
{ & hf_cflow_mpls_top_label_type ,
2006-02-09 09:11:06 +00:00
{ " TopLabelType " , " cflow.toplabeltype " ,
FT_UINT8 , BASE_DEC , VALS ( special_mpls_top_label_type ) , 0x0 ,
" Top MPLS label Type " , HFILL }
} ,
2007-08-21 21:03:59 +00:00
{ & hf_cflow_mpls_pe_addr ,
2006-02-09 09:11:06 +00:00
{ " TopLabelAddr " , " cflow.toplabeladdr " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Top MPLS label PE address " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_sampler_id ,
{ " SamplerID " , " cflow.sampler_id " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Flow Sampler ID " , HFILL }
} ,
{ & hf_cflow_sampler_mode ,
2007-05-04 06:07:30 +00:00
{ " SamplerMode " , " cflow.sampler_mode " ,
FT_UINT8 , BASE_DEC , VALS ( v9_sampler_mode ) , 0x0 ,
" Flow Sampler Mode " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_sampler_random_interval ,
2007-05-04 06:07:30 +00:00
{ " SamplerRandomInterval " , " cflow.sampler_random_interval " ,
2003-03-04 03:37:12 +00:00
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Flow Sampler Random Interval " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_flow_class ,
2007-05-04 06:07:30 +00:00
{ " FlowClass " , " cflow.flow_class " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Flow Class " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_ttl_minimum ,
2007-05-04 06:07:30 +00:00
{ " MinTTL " , " cflow.ttl_min " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" TTL minimum " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_ttl_maximum ,
2007-05-04 06:07:30 +00:00
{ " MaxTTL " , " cflow.ttl_max " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" TTL maximum " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_ipv4_id ,
2007-05-04 06:07:30 +00:00
{ " IPv4Ident " , " cflow.ipv4_ident " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" IPv4 Identifier " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_ip_version ,
2007-05-04 06:07:30 +00:00
{ " IPVersion " , " cflow.ip_version " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" IP Version " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_direction ,
2007-05-04 06:07:30 +00:00
{ " Direction " , " cflow.direction " ,
FT_UINT8 , BASE_DEC , VALS ( v9_direction ) , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_if_name ,
2007-05-04 06:07:30 +00:00
{ " IfName " , " cflow.if_name " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_STRINGZ /*FT_BYTES*/ , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" SNMP Interface Name " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_if_descr ,
2007-05-04 06:07:30 +00:00
{ " IfDescr " , " cflow.if_descr " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_STRINGZ /*FT_BYTES*/ , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" SNMP Interface Description " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_sampler_name ,
2007-05-04 06:07:30 +00:00
{ " SamplerName " , " cflow.sampler_name " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_STRINGZ /*FT_BYTES*/ , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Sampler Name " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_forwarding_status ,
2007-05-04 06:07:30 +00:00
{ " ForwdStat " , " cflow.forwarding_status " ,
FT_UINT8 , BASE_DEC , VALS ( v9_forwarding_status ) , 0xC0 ,
" Forwarding Status " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2011-05-13 21:47:09 +00:00
{ & hf_cflow_forwarding_status_unknown_code ,
{ " ForwdCode " , " cflow.forwarding_status_unknown_code " ,
FT_UINT8 , BASE_DEC , VALS ( v9_forwarding_status_unknown_code ) , 0x3F ,
NULL , HFILL }
} ,
{ & hf_cflow_forwarding_status_forward_code ,
{ " ForwdCode " , " cflow.forwarding_status_foreward_code " ,
FT_UINT8 , BASE_DEC , VALS ( v9_forwarding_status_forward_code ) , 0x3F ,
NULL , HFILL }
} ,
{ & hf_cflow_forwarding_status_drop_code ,
{ " ForwdCode " , " cflow.forwarding_status_drop_code " ,
FT_UINT8 , BASE_DEC , VALS ( v9_forwarding_status_drop_code ) , 0x3F ,
NULL , HFILL }
} ,
{ & hf_cflow_forwarding_status_consume_code ,
{ " ForwdCode " , " cflow.forwarding_status_consume_code " ,
FT_UINT8 , BASE_DEC , VALS ( v9_forwarding_status_consume_code ) , 0x3F ,
NULL , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2009-12-23 20:24:41 +00:00
{ & hf_cflow_nbar_appl_desc ,
{ " ApplicationDesc " , " cflow.appl_desc " ,
2009-12-24 00:36:05 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0x0 ,
2009-12-23 20:24:41 +00:00
" Application Desc (NBAR) " , HFILL }
} ,
{ & hf_cflow_nbar_appl_id ,
{ " ApplicationID " , " cflow.appl_id " ,
2010-12-03 23:04:45 +00:00
FT_UINT32 , BASE_CUSTOM , nbar_fmt_id , 0x0 ,
2009-12-23 20:24:41 +00:00
" Application ID (NBAR) " , HFILL }
} ,
{ & hf_cflow_nbar_appl_name ,
{ " ApplicationName " , " cflow.appl_name " ,
2009-12-24 00:36:05 +00:00
FT_STRINGZ , BASE_NONE , NULL , 0x0 ,
2009-12-23 20:24:41 +00:00
" Application Name (NBAR) " , HFILL }
} ,
2007-05-04 06:07:30 +00:00
{ & hf_cflow_peer_srcas ,
{ " PeerSrcAS " , " cflow.peer_srcas " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Peer Source AS " , HFILL }
} ,
{ & hf_cflow_peer_dstas ,
{ " PeerDstAS " , " cflow.peer_dstas " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Peer Destination AS " , HFILL }
} ,
2007-08-21 21:03:59 +00:00
{ & hf_cflow_flow_exporter ,
2007-05-04 06:07:30 +00:00
{ " FlowExporter " , " cflow.flow_exporter " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES /*FT_IPv4*/ , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Flow Exporter " , HFILL }
} ,
{ & hf_cflow_icmp_ipv4_type ,
{ " IPv4 ICMP Type " , " cflow.icmp_ipv4_type " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_icmp_ipv4_code ,
{ " IPv4 ICMP Code " , " cflow.icmp_ipv4_code " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_icmp_ipv6_type ,
{ " IPv6 ICMP Type " , " cflow.icmp_ipv6_type " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_icmp_ipv6_code ,
{ " IPv6 ICMP Code " , " cflow.icmp_ipv6_code " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_tcp_window_size ,
{ " TCP Windows Size " , " cflow.tcp_windows_size " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_ipv4_total_length ,
{ " IPV4 Total Length " , " cflow.ipv4_total_length " ,
2008-08-02 13:53:49 +00:00
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_ip_ttl ,
{ " IP TTL " , " cflow.ip_ttl " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" IP time to live " , HFILL }
} ,
{ & hf_cflow_ip_tos ,
{ " IP TOS " , " cflow.ip_tos " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" IP type of service " , HFILL }
} ,
{ & hf_cflow_ip_dscp ,
{ " DSCP " , " cflow.ip_dscp " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_octets_squared64 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
{ " OctetsSquared " , " cflow.octets_squared " ,
2007-05-04 06:07:30 +00:00
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Octets Squared " , HFILL }
} ,
{ & hf_cflow_udp_length ,
{ " UDP Length " , " cflow.udp_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_is_multicast ,
{ " IsMulticast " , " cflow.is_multicast " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Is Multicast " , HFILL }
} ,
{ & hf_cflow_ip_header_words ,
{ " IPHeaderLen " , " cflow.ip_header_words " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2007-05-04 06:07:30 +00:00
} ,
{ & hf_cflow_option_map ,
{ " OptionMap " , " cflow.option_map " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Option Map " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_section_header ,
2007-05-04 06:07:30 +00:00
{ " SectionHeader " , " cflow.section_header " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Header of Packet " , HFILL }
2007-08-21 21:03:59 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_section_payload ,
2007-05-04 06:07:30 +00:00
{ " SectionPayload " , " cflow.section_payload " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Payload of Packet " , HFILL }
} ,
2008-08-02 13:53:49 +00:00
/* IPFIX Information Elements */
{ & hf_cflow_post_octets ,
{ " Post Octets " , " cflow.post_octets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of post bytes " , HFILL }
} ,
{ & hf_cflow_post_octets64 ,
{ " Post Octets " , " cflow.post_octets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of post bytes " , HFILL }
} ,
{ & hf_cflow_post_packets ,
{ " Post Packets " , " cflow.post_packets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of post packets " , HFILL }
} ,
{ & hf_cflow_post_packets64 ,
{ " Post Packets " , " cflow.post_packets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of post packets " , HFILL }
} ,
{ & hf_cflow_ipv6_flowlabel ,
{ " ipv6FlowLabel " , " cflow.ipv6flowlabel " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" IPv6 Flow Label " , HFILL }
} ,
{ & hf_cflow_ipv6_flowlabel24 ,
{ " ipv6FlowLabel " , " cflow.ipv6flowlabel24 " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" IPv6 Flow Label " , HFILL }
} ,
{ & hf_cflow_post_tos ,
{ " Post IP ToS " , " cflow.post_tos " ,
FT_UINT8 , BASE_HEX , NULL , 0x0 ,
" Post IP Type of Service " , HFILL }
} ,
{ & hf_cflow_srcmac ,
{ " Source Mac Address " , " cflow.srcmac " ,
2009-07-07 09:02:59 +00:00
FT_ETHER , BASE_NONE , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_post_dstmac ,
{ " Post Destination Mac Address " , " cflow.post_dstmac " ,
2009-07-07 09:02:59 +00:00
FT_ETHER , BASE_NONE , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_vlanid ,
{ " Vlan Id " , " cflow.vlanid " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_post_vlanid ,
{ " Post Vlan Id " , " cflow.post_vlanid " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ipv6_exthdr ,
{ " IPv6 Extension Headers " , " cflow.ipv6_exthdr " ,
FT_UINT32 , BASE_HEX , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_dstmac ,
{ " Destination Mac Address " , " cflow.dstmac " ,
2009-07-07 09:02:59 +00:00
FT_ETHER , BASE_NONE , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_post_srcmac ,
{ " Post Source Mac Address " , " cflow.post_srcmac " ,
2009-07-07 09:02:59 +00:00
FT_ETHER , BASE_NONE , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
2011-05-16 17:02:22 +00:00
{ & hf_cflow_permanent_packets ,
2011-04-16 12:03:50 +00:00
{ " Permanent Packets " , " cflow.permanent_packets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Running Count of packets for permanent flows " , HFILL }
} ,
{ & hf_cflow_permanent_packets64 ,
{ " Permanent Packets " , " cflow.permanent_packets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Running Count of packets for permanent flows " , HFILL }
} ,
{ & hf_cflow_permanent_octets ,
{ " Permanent Octets " , " cflow.permanent_octets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Running Count of bytes for permanent flows " , HFILL }
} ,
{ & hf_cflow_permanent_octets64 ,
{ " Permanent Octets " , " cflow.permanent_octets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Running Count of bytes for permanent flows " , HFILL }
} ,
2008-08-02 13:53:49 +00:00
{ & hf_cflow_fragment_offset ,
{ " Fragment Offset " , " cflow.fragment_offset " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_mpls_vpn_rd ,
{ " MPLS VPN RD " , " cflow.mpls_vpn_rd " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2008-08-02 13:53:49 +00:00
" MPLS VPN Route Distinguisher " , HFILL }
} ,
2010-01-03 14:23:08 +00:00
{ & hf_cflow_mpls_top_label_prefix_length ,
{ " Mpls Top Label Prefix Length " , " cflow.mpls_top_label_prefix_length " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_post_ip_diff_serv_code_point ,
{ " Post Ip Diff Serv Code Point " , " cflow.post_ip_diff_serv_code_point " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_multicast_replication_factor ,
{ " Multicast Replication Factor " , " cflow.multicast_replication_factor " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
2008-08-02 13:53:49 +00:00
{ & hf_cflow_exporter_addr ,
{ " ExporterAddr " , " cflow.exporter_addr " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Exporter Address " , HFILL }
} ,
{ & hf_cflow_exporter_addr_v6 ,
{ " ExporterAddr " , " cflow.exporter_addr_v6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" Flow Exporter Address " , HFILL }
} ,
{ & hf_cflow_drop_octets ,
{ " Dropped Octets " , " cflow.drop_octets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of dropped bytes " , HFILL }
} ,
{ & hf_cflow_drop_octets64 ,
{ " Dropped Octets " , " cflow.drop_octets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of dropped bytes " , HFILL }
} ,
{ & hf_cflow_drop_packets ,
{ " Dropped Packets " , " cflow.drop_packets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of dropped packets " , HFILL }
} ,
{ & hf_cflow_drop_packets64 ,
{ " Dropped Packets " , " cflow.drop_packets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of dropped packets " , HFILL }
} ,
2009-11-03 23:01:03 +00:00
{ & hf_cflow_drop_total_octets ,
{ " Dropped Total Octets " , " cflow.drop_total_octets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of total dropped bytes " , HFILL }
} ,
{ & hf_cflow_drop_total_octets64 ,
{ " Dropped Total Octets " , " cflow.drop_total_octets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total dropped bytes " , HFILL }
} ,
{ & hf_cflow_drop_total_packets ,
{ " Dropped Total Packets " , " cflow.drop_total_packets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of total dropped packets " , HFILL }
} ,
{ & hf_cflow_drop_total_packets64 ,
{ " Dropped Total Packets " , " cflow.drop_total_packets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total dropped packets " , HFILL }
} ,
2008-08-02 13:53:49 +00:00
{ & hf_cflow_flow_end_reason ,
{ " Flow End Reason " , " cflow.flow_end_reason " ,
2010-06-28 12:42:40 +00:00
FT_UINT8 , BASE_DEC , VALS ( v9_flow_end_reason ) , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_common_properties_id ,
{ " Common Properties Id " , " cflow.common_properties_id " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_observation_point_id ,
{ " Observation Point Id " , " cflow.observation_point_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_mpls_pe_addr_v6 ,
2010-09-17 01:45:29 +00:00
{ " TopLabelAddr V6 " , " cflow.toplabeladdr_v6 " ,
2008-08-02 13:53:49 +00:00
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
" Top MPLS label PE address IPv6 " , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_port_id ,
{ " Port Id " , " cflow.port_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_mp_id ,
{ " Metering Process Id " , " cflow.mp_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_wlan_channel_id ,
{ " Wireless LAN Channel Id " , " cflow.wlan_channel_id " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_wlan_ssid ,
{ " Wireless LAN SSId " , " cflow.wlan_ssid " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_flow_id ,
{ " Flow Id " , " cflow.flow_id " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_od_id ,
{ " Observation Domain Id " , " cflow.od_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Identifier of an Observation Domain that is locally unique to an Exporting Process " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_sys_init_time ,
{ " System Init Time " , " cflow.sys_init_time " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
NULL , HFILL }
} ,
2008-08-02 13:53:49 +00:00
{ & hf_cflow_abstimestart ,
{ " StartTime " , " cflow.abstimestart " ,
2009-12-19 03:17:44 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2008-08-02 13:53:49 +00:00
" Uptime at start of flow " , HFILL }
} ,
{ & hf_cflow_abstimeend ,
{ " EndTime " , " cflow.abstimeend " ,
2009-12-19 03:17:44 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2008-08-02 13:53:49 +00:00
" Uptime at end of flow " , HFILL }
} ,
{ & hf_cflow_dstnet_v6 ,
{ " DstNet " , " cflow.dstnetv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" Flow Destination Network " , HFILL }
} ,
{ & hf_cflow_srcnet_v6 ,
{ " SrcNet " , " cflow.srcnetv6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" Flow Source Network " , HFILL }
} ,
{ & hf_cflow_ignore_packets ,
2008-12-20 00:09:02 +00:00
{ " Ignored Packets " , " cflow.ignore_packets " ,
2008-08-02 13:53:49 +00:00
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2008-12-20 00:09:02 +00:00
" Count of ignored packets " , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ignore_packets64 ,
2008-12-20 00:09:02 +00:00
{ " Ignored Packets " , " cflow.ignore_packets64 " ,
2008-08-02 13:53:49 +00:00
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2008-12-20 00:09:02 +00:00
" Count of ignored packets " , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ignore_octets ,
2008-12-20 00:09:02 +00:00
{ " Ignored Octets " , " cflow.ignore_octets " ,
2008-08-02 13:53:49 +00:00
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2008-12-20 00:09:02 +00:00
" Count of ignored octets " , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ignore_octets64 ,
2008-12-20 00:09:02 +00:00
{ " Ignored Octets " , " cflow.ignore_octets64 " ,
2008-08-02 13:53:49 +00:00
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2008-12-20 00:09:02 +00:00
" Count of ignored octets " , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_notsent_flows ,
{ " Not Sent Flows " , " cflow.notsent_flows " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of not sent flows " , HFILL }
} ,
{ & hf_cflow_notsent_flows64 ,
{ " Not Sent Flows " , " cflow.notsent_flows64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of not sent flows " , HFILL }
} ,
{ & hf_cflow_notsent_packets ,
{ " Not Sent Packets " , " cflow.notsent_packets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of not sent packets " , HFILL }
} ,
{ & hf_cflow_notsent_packets64 ,
{ " Not Sent Packets " , " cflow.notsent_packets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of not sent packets " , HFILL }
} ,
{ & hf_cflow_notsent_octets ,
{ " Not Sent Octets " , " cflow.notsent_octets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of not sent octets " , HFILL }
} ,
{ & hf_cflow_notsent_octets64 ,
{ " Not Sent Octets " , " cflow.notsent_octets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of not sent octets " , HFILL }
} ,
{ & hf_cflow_post_total_octets ,
{ " Post Total Octets " , " cflow.post_total_octets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of post total octets " , HFILL }
} ,
{ & hf_cflow_post_total_octets64 ,
{ " Post Total Octets " , " cflow.post_total_octets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of post total octets " , HFILL }
} ,
{ & hf_cflow_post_total_packets ,
{ " Post Total Packets " , " cflow.post_total_packets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of post total packets " , HFILL }
} ,
{ & hf_cflow_post_total_packets64 ,
{ " Post Total Packets " , " cflow.post_total_packets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of post total packets " , HFILL }
} ,
{ & hf_cflow_key ,
{ " floKeyIndicator " , " cflow.post_key " ,
FT_BOOLEAN , BASE_NONE , NULL , 0x0 ,
" Flow Key Indicator " , HFILL }
} ,
{ & hf_cflow_post_total_mulpackets ,
{ " Post Total Multicast Packets " , " cflow.post_total_mulpackets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of post total multicast packets " , HFILL }
} ,
{ & hf_cflow_post_total_mulpackets64 ,
{ " Post Total Multicast Packets " , " cflow.post_total_mulpackets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of post total multicast packets " , HFILL }
} ,
{ & hf_cflow_post_total_muloctets ,
{ " Post Total Multicast Octets " , " cflow.post_total_muloctets " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Count of post total multicast octets " , HFILL }
} ,
{ & hf_cflow_post_total_muloctets64 ,
{ " Post Total Multicast Octets " , " cflow.post_total_muloctets64 " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of post total multicast octets " , HFILL }
} ,
{ & hf_cflow_tcp_seq_num ,
{ " TCP Sequence Number " , " cflow.tcp_seq_num " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_tcp_ack_num ,
2010-09-17 01:45:29 +00:00
{ " TCP Acknowledgement Number " , " cflow.tcp_ack_num " ,
2008-08-02 13:53:49 +00:00
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_tcp_urg_ptr ,
{ " TCP Urgent Pointer " , " cflow.tcp_urg_ptr " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_tcp_header_length ,
{ " TCP Header Length " , " cflow.tcp_header_length " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ip_header_length ,
{ " IP Header Length " , " cflow.ip_header_length " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ipv6_payload_length ,
{ " IPv6 Payload Length " , " cflow.ipv6_payload_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ipv6_next_hdr ,
{ " IPv6 Next Header " , " cflow.ipv6_next_hdr " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ip_precedence ,
{ " IP Precedence " , " cflow.ip_precedence " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_ip_fragment_flags ,
{ " IP Fragment Flags " , " cflow.ip_fragment_flags " ,
FT_UINT8 , BASE_HEX , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_mpls_top_label_ttl ,
{ " MPLS Top Label TTL " , " cflow.mpls_top_label_ttl " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" MPLS top label time to live " , HFILL }
} ,
{ & hf_cflow_mpls_label_length ,
{ " MPLS Label Stack Length " , " cflow.mpls_label_length " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" The length of the MPLS label stac " , HFILL }
} ,
{ & hf_cflow_mpls_label_depth ,
{ " MPLS Label Stack Depth " , " cflow.mpls_label_depth " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" The number of labels in the MPLS label stack " , HFILL }
} ,
{ & hf_cflow_ip_payload_length ,
{ " IP Payload Length " , " cflow.ip_payload_length " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_mpls_top_label_exp ,
{ " MPLS Top Label Exp " , " cflow.mpls_top_label_exp " ,
FT_UINT8 , BASE_OCT , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
{ & hf_cflow_tcp_option_map ,
{ " TCP OptionMap " , " cflow.tcp_option_map " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2008-08-02 13:53:49 +00:00
" TCP Option Map " , HFILL }
} ,
{ & hf_cflow_collector_addr ,
{ " CollectorAddr " , " cflow.collector_addr " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
" Flow Collector Address " , HFILL }
} ,
{ & hf_cflow_collector_addr_v6 ,
{ " CollectorAddr " , " cflow.collector_addr_v6 " ,
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
" Flow Collector Address " , HFILL }
} ,
{ & hf_cflow_export_interface ,
{ " ExportInterface " , " cflow.export_interface " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Export Interface " , HFILL }
} ,
{ & hf_cflow_export_protocol_version ,
{ " ExportProtocolVersion " , " cflow.export_protocol_version " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Export Protocol Version " , HFILL }
} ,
{ & hf_cflow_export_prot ,
{ " ExportTransportProtocol " , " cflow.exporter_protocol " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Transport Protocol used by the Exporting Process " , HFILL }
} ,
{ & hf_cflow_collector_port ,
{ " CollectorPort " , " cflow.collector_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Flow Collector Port " , HFILL }
} ,
{ & hf_cflow_exporter_port ,
{ " ExporterPort " , " cflow.exporter_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Flow Exporter Port " , HFILL }
} ,
{ & hf_cflow_total_tcp_syn ,
{ " Total TCP syn " , " cflow.total_tcp_syn " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total TCP syn " , HFILL }
} ,
{ & hf_cflow_total_tcp_fin ,
{ " Total TCP fin " , " cflow.total_tcp_fin " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total TCP fin " , HFILL }
} ,
{ & hf_cflow_total_tcp_rst ,
{ " Total TCP rst " , " cflow.total_tcp_rst " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total TCP rst " , HFILL }
} ,
{ & hf_cflow_total_tcp_psh ,
{ " Total TCP psh " , " cflow.total_tcp_psh " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total TCP psh " , HFILL }
} ,
{ & hf_cflow_total_tcp_ack ,
{ " Total TCP ack " , " cflow.total_tcp_ack " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total TCP ack " , HFILL }
} ,
{ & hf_cflow_total_tcp_urg ,
{ " Total TCP urg " , " cflow.total_tcp_urg " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
" Count of total TCP urg " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_ip_total_length ,
2008-08-02 13:53:49 +00:00
{ " IP Total Length " , " cflow.ip_total_length " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
NULL , HFILL }
2008-08-02 13:53:49 +00:00
} ,
2010-06-16 15:36:02 +00:00
{ & hf_cflow_post_natsource_ipv4_address ,
{ " Post NAT Source IPv4 Address " , " cflow.post_natsource_ipv4_address " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_post_natdestination_ipv4_address ,
{ " Post NAT Destination IPv4 Address " , " cflow.post_natdestination_ipv4_address " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_post_naptsource_transport_port ,
{ " Post NAPT Source Transport Port " , " cflow.post_naptsource_transport_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_post_naptdestination_transport_port ,
{ " Post NAPT Destination Transport Port " , " cflow.post_naptdestination_transport_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_nat_originating_address_realm ,
{ " Nat Originating Address Realm " , " cflow.nat_originating_address_realm " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_nat_event ,
{ " Nat Event " , " cflow.nat_event " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_initiator_octets ,
{ " Initiator Octets " , " cflow.initiator_octets " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_responder_octets ,
{ " Responder Octets " , " cflow.responder_octets " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_firewall_event ,
{ " Firewall Event " , " cflow.firewall_event " ,
FT_UINT8 , BASE_DEC , VALS ( v9_firewall_event ) , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_ingress_vrfid ,
{ " Ingress VRFID " , " cflow.ingress_vrfid " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_egress_vrfid ,
{ " Egress VRFID " , " cflow.egress_vrfid " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_vrfname ,
{ " VRFname " , " cflow.vrfname " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_post_mpls_top_label_exp ,
{ " Post Mpls Top Label Exp " , " cflow.post_mpls_top_label_exp " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_tcp_window_scale ,
{ " Tcp Window Scale " , " cflow.tcp_window_scale " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
2008-10-24 07:32:16 +00:00
{ & hf_cflow_biflow_direction ,
{ " Biflow Direction " , " cflow.biflow_direction " ,
2010-06-28 12:42:40 +00:00
FT_UINT8 , BASE_DEC , VALS ( v9_biflow_direction ) , 0x0 ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
NULL , HFILL }
2008-10-24 07:32:16 +00:00
} ,
2010-01-03 14:23:08 +00:00
{ & hf_cflow_ethernet_header_length ,
{ " Ethernet Header Length " , " cflow.ethernet_header_length " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_ethernet_payload_length ,
{ " Ethernet Payload Length " , " cflow.ethernet_payload_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_ethernet_total_length ,
{ " Ethernet Total Length " , " cflow.ethernet_total_length " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_dot1q_vlan_id ,
{ " Dot1q Vlan Id " , " cflow.dot1q_vlan_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_dot1q_priority ,
{ " Dot1q Priority " , " cflow.dot1q_priority " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_dot1q_customer_vlan_id ,
{ " Dot1q Customer Vlan Id " , " cflow.dot1q_customer_vlan_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_dot1q_customer_priority ,
{ " Dot1q Customer Priority " , " cflow.dot1q_customer_priority " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_metro_evc_id ,
{ " Metro Evc Id " , " cflow.metro_evc_id " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_metro_evc_type ,
{ " Metro Evc Type " , " cflow.metro_evc_type " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_pseudo_wire_id ,
{ " Pseudo Wire Id " , " cflow.pseudo_wire_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_pseudo_wire_type ,
{ " Pseudo Wire Type " , " cflow.pseudo_wire_type " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_pseudo_wire_control_word ,
{ " Pseudo Wire Control Word " , " cflow.pseudo_wire_control_word " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_ingress_physical_interface ,
{ " Ingress Physical Interface " , " cflow.ingress_physical_interface " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_egress_physical_interface ,
{ " Egress Physical Interface " , " cflow.egress_physical_interface " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_post_dot1q_vlan_id ,
{ " Post Dot1q Vlan Id " , " cflow.post_dot1q_vlan_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_post_dot1q_customer_vlan_id ,
{ " Post Dot1q Customer Vlan Id " , " cflow.post_dot1q_customer_vlan_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_ethernet_type ,
{ " Ethernet Type " , " cflow.ethernet_type " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_post_ip_precedence ,
{ " Post Ip Precedence " , " cflow.post_ip_precedence " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_collection_time_milliseconds ,
{ " Collection Time Milliseconds " , " cflow.collection_time_milliseconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_export_sctp_stream_id ,
{ " Export Sctp Stream Id " , " cflow.export_sctp_stream_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_max_export_seconds ,
{ " Max Export Seconds " , " cflow.max_export_seconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_max_flow_end_seconds ,
{ " Max Flow End Seconds " , " cflow.max_flow_end_seconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_message_md5_checksum ,
{ " Message MD5 Checksum " , " cflow.message_md5_checksum " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_message_scope ,
{ " Message Scope " , " cflow.message_scope " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_min_export_seconds ,
{ " Min Export Seconds " , " cflow.min_export_seconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_min_flow_start_seconds ,
{ " Min Flow Start Seconds " , " cflow.min_flow_start_seconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_opaque_octets ,
{ " Opaque Octets " , " cflow.opaque_octets " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_session_scope ,
{ " Session Scope " , " cflow.session_scope " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_max_flow_end_microseconds ,
{ " Max Flow End Microseconds " , " cflow.max_flow_end_microseconds " ,
2011-02-09 02:27:41 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_UTC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_max_flow_end_milliseconds ,
{ " Max Flow End Milliseconds " , " cflow.max_flow_end_milliseconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_max_flow_end_nanoseconds ,
{ " Max Flow End Nanoseconds " , " cflow.max_flow_end_nanoseconds " ,
2011-02-09 02:27:41 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_UTC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_min_flow_start_microseconds ,
{ " Min Flow Start Microseconds " , " cflow.min_flow_start_microseconds " ,
2011-02-09 02:27:41 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_UTC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_min_flow_start_milliseconds ,
{ " Min Flow Start Milliseconds " , " cflow.min_flow_start_milliseconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_min_flow_start_nanoseconds ,
{ " Min Flow Start Nanoseconds " , " cflow.min_flow_start_nanoseconds " ,
2011-02-09 02:27:41 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_UTC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_collector_certificate ,
{ " Collector Certificate " , " cflow.collector_certificate " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_exporter_certificate ,
{ " Exporter Certificate " , " cflow.exporter_certificate " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_selection_sequence_id ,
{ " Selection Sequence Id " , " cflow.selection_sequence_id " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_selector_id ,
{ " Selector Id " , " cflow.selector_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_id ,
{ " Information Element Id " , " cflow.information_element_id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_selector_algorithm ,
{ " Selector Algorithm " , " cflow.selector_algorithm " ,
2010-11-03 22:08:49 +00:00
FT_UINT16 , BASE_DEC | BASE_EXT_STRING , & selector_algorithm_ext , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_sampling_packet_interval ,
{ " Sampling Packet Interval " , " cflow.sampling_packet_interval " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_sampling_packet_space ,
{ " Sampling Packet Space " , " cflow.sampling_packet_space " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_sampling_time_interval ,
{ " Sampling Time Interval " , " cflow.sampling_time_interval " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_sampling_time_space ,
{ " Sampling Time Space " , " cflow.sampling_time_space " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_sampling_size ,
{ " Sampling Size " , " cflow.sampling_size " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_sampling_population ,
{ " Sampling Population " , " cflow.sampling_population " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_sampling_probability ,
{ " Sampling Probability " , " cflow.sampling_probability " ,
FT_FLOAT , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_mpls_label_stack_section ,
{ " Mpls Label Stack Section " , " cflow.mpls_label_stack_section " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_mpls_payload_packet_section ,
{ " Mpls Payload Packet Section " , " cflow.mpls_payload_packet_section " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_selector_id_total_pkts_observed ,
{ " Selector Id Total Pkts Observed " , " cflow.selector_id_total_pkts_observed " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_selector_id_total_pkts_selected ,
{ " Selector Id Total Pkts Selected " , " cflow.selector_id_total_pkts_selected " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_absolute_error ,
{ " Absolute Error " , " cflow.absolute_error " ,
FT_FLOAT , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_relative_error ,
{ " Relative Error " , " cflow.relative_error " ,
FT_FLOAT , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_observation_time_seconds ,
{ " Observation Time Seconds " , " cflow.observation_time_seconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_observation_time_milliseconds ,
{ " Observation Time Milliseconds " , " cflow.observation_time_milliseconds " ,
2010-01-29 04:05:49 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_observation_time_microseconds ,
{ " Observation Time Microseconds " , " cflow.observation_time_microseconds " ,
2011-02-09 02:27:41 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_UTC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_observation_time_nanoseconds ,
{ " Observation Time Nanoseconds " , " cflow.observation_time_nanoseconds " ,
2011-02-09 02:27:41 +00:00
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_UTC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_digest_hash_value ,
{ " Digest Hash Value " , " cflow.digest_hash_value " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_ippayload_offset ,
{ " Hash IPPayload Offset " , " cflow.hash_ippayload_offset " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_ippayload_size ,
{ " Hash IPPayload Size " , " cflow.hash_ippayload_size " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_output_range_min ,
{ " Hash Output Range Min " , " cflow.hash_output_range_min " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_output_range_max ,
{ " Hash Output Range Max " , " cflow.hash_output_range_max " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_selected_range_min ,
{ " Hash Selected Range Min " , " cflow.hash_selected_range_min " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_selected_range_max ,
{ " Hash Selected Range Max " , " cflow.hash_selected_range_max " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_digest_output ,
{ " Hash Digest Output " , " cflow.hash_digest_output " ,
FT_BOOLEAN , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_hash_initialiser_value ,
{ " Hash Initialiser Value " , " cflow.hash_initialiser_value " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_selector_name ,
{ " Selector Name " , " cflow.selector_name " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_upper_cilimit ,
{ " Upper CILimit " , " cflow.upper_cilimit " ,
FT_FLOAT , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_lower_cilimit ,
{ " Lower CILimit " , " cflow.lower_cilimit " ,
FT_FLOAT , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_confidence_level ,
{ " Confidence Level " , " cflow.confidence_level " ,
FT_FLOAT , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_data_type ,
{ " Information Element Data Type " , " cflow.information_element_data_type " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_description ,
{ " Information Element Description " , " cflow.information_element_description " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_name ,
{ " Information Element Name " , " cflow.information_element_name " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_range_begin ,
{ " Information Element Range Begin " , " cflow.information_element_range_begin " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_range_end ,
{ " Information Element Range End " , " cflow.information_element_range_end " ,
FT_UINT64 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_semantics ,
{ " Information Element Semantics " , " cflow.information_element_semantics " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_information_element_units ,
{ " Information Element Units " , " cflow.information_element_units " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
{ & hf_cflow_private_enterprise_number ,
{ " Private Enterprise Number " , " cflow.private_enterprise_number " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
2010-06-16 15:36:02 +00:00
NULL , HFILL }
2010-01-03 14:23:08 +00:00
} ,
2002-09-22 16:13:22 +00:00
/*
2007-08-21 21:03:59 +00:00
* end pdu content storage
2002-09-22 16:13:22 +00:00
*/
2010-09-17 01:45:29 +00:00
{ & hf_cflow_scope_system ,
2007-05-04 06:07:30 +00:00
{ " ScopeSystem " , " cflow.scope_system " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Option Scope System " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_scope_interface ,
2007-05-04 06:07:30 +00:00
{ " ScopeInterface " , " cflow.scope_interface " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Option Scope Interface " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_scope_linecard ,
2007-05-04 06:07:30 +00:00
{ " ScopeLinecard " , " cflow.scope_linecard " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Option Scope Linecard " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_scope_cache ,
2007-05-04 06:07:30 +00:00
{ " ScopeCache " , " cflow.scope_cache " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Option Scope Cache " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_scope_template ,
2007-05-04 06:07:30 +00:00
{ " ScopeTemplate " , " cflow.scope_template " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2007-05-04 06:07:30 +00:00
" Option Scope Template " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
2008-08-02 13:53:49 +00:00
/* IPFIX */
2010-09-17 01:45:29 +00:00
{ & hf_cflow_unknown_field_type ,
{ " Unknown Field Type " , " cflow.unknown_field_type " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_BYTES , BASE_NONE , NULL , 0x0 ,
2010-09-23 21:46:31 +00:00
NULL , HFILL }
2009-05-14 23:33:17 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_template_ipfix_total_field_count ,
{ " Total Field Count " , " cflow.template_ipfix_total_field_count " ,
2009-07-01 20:56:03 +00:00
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
" IPFIX Options Template Total Field Count " , HFILL }
2009-07-01 20:56:03 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_template_ipfix_scope_field_count ,
{ " Scope Field Count " , " cflow.template_ipfix_scope_field_count " ,
2009-07-01 20:56:03 +00:00
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
2010-09-17 01:45:29 +00:00
" IPFIX Options Template Scope Field Count " , HFILL }
2009-07-01 20:56:03 +00:00
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_template_ipfix_pen_provided ,
{ " Pen provided " , " cflow.template_ipfix_pen_provided " ,
FT_BOOLEAN , 16 , TFS ( & tfs_yes_no ) , 0x8000 ,
" Is Template Enterprise Specific " , HFILL }
} ,
{ & hf_cflow_template_ipfix_field_type ,
{ " Type " , " cflow.template_ipfix_field_type " ,
2010-10-29 17:48:39 +00:00
FT_UINT16 , BASE_DEC | BASE_EXT_STRING , & v9_v10_template_types_ext , 0x7FFF ,
2010-09-17 01:45:29 +00:00
" Template field type " , HFILL }
} ,
2010-12-07 03:46:10 +00:00
{ & hf_cflow_template_plixer_field_type ,
{ " Type " , " cflow.template_plixer_field_type " ,
FT_UINT16 , BASE_DEC | BASE_EXT_STRING , & v10_template_types_plixer_ext , 0x7FFF ,
" Template field type " , HFILL }
} ,
{ & hf_cflow_template_ntop_field_type ,
{ " Type " , " cflow.template_ntop_field_type " ,
FT_UINT16 , BASE_DEC | BASE_EXT_STRING , & v10_template_types_ntop_ext , 0x7FFF ,
" Template field type " , HFILL }
} ,
2010-09-17 01:45:29 +00:00
{ & hf_cflow_template_ipfix_field_type_enterprise ,
{ " Type " , " cflow.template_ipfix_field_type_enterprise " ,
FT_UINT16 , BASE_DEC , NULL , 0x7FFF ,
" Template field type " , HFILL }
} ,
{ & hf_cflow_template_ipfix_field_pen ,
{ " PEN " ,
" cflow.template_ipfix_field_pen " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" IPFIX Private Enterprise Number " , HFILL }
} ,
2010-06-16 15:36:02 +00:00
/* Cisco ASA 5500 Series */
{ & hf_cflow_ingress_acl_id ,
{ " Ingress ACL ID " , " cflow.ingress_acl_id " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_egress_acl_id ,
{ " Egress ACL ID " , " cflow.egress_acl_id " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_fw_ext_event ,
{ " Extended firewall event code " , " cflow.fw_ext_event " ,
FT_UINT16 , BASE_DEC , VALS ( v9_extended_firewall_event ) , 0x0 ,
NULL , HFILL }
} ,
{ & hf_cflow_aaa_username ,
{ " AAA username " , " cflow.aaa_username " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
2009-05-14 23:33:17 +00:00
2010-09-17 01:45:29 +00:00
{ & hf_ipfix_enterprise_private_entry ,
{ " Enterprise Private entry " , " cflow.enterprise_private_entry " ,
FT_BYTES , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* Private Information Elements */
2009-05-14 23:33:17 +00:00
/* CACE Technologies, 32622 / 0 */
{ & hf_pie_cace_local_ipv4_address ,
{ " Local IPv4 Address " , " cflow.pie.cace.localaddr4 " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
2009-05-14 23:33:17 +00:00
" Local IPv4 Address (caceLocalIPv4Address) " , HFILL }
} ,
/* CACE Technologies, 32622 / 1 */
{ & hf_pie_cace_remote_ipv4_address ,
{ " Remote IPv4 Address " , " cflow.pie.cace.remoteaddr4 " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
2009-05-14 23:33:17 +00:00
" Remote IPv4 Address (caceRemoteIPv4Address) " , HFILL }
} ,
/* CACE Technologies, 32622 / 2 */
{ & hf_pie_cace_local_ipv6_address ,
{ " Local IPv6 Address " , " cflow.pie.cace.localaddr6 " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
2009-05-14 23:33:17 +00:00
" Local IPv6 Address (caceLocalIPv6Address) " , HFILL }
} ,
/* CACE Technologies, 32622 / 3 */
{ & hf_pie_cace_remote_ipv6_address ,
{ " Remote IPv6 Address " , " cflow.pie.cace.remoteaddr6 " ,
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
FT_IPv6 , BASE_NONE , NULL , 0x0 ,
2009-05-14 23:33:17 +00:00
" Remote IPv6 Address (caceRemoteIPv6Address) " , HFILL }
} ,
/* CACE Technologies, 32622 / 4 */
{ & hf_pie_cace_local_port ,
{ " Local Port " , " cflow.pie.cace.localport " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Local Transport Port (caceLocalTransportPort) " , HFILL }
} ,
/* CACE Technologies, 32622 / 5 */
{ & hf_pie_cace_remote_port ,
{ " Remote Port " , " cflow.pie.cace.remoteport " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" Remote Transport Port (caceRemoteTransportPort) " , HFILL }
} ,
/* CACE Technologies, 32622 / 6 */
{ & hf_pie_cace_local_ipv4_id ,
{ " Local IPv4 ID " , " cflow.pie.cace.localip4id " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" The IPv4 identification header field from a locally-originated packet (caceLocalIPv4id) " , HFILL }
} ,
/* CACE Technologies, 32622 / 7 */
{ & hf_pie_cace_local_icmp_id ,
{ " Local ICMP ID " , " cflow.pie.cace.localicmpid " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
" The ICMP identification header field from a locally-originated ICMPv4 or ICMPv6 echo request (caceLocalICMPid) " , HFILL }
} ,
/* CACE Technologies, 32622 / 8 */
{ & hf_pie_cace_local_uid ,
{ " Local User ID " , " cflow.pie.cace.localuid " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Local User ID (caceLocalProcessUserId) " , HFILL }
} ,
/* CACE Technologies, 32622 / 9 */
{ & hf_pie_cace_local_pid ,
{ " Local Process ID " , " cflow.pie.cace.localpid " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
" Local Process ID (caceLocalProcessId) " , HFILL }
} ,
/* CACE Technologies, 32622 / 10 */
{ & hf_pie_cace_local_username_len ,
{ " Local Username Length " , " cflow.pie.cace.localusernamelen " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Local User Name Length (caceLocalProcessUserName) " , HFILL }
} ,
/* CACE Technologies, 32622 / 10 */
{ & hf_pie_cace_local_username ,
{ " Local User Name " , " cflow.pie.cace.localusername " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
" Local User Name (caceLocalProcessUserName) " , HFILL }
} ,
/* CACE Technologies, 32622 / 11 */
{ & hf_pie_cace_local_cmd_len ,
{ " Local Command Length " , " cflow.pie.cace.localcmdlen " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
" Local Command Length (caceLocalProcessCommand) " , HFILL }
} ,
/* CACE Technologies, 32622 / 11 */
{ & hf_pie_cace_local_cmd ,
{ " Local Command " , " cflow.pie.cace.localcmd " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
" Local Command (caceLocalProcessCommand) " , HFILL }
2010-12-07 03:46:10 +00:00
} ,
/* ntop, 35632 / 80 */
{ & hf_pie_ntop_fragmented ,
{ " Fragmented " , " cflow.pie.ntop.fragmented " ,
FT_BOOLEAN , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 81 */
{ & hf_pie_ntop_fingerprint ,
{ " Fingerprint " , " cflow.pie.ntop.fingerprint " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 82 */
{ & hf_pie_ntop_client_nw_delay_sec ,
{ " Client_nw_delay_sec " , " cflow.pie.ntop.client_nw_delay_sec " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 83 */
{ & hf_pie_ntop_client_nw_delay_usec ,
{ " Client_nw_delay_usec " , " cflow.pie.ntop.client_nw_delay_usec " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 84 */
{ & hf_pie_ntop_server_nw_delay_sec ,
{ " Server_nw_delay_sec " , " cflow.pie.ntop.server_nw_delay_sec " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 85 */
{ & hf_pie_ntop_server_nw_delay_usec ,
{ " Server_nw_delay_usec " , " cflow.pie.ntop.server_nw_delay_usec " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 86 */
{ & hf_pie_ntop_appl_latency_sec ,
{ " Appl_latency_sec " , " cflow.pie.ntop.appl_latency_sec " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 98 */
{ & hf_pie_ntop_icmp_flags ,
{ " Icmp_flags " , " cflow.pie.ntop.icmp_flags " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 101 */
{ & hf_pie_ntop_src_ip_country ,
{ " Src_ip_country " , " cflow.pie.ntop.src_ip_country " ,
FT_STRINGZ , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 102 */
{ & hf_pie_ntop_src_ip_city ,
{ " Src_ip_city " , " cflow.pie.ntop.src_ip_city " ,
FT_STRINGZ , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 103 */
{ & hf_pie_ntop_dst_ip_country ,
{ " Dst_ip_country " , " cflow.pie.ntop.dst_ip_country " ,
FT_STRINGZ , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 104 */
{ & hf_pie_ntop_dst_ip_city ,
{ " Dst_ip_city " , " cflow.pie.ntop.dst_ip_city " ,
FT_STRINGZ , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 105 */
{ & hf_pie_ntop_flow_proto_port ,
{ " Flow_proto_port " , " cflow.pie.ntop.flow_proto_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 106 */
{ & hf_pie_ntop_tunnel_id ,
{ " Tunnel_id " , " cflow.pie.ntop.tunnel_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 107 */
{ & hf_pie_ntop_longest_flow_pkt ,
{ " Longest_flow_pkt " , " cflow.pie.ntop.longest_flow_pkt " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 108 */
{ & hf_pie_ntop_shortest_flow_pkt ,
{ " Shortest_flow_pkt " , " cflow.pie.ntop.shortest_flow_pkt " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 109 */
{ & hf_pie_ntop_retransmitted_in_pkts ,
{ " Retransmitted_in_pkts " , " cflow.pie.ntop.retransmitted_in_pkts " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 110 */
{ & hf_pie_ntop_retransmitted_out_pkts ,
{ " Retransmitted_out_pkts " , " cflow.pie.ntop.retransmitted_out_pkts " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 111 */
{ & hf_pie_ntop_ooorder_in_pkts ,
{ " Ooorder_in_pkts " , " cflow.pie.ntop.ooorder_in_pkts " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 112 */
{ & hf_pie_ntop_ooorder_out_pkts ,
{ " Ooorder_out_pkts " , " cflow.pie.ntop.ooorder_out_pkts " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 113 */
{ & hf_pie_ntop_untunneled_protocol ,
{ " Untunneled_protocol " , " cflow.pie.ntop.untunneled_protocol " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 114 */
{ & hf_pie_ntop_untunneled_ipv4_src_addr ,
{ " Untunneled_ipv4_src_addr " , " cflow.pie.ntop.untunneled_ipv4_src_addr " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 115 */
{ & hf_pie_ntop_untunneled_l4_src_port ,
{ " Untunneled_l4_src_port " , " cflow.pie.ntop.untunneled_l4_src_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 116 */
{ & hf_pie_ntop_untunneled_ipv4_dst_addr ,
{ " Untunneled_ipv4_dst_addr " , " cflow.pie.ntop.untunneled_ipv4_dst_addr " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 117 */
{ & hf_pie_ntop_untunneled_l4_dst_port ,
{ " Untunneled_l4_dst_port " , " cflow.pie.ntop.untunneled_l4_dst_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 110 */
{ & hf_pie_ntop_dump_path ,
{ " Dump_path " , " cflow.pie.ntop.dump_path " ,
FT_STRINGZ , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 130 */
{ & hf_pie_ntop_sip_call_id ,
{ " Sip_call_id " , " cflow.pie.ntop.sip_call_id " ,
2011-03-31 14:03:23 +00:00
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-12-07 03:46:10 +00:00
NULL , HFILL }
} ,
/* ntop, 35632 / 131 */
{ & hf_pie_ntop_sip_calling_party ,
{ " Sip_calling_party " , " cflow.pie.ntop.sip_calling_party " ,
2011-03-31 14:03:23 +00:00
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-12-07 03:46:10 +00:00
NULL , HFILL }
} ,
/* ntop, 35632 / 132 */
{ & hf_pie_ntop_sip_called_party ,
{ " Sip_called_party " , " cflow.pie.ntop.sip_called_party " ,
2011-03-31 14:03:23 +00:00
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-12-07 03:46:10 +00:00
NULL , HFILL }
} ,
/* ntop, 35632 / 133 */
{ & hf_pie_ntop_sip_rtp_codecs ,
{ " Sip_rtp_codecs " , " cflow.pie.ntop.sip_rtp_codecs " ,
2011-03-31 14:03:23 +00:00
FT_STRING , BASE_NONE , NULL , 0x0 ,
2010-12-07 03:46:10 +00:00
NULL , HFILL }
} ,
/* ntop, 35632 / 134 */
{ & hf_pie_ntop_sip_invite_time ,
{ " Sip_invite_time " , " cflow.pie.ntop.sip_invite_time " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 135 */
{ & hf_pie_ntop_sip_trying_time ,
{ " Sip_trying_time " , " cflow.pie.ntop.sip_trying_time " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 136 */
{ & hf_pie_ntop_sip_ringing_time ,
{ " Sip_ringing_time " , " cflow.pie.ntop.sip_ringing_time " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 137 */
{ & hf_pie_ntop_sip_ok_time ,
{ " Sip_ok_time " , " cflow.pie.ntop.sip_ok_time " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 138 */
{ & hf_pie_ntop_sip_bye_time ,
{ " Sip_bye_time " , " cflow.pie.ntop.sip_bye_time " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 139 */
{ & hf_pie_ntop_sip_rtp_src_ip ,
{ " Sip_rtp_src_ip " , " cflow.pie.ntop.sip_rtp_src_ip " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 140 */
{ & hf_pie_ntop_sip_rtp_src_port ,
{ " Sip_rtp_src_port " , " cflow.pie.ntop.sip_rtp_src_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 141 */
{ & hf_pie_ntop_sip_rtp_dst_ip ,
{ " Sip_rtp_dst_ip " , " cflow.pie.ntop.sip_rtp_dst_ip " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 142 */
{ & hf_pie_ntop_sip_rtp_dst_port ,
{ " Sip_rtp_dst_port " , " cflow.pie.ntop.sip_rtp_dst_port " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 150 */
{ & hf_pie_ntop_rtp_first_ssrc ,
{ " Rtp_first_ssrc " , " cflow.pie.ntop.rtp_first_ssrc " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 151 */
{ & hf_pie_ntop_rtp_first_ts ,
{ " Rtp_first_ts " , " cflow.pie.ntop.rtp_first_ts " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 152 */
{ & hf_pie_ntop_rtp_last_ssrc ,
{ " Rtp_last_ssrc " , " cflow.pie.ntop.rtp_last_ssrc " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 153 */
{ & hf_pie_ntop_rtp_last_ts ,
{ " Rtp_last_ts " , " cflow.pie.ntop.rtp_last_ts " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 154 */
{ & hf_pie_ntop_rtp_in_jitter ,
{ " Rtp_in_jitter " , " cflow.pie.ntop.rtp_in_jitter " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 155 */
{ & hf_pie_ntop_rtp_out_jitter ,
{ " Rtp_out_jitter " , " cflow.pie.ntop.rtp_out_jitter " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 156 */
{ & hf_pie_ntop_rtp_in_pkt_lost ,
{ " Rtp_in_pkt_lost " , " cflow.pie.ntop.rtp_in_pkt_lost " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 157 */
{ & hf_pie_ntop_rtp_out_pkt_lost ,
{ " Rtp_out_pkt_lost " , " cflow.pie.ntop.rtp_out_pkt_lost " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 158 */
{ & hf_pie_ntop_rtp_out_payload_type ,
{ " Rtp_out_payload_type " , " cflow.pie.ntop.rtp_out_payload_type " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 159 */
{ & hf_pie_ntop_rtp_in_max_delta ,
{ " Rtp_in_max_delta " , " cflow.pie.ntop.rtp_in_max_delta " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 160 */
{ & hf_pie_ntop_rtp_out_max_delta ,
{ " Rtp_out_max_delta " , " cflow.pie.ntop.rtp_out_max_delta " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 168 */
{ & hf_pie_ntop_proc_id ,
{ " Proc_id " , " cflow.pie.ntop.proc_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 169 */
{ & hf_pie_ntop_proc_name ,
{ " Proc_name " , " cflow.pie.ntop.proc_name " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 180 */
{ & hf_pie_ntop_http_url ,
{ " Http_url " , " cflow.pie.ntop.http_url " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 181 */
{ & hf_pie_ntop_http_ret_code ,
{ " Http_ret_code " , " cflow.pie.ntop.http_ret_code " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 185 */
{ & hf_pie_ntop_smtp_mail_from ,
{ " Smtp_mail_from " , " cflow.pie.ntop.smtp_mail_from " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 186 */
{ & hf_pie_ntop_smtp_rcpt_to ,
{ " Smtp_rcpt_to " , " cflow.pie.ntop.smtp_rcpt_to " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 195 */
{ & hf_pie_ntop_mysql_server_version ,
{ " Mysql_server_version " , " cflow.pie.ntop.mysql_server_version " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 196 */
{ & hf_pie_ntop_mysql_username ,
{ " Mysql_username " , " cflow.pie.ntop.mysql_username " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 197 */
{ & hf_pie_ntop_mysql_db ,
{ " Mysql_db " , " cflow.pie.ntop.mysql_db " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 198 */
{ & hf_pie_ntop_mysql_query ,
{ " Mysql_query " , " cflow.pie.ntop.mysql_query " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* ntop, 35632 / 199 */
{ & hf_pie_ntop_mysql_response ,
{ " Mysql_response " , " cflow.pie.ntop.mysql_response " ,
FT_UINT16 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 100 */
{ & hf_pie_plixer_client_ip_v4 ,
{ " client_ip_v4 " , " cflow.pie.plixer.client.ip_v4 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_pie_plixer_client_hostname ,
/* plixer, 13745 / 101 */
{ " client_hostname " , " cflow.pie.plixer.client_hostname " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 102 */
{ & hf_pie_plixer_partner_name ,
{ " Partner_name " , " cflow.pie.plixer.partner_name " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 103 */
{ & hf_pie_plixer_server_hostname ,
{ " Server_hostname " , " cflow.pie.plixer.server_hostname " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 104 */
{ & hf_pie_plixer_server_ip_v4 ,
{ " Server_ip_v4 " , " cflow.pie.plixer.server_ip_v4 " ,
FT_IPv4 , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 105 */
{ & hf_pie_plixer_recipient_address ,
{ " Recipient_address " , " cflow.pie.plixer.recipient_address " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 106 */
{ & hf_pie_plixer_event_id ,
{ " Event_id " , " cflow.pie.plixer.event_id " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 107 */
{ & hf_pie_plixer_msgid ,
{ " Msgid " , " cflow.pie.plixer.msgid " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 108 */
{ & hf_pie_plixer_priority ,
{ " Priority " , " cflow.pie.plixer_priority " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 109 */
{ & hf_pie_plixer_recipient_report_status ,
{ " Recipient_report_status " , " cflow.pie.plixer.recipient_report_status " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 110 */
{ & hf_pie_plixer_number_recipients ,
{ " Number_recipients " , " cflow.pie.plixer.number_recipients " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 111 */
{ & hf_pie_plixer_origination_time ,
{ " Origination_time " , " cflow.pie.plixer.origination_time " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 112 */
{ & hf_pie_plixer_encryption ,
{ " Cncryption " , " cflow.pie.plixer.encryption " ,
FT_UINT32 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 113 */
{ & hf_pie_plixer_service_version ,
{ " Service_version " , " cflow.pie.plixer.service_version " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 114 */
{ & hf_pie_plixer_linked_msgid ,
{ " Linked_msgid " , " cflow.pie.plixer.linked_msgid " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 115 */
{ & hf_pie_plixer_message_subject ,
{ " Message_subject " , " cflow.pie.plixer.message_subject " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 116 */
{ & hf_pie_plixer_sender_address ,
{ " Sender_address " , " cflow.pie.plixer.sender_address " ,
FT_STRING , BASE_NONE , NULL , 0x0 ,
NULL , HFILL }
} ,
/* plixer, 13745 / 117 */
{ & hf_pie_plixer_date_time ,
{ " Date_time " , " cflow.pie.plixer.date_time " ,
FT_ABSOLUTE_TIME , ABSOLUTE_TIME_LOCAL , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_string_len_short ,
{ " String_len_short " , " cflow.string_len_short " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
} ,
{ & hf_string_len_long ,
{ " String_len_short " , " cflow.string_len_long " ,
FT_UINT8 , BASE_DEC , NULL , 0x0 ,
NULL , HFILL }
2009-05-14 23:33:17 +00:00
}
2002-09-04 20:23:55 +00:00
} ;
2002-09-22 16:13:22 +00:00
static gint * ett [ ] = {
2002-09-04 20:23:55 +00:00
& ett_netflow ,
2002-09-22 16:13:22 +00:00
& ett_unixtime ,
2003-02-12 08:36:48 +00:00
& ett_flow ,
2007-05-11 06:21:18 +00:00
& ett_flowtime ,
2010-12-07 03:46:10 +00:00
& ett_str_len ,
2003-03-04 03:37:12 +00:00
& ett_template ,
2006-03-15 06:19:15 +00:00
& ett_field ,
2010-06-28 12:42:40 +00:00
& ett_dataflowset ,
& ett_fwdstat
2002-09-04 20:23:55 +00:00
} ;
2003-03-04 03:37:12 +00:00
module_t * netflow_module ;
2006-09-12 19:11:45 +00:00
proto_netflow = proto_register_protocol ( " Cisco NetFlow/IPFIX " , " CFLOW " ,
2002-09-22 16:13:22 +00:00
" cflow " ) ;
2002-09-04 20:23:55 +00:00
proto_register_field_array ( proto_netflow , hf , array_length ( hf ) ) ;
proto_register_subtree_array ( ett , array_length ( ett ) ) ;
2002-09-22 16:13:22 +00:00
2003-03-04 03:37:12 +00:00
/* Register our configuration options for NetFlow */
netflow_module = prefs_register_protocol ( proto_netflow ,
proto_reg_handoff_netflow ) ;
2008-04-12 09:35:48 +00:00
/* Set default Netflow port(s) */
2008-11-03 15:15:56 +00:00
range_convert_str ( & global_netflow_ports , NETFLOW_UDP_PORTS ,
2007-10-05 21:25:35 +00:00
MAX_UDP_PORT ) ;
range_convert_str ( & global_ipfix_ports , IPFIX_UDP_PORTS ,
MAX_UDP_PORT ) ;
prefs_register_obsolete_preference ( netflow_module , " udp.port " ) ;
prefs_register_range_preference ( netflow_module , " netflow.ports " ,
" NetFlow UDP Port(s) " ,
" Set the port(s) for NetFlow messages "
" (default: " NETFLOW_UDP_PORTS " ) " ,
& global_netflow_ports , MAX_UDP_PORT ) ;
prefs_register_range_preference ( netflow_module , " ipfix.ports " ,
" IPFIX UDP/TCP/SCTP Port(s) " ,
" Set the port(s) for IPFIX messages "
" (default: " IPFIX_UDP_PORTS " ) " ,
& global_ipfix_ports , MAX_UDP_PORT ) ;
2003-03-04 03:37:12 +00:00
2011-04-14 16:17:09 +00:00
prefs_register_uint_preference ( netflow_module , " max_template_fields " ,
" Maximum number of fields allowed in a template " ,
" Set the number of fields allowed in a template. "
" Use 0 (zero) for unlimited. "
" (default: " STRINGIFY ( V9TEMPLATE_MAX_FIELDS_DEF ) " ) " ,
10 , & v9template_max_fields ) ;
2004-03-09 20:08:26 +00:00
register_init_routine ( & netflow_reinit ) ;
2002-09-04 20:23:55 +00:00
}
2002-09-22 16:13:22 +00:00
/*
2007-08-21 21:03:59 +00:00
* protocol / port association
2002-09-22 16:13:22 +00:00
*/
2008-11-03 15:15:56 +00:00
static void
netflow_delete_callback ( guint32 port )
{
2010-09-17 01:45:29 +00:00
if ( port ) {
2010-12-20 05:35:29 +00:00
dissector_delete_uint ( " udp.port " , port , netflow_handle ) ;
2010-09-17 01:45:29 +00:00
}
2008-11-03 15:15:56 +00:00
}
static void
netflow_add_callback ( guint32 port )
{
2010-09-17 01:45:29 +00:00
if ( port ) {
2010-12-20 05:35:29 +00:00
dissector_add_uint ( " udp.port " , port , netflow_handle ) ;
2010-09-17 01:45:29 +00:00
}
2008-11-03 15:15:56 +00:00
}
static void
ipfix_delete_callback ( guint32 port )
{
2010-09-17 01:45:29 +00:00
if ( port ) {
2010-12-20 05:35:29 +00:00
dissector_delete_uint ( " udp.port " , port , netflow_handle ) ;
dissector_delete_uint ( " tcp.port " , port , netflow_handle ) ;
dissector_delete_uint ( " sctp.port " , port , netflow_handle ) ;
2010-09-17 01:45:29 +00:00
}
2008-11-03 15:15:56 +00:00
}
static void
ipfix_add_callback ( guint32 port )
{
2010-09-17 01:45:29 +00:00
if ( port ) {
2010-12-20 05:35:29 +00:00
dissector_add_uint ( " udp.port " , port , netflow_handle ) ;
dissector_add_uint ( " tcp.port " , port , netflow_handle ) ;
dissector_add_uint ( " sctp.port " , port , netflow_handle ) ;
2010-09-17 01:45:29 +00:00
}
2008-11-03 15:15:56 +00:00
}
2002-09-04 20:23:55 +00:00
void
proto_reg_handoff_netflow ( void )
{
2008-09-22 16:26:41 +00:00
static gboolean netflow_prefs_initialized = FALSE ;
2008-11-03 15:15:56 +00:00
static range_t * netflow_ports ;
static range_t * ipfix_ports ;
2003-03-04 03:37:12 +00:00
if ( ! netflow_prefs_initialized ) {
2008-11-03 15:15:56 +00:00
netflow_handle = new_create_dissector_handle ( dissect_netflow , proto_netflow ) ;
2003-03-04 03:37:12 +00:00
netflow_prefs_initialized = TRUE ;
2010-12-20 05:35:29 +00:00
dissector_add_uint ( " wtap_encap " , WTAP_ENCAP_RAW_IPFIX , netflow_handle ) ;
2008-11-03 15:15:56 +00:00
} else {
range_foreach ( netflow_ports , netflow_delete_callback ) ;
g_free ( netflow_ports ) ;
range_foreach ( ipfix_ports , ipfix_delete_callback ) ;
g_free ( ipfix_ports ) ;
2010-09-17 01:45:29 +00:00
}
2003-03-04 03:37:12 +00:00
2008-11-03 15:15:56 +00:00
netflow_ports = range_copy ( global_netflow_ports ) ;
ipfix_ports = range_copy ( global_ipfix_ports ) ;
range_foreach ( netflow_ports , netflow_add_callback ) ;
range_foreach ( ipfix_ports , ipfix_add_callback ) ;
2010-10-20 00:36:53 +00:00
2002-09-04 20:23:55 +00:00
}
2007-05-04 06:07:30 +00:00
2009-05-14 23:33:17 +00:00
/*
* Editor modelines
*
* Local Variables :
* c - basic - offset : 8
* tab - width : 8
* indent - tabs - mode : t
* End :
*
* ex : set shiftwidth = 8 tabstop = 8 noexpandtab
* : indentSize = 8 : tabSize = 8 : noTabs = false :
*/