*
* 1. (See the various XXX comments)
* 2. Template processing:
- * a. Use GHashTable instead of home-grown hash so no collisions;
- * b. Review use of lengths from template when dissecting fields in a data flow: not really OK ?
+ * a. source port needs to be part of the template identifier ?
+ * b. Use GHashTable instead of home-grown hash so no collisions;
+ * c. (Verify that template with same ID is actually identical to that previously seen ?)
+ * d. Review use of lengths from template when dissecting fields in a data flow: not really OK ?
* The proto_tree_add_item() calls in dissect_v9_v10_pdu_data() use:
* - "lengths" as specified in the previously seen template for the flow;
* - a hardwired Wireshark "field-type" (FT_UINT8, etc) in the hf[]array entries.
* will occur if the "known" length and the length as gotten from the template don't match.
* Consider: validate length fields when processing templates ?
* Don't cache template if errors in particular fields of template (eg: v10: pen == 0) ?
- * c. (Verify that template with same ID is actually identical to that previously seen ?)
*
*
*/
+/*
+ * November 2010: acferen: Add ntop nProbe and Plixer Mailinizer extensions
+ *
+ * nProbe changes are for nprobe >= 5.5.6. Earlier nprobe versions
+ * "supported" some of the same fields, but they used element IDs that
+ * collide with standard IDs. Because of this versions prior to 5.5.6
+ * using IDs above 80 (nprobe extensions) cannot be decoded correctly.
+ *
+ * nprobe supports extensions in v9 and IPFIX. IPFIX is done in the
+ * standard way. See the NTOP_BASE for handling v9 with no collisions
+ * (maybe).
+ *
+ * Plixer changes are just new field definitions. (IPFIX only)
+ *
+ * extended core code to allow naming vendor extensions.
+ *
+ * Put the length for variable length strings in a tree under the
+ * decoded string. Wonder if this might be overkill. Could probably
+ * just format the "(Variable length)" string to include the actual
+ * length.
+ *
+ * Did some minor cleanup.
+ *
+ * Note for WMeier... Added YYY comments with some XXX comments.
+ */
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
-#include <glib.h>
#include <epan/packet.h>
-#include <string.h>
#include <epan/prefs.h>
#include <epan/sminmpec.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/dissectors/packet-udp.h>
+#include "packet-ntp.h"
#include <epan/expert.h>
-#include <epan/dissectors/packet-ntp.h>
+#include <epan/strutil.h>
#if 0
#define REVPEN 29305
static dissector_handle_t netflow_handle;
+/* If you want sort of safely to send enterprise specific element IDs
+ using v9 you need to stake a claim in the wilds with the high bit
+ set. Still no naming authority, but at least it will never collide
+ with valid IPFIX */
+#define NTOP_BASE 57472u /* nprobe >= 5.5.6 */
+
/*
* global_netflow_ports : holds the configured range of ports for netflow
*/
{V8PDU_PREPORTPROTOCOL_METHOD, "V8 Port+Protocol aggregation"},
{0, NULL}
};
+static value_string_ext v8_agg_ext = VALUE_STRING_EXT_INIT(v8_agg);
/* Version 9 template cache structures */
/* This was 100, but this gives a horrible hash distribution. */
#define V9_V10_TEMPLATE_CACHE_MAX_ENTRIES 521
/* Max number of entries/scopes per template */
-/* I wonder if I can make this dynamic... 42 is more than sufficient
- for my current needs though. */
-#define V9TEMPLATE_MAX_FIELDS 42
+/* Space is allocated dynamically so there isn't really a need to
+ bound this except to cap possible memory use. Unfortunately if
+ this value is too low we can't decode any template with more than
+ v9template_max_fields fields in it. The best compromise seems
+ to be to make v9template_max_fields a user preference.
+ A value of 0 will be unlimited.
+*/
+#define V9TEMPLATE_MAX_FIELDS_DEF 60
+static guint v9template_max_fields = V9TEMPLATE_MAX_FIELDS_DEF;
struct v9_v10_template_entry {
guint16 type;
typedef enum {
TF_SCOPES=0,
TF_ENTRIES,
+ /* START IPFIX VENDOR FIELDS */
+ TF_PLIXER,
+ TF_NTOP,
+ TF_NO_VENDOR_INFO
} v9_v10_template_fields_type_t;
#define TF_NUM 2
+#define TF_NUM_EXT 5 /* includes vendor fields */
struct v9_v10_template {
guint length;
guint16 id;
address source_addr;
guint32 source_id;
- gboolean option_template; /* FALSE=data template, TRUE=option template */ /* XXX: not used ?? */
- guint16 field_count[TF_NUM]; /* 0:scopes; 1:entries */
- struct v9_v10_template_entry *fields[TF_NUM]; /* 0:scopes; 1:entries */
+ gboolean template_exists; /* TRUE: template exists */
+ guint16 field_count[TF_NUM]; /* 0:scopes; 1:entries */
+ struct v9_v10_template_entry *fields[TF_NUM_EXT]; /* 0:scopes; 1:entries; n:vendor_entries */
};
static struct v9_v10_template v9_v10_template_cache[V9_V10_TEMPLATE_CACHE_MAX_ENTRIES];
{ 96, "APPLICATION_NAME" },
{ 98, "postIpDiffServCodePoint" },
{ 99, "multicastReplicationFactor" },
- { 128, "SRC_AS_PEER" },
- { 129, "DST_AS_PEER" },
+ { 128, "DST_AS_PEER" },
+ { 129, "SRC_AS_PEER" },
{ 130, "exporterIPv4Address" },
{ 131, "exporterIPv6Address" },
{ 132, "DROPPED_BYTES" },
{ 344, "informationElementSemantics" },
{ 345, "informationElementUnits" },
{ 346, "privateEnterpriseNumber" },
+ /* Ericsson NAT Logging */
+ { 24628, "NAT_LOG_FIELD_IDX_CONTEXT_ID" },
+ { 24629, "NAT_LOG_FIELD_IDX_CONTEXT_NAME" },
+ { 24630, "NAT_LOG_FIELD_IDX_ASSIGN_TS_SEC" },
+ { 24631, "NAT_LOG_FIELD_IDX_UNASSIGN_TS_SEC" },
+ { 24632, "NAT_LOG_FIELD_IDX_IPV4_INT_ADDR" },
+ { 24633, "NAT_LOG_FIELD_IDX_IPV4_EXT_ADDR" },
+ { 24634, "NAT_LOG_FIELD_IDX_EXT_PORT_FIRST" },
+ { 24635, "NAT_LOG_FIELD_IDX_EXT_PORT_LAST" },
/* Cisco ASA5500 Series NetFlow */
{ 33000, "INGRESS_ACL_ID" },
{ 33001, "EGRESS_ACL_ID" },
{ 33002, "FW_EXT_EVENT" },
+ /* medianet performance monitor */
+ { 37000, "PACKETS_DROPPED" },
+ { 37003, "BYTE_RATE" },
+ { 37004, "APPLICATION_MEDIA_BYTES" },
+ { 37006, "APPLICATION_MEDIA_BYTE_RATE" },
+ { 37007, "APPLICATION_MEDIA_PACKETS" },
+ { 37009, "APPLICATION_MEDIA_PACKET_RATE" },
+ { 37011, "APPLICATION_MEDIA_EVENT" },
+ { 37012, "MONITOR_EVENT" },
+ { 37013, "TIMESTAMP_INTERVAL" },
+ { 37014, "TRANSPORT_PACKETS_EXPECTED" },
+ { 37016, "TRANSPORT_ROUND_TRIP_TIME" },
+ { 37017, "TRANSPORT_EVENT_PACKET_LOSS" },
+ { 37019, "TRANSPORT_PACKETS_LOST" },
+ { 37021, "TRANSPORT_PACKETS_LOST_RATE" },
+ { 37022, "TRANSPORT_RTP_SSRC" },
+ { 37023, "TRANSPORT_RTP_JITTER_MEAN" },
+ { 37024, "TRANSPORT_RTP_JITTER_MIN" },
+ { 37025, "TRANSPORT_RTP_JITTER_MAX" },
{ 40000, "AAA_USERNAME" },
{ 40001, "XLATE_SRC_ADDR_IPV4" },
{ 40002, "XLATE_DST_ADDR_IPV4" },
{ 40003, "XLATE_SRC_PORT" },
{ 40004, "XLATE_DST_PORT" },
{ 40005, "FW_EVENT" },
+ /* v9 nTop extensions. */
+ { 80 + NTOP_BASE, "FRAGMENTS" },
+ { 82 + NTOP_BASE, "CLIENT_NW_DELAY_SEC" },
+ { 83 + NTOP_BASE, "CLIENT_NW_DELAY_USEC" },
+ { 84 + NTOP_BASE, "SERVER_NW_DELAY_SEC" },
+ { 85 + NTOP_BASE, "SERVER_NW_DELAY_USEC" },
+ { 86 + NTOP_BASE, "APPL_LATENCY_SEC" },
+ { 87 + NTOP_BASE, "APPL_LATENCY_USEC" },
+ { 98 + NTOP_BASE, "ICMP_FLAGS" },
+ { 101 + NTOP_BASE, "SRC_IP_COUNTRY" },
+ { 102 + NTOP_BASE, "SRC_IP_CITY" },
+ { 103 + NTOP_BASE, "DST_IP_COUNTRY" },
+ { 104 + NTOP_BASE, "DST_IP_CITY" },
+ { 105 + NTOP_BASE, "FLOW_PROTO_PORT" },
+ { 106 + NTOP_BASE, "TUNNEL_ID" },
+ { 107 + NTOP_BASE, "LONGEST_FLOW_PKT" },
+ { 108 + NTOP_BASE, "SHORTEST_FLOW_PKT" },
+ { 109 + NTOP_BASE, "RETRANSMITTED_IN_PKTS" },
+ { 110 + NTOP_BASE, "RETRANSMITTED_OUT_PKTS" },
+ { 111 + NTOP_BASE, "OOORDER_IN_PKTS" },
+ { 112 + NTOP_BASE, "OOORDER_OUT_PKTS" },
+ { 113 + NTOP_BASE, "UNTUNNELED_PROTOCOL" },
+ { 114 + NTOP_BASE, "UNTUNNELED_IPV4_SRC_ADDR" },
+ { 115 + NTOP_BASE, "UNTUNNELED_L4_SRC_PORT" },
+ { 116 + NTOP_BASE, "UNTUNNELED_IPV4_DST_ADDR" },
+ { 117 + NTOP_BASE, "UNTUNNELED_L4_DST_PORT" },
+ { 120 + NTOP_BASE, "DUMP_PATH" },
+ { 130 + NTOP_BASE, "SIP_CALL_ID" },
+ { 131 + NTOP_BASE, "SIP_CALLING_PARTY" },
+ { 132 + NTOP_BASE, "SIP_CALLED_PARTY" },
+ { 133 + NTOP_BASE, "SIP_RTP_CODECS" },
+ { 134 + NTOP_BASE, "SIP_INVITE_TIME" },
+ { 135 + NTOP_BASE, "SIP_TRYING_TIME" },
+ { 136 + NTOP_BASE, "SIP_RINGING_TIME" },
+ { 137 + NTOP_BASE, "SIP_OK_TIME" },
+ { 138 + NTOP_BASE, "SIP_BYE_TIME" },
+ { 139 + NTOP_BASE, "SIP_RTP_SRC_IP" },
+ { 140 + NTOP_BASE, "SIP_RTP_SRC_PORT" },
+ { 141 + NTOP_BASE, "SIP_RTP_DST_IP" },
+ { 142 + NTOP_BASE, "SIP_RTP_DST_PORT" },
+ { 150 + NTOP_BASE, "RTP_FIRST_SSRC" },
+ { 151 + NTOP_BASE, "RTP_FIRST_TS" },
+ { 152 + NTOP_BASE, "RTP_LAST_SSRC" },
+ { 153 + NTOP_BASE, "RTP_LAST_TS" },
+ { 154 + NTOP_BASE, "RTP_IN_JITTER" },
+ { 155 + NTOP_BASE, "RTP_OUT_JITTER" },
+ { 156 + NTOP_BASE, "RTP_IN_PKT_LOST" },
+ { 157 + NTOP_BASE, "RTP_OUT_PKT_LOST" },
+ { 158 + NTOP_BASE, "RTP_OUT_PAYLOAD_TYPE" },
+ { 159 + NTOP_BASE, "RTP_IN_MAX_DELTA" },
+ { 160 + NTOP_BASE, "RTP_OUT_MAX_DELTA" },
+ { 165 + NTOP_BASE, "L7_PROTO" },
+ { 180 + NTOP_BASE, "HTTP_URL" },
+ { 181 + NTOP_BASE, "HTTP_RET_CODE" },
+ { 182 + NTOP_BASE, "HTTP_REFERER" },
+ { 183 + NTOP_BASE, "HTTP_UA" },
+ { 184 + NTOP_BASE, "HTTP_MIME" },
+ { 185 + NTOP_BASE, "SMTP_MAIL_FROM" },
+ { 186 + NTOP_BASE, "SMTP_RCPT_TO" },
+ { 195 + NTOP_BASE, "MYSQL_SERVER_VERSION" },
+ { 196 + NTOP_BASE, "MYSQL_USERNAME" },
+ { 197 + NTOP_BASE, "MYSQL_DB" },
+ { 198 + NTOP_BASE, "MYSQL_QUERY" },
+ { 199 + NTOP_BASE, "MYSQL_RESPONSE" },
+ { 0, NULL }
+};
+static const value_string v10_template_types_plixer[] = {
+ { 100, "client_ip_v4" },
+ { 101, "client_hostname" },
+ { 102, "partner_name" },
+ { 103, "server_hostname" },
+ { 104, "server_ip_v4" },
+ { 105, "recipient_address" },
+ { 106, "event_id" },
+ { 107, "msgid" },
+ { 108, "priority" },
+ { 109, "recipient_report_status" },
+ { 110, "number_recipients" },
+ { 111, "origination_time" },
+ { 112, "encryption" },
+ { 113, "service_version" },
+ { 114, "linked_msgid" },
+ { 115, "message_subject" },
+ { 116, "sender_address" },
+ { 117, "date_time" },
+ { 118, "client_ip_v6" },
+ { 119, "server_ip_v6" },
+ { 120, "source_context" },
+ { 121, "connector_id" },
+ { 122, "source_component" },
+ { 124, "related_recipient_address" },
+ { 125, "reference" },
+ { 126, "return_path" },
+ { 127, "message_info" },
+ { 128, "directionality" },
+ { 129, "tenant_id" },
+ { 130, "original_client_ip_v4" },
+ { 131, "original_server_ip_v4" },
+ { 132, "custom_data" },
+ { 133, "internal_message_id" },
+ { 0, NULL }
+};
+static const value_string v10_template_types_ntop[] = {
+ { 80, "FRAGMENTS" },
+ { 82, "CLIENT_NW_DELAY_SEC" },
+ { 83, "CLIENT_NW_DELAY_USEC" },
+ { 84, "SERVER_NW_DELAY_SEC" },
+ { 85, "SERVER_NW_DELAY_USEC" },
+ { 86, "APPL_LATENCY_SEC" },
+ { 87, "APPL_LATENCY_USEC" },
+ { 98, "ICMP_FLAGS" },
+ { 101, "SRC_IP_COUNTRY" },
+ { 102, "SRC_IP_CITY" },
+ { 103, "DST_IP_COUNTRY" },
+ { 104, "DST_IP_CITY" },
+ { 105, "FLOW_PROTO_PORT" },
+ { 106, "TUNNEL_ID" },
+ { 107, "LONGEST_FLOW_PKT" },
+ { 108, "SHORTEST_FLOW_PKT" },
+ { 109, "RETRANSMITTED_IN_PKTS" },
+ { 110, "RETRANSMITTED_OUT_PKTS" },
+ { 111, "OOORDER_IN_PKTS" },
+ { 112, "OOORDER_OUT_PKTS" },
+ { 113, "UNTUNNELED_PROTOCOL" },
+ { 114, "UNTUNNELED_IPV4_SRC_ADDR" },
+ { 115, "UNTUNNELED_L4_SRC_PORT" },
+ { 116, "UNTUNNELED_IPV4_DST_ADDR" },
+ { 117, "UNTUNNELED_L4_DST_PORT" },
+ { 120, "DUMP_PATH" },
+ { 130, "SIP_CALL_ID" },
+ { 131, "SIP_CALLING_PARTY" },
+ { 132, "SIP_CALLED_PARTY" },
+ { 133, "SIP_RTP_CODECS" },
+ { 134, "SIP_INVITE_TIME" },
+ { 135, "SIP_TRYING_TIME" },
+ { 136, "SIP_RINGING_TIME" },
+ { 137, "SIP_OK_TIME" },
+ { 138, "SIP_BYE_TIME" },
+ { 139, "SIP_RTP_SRC_IP" },
+ { 140, "SIP_RTP_SRC_PORT" },
+ { 141, "SIP_RTP_DST_IP" },
+ { 142, "SIP_RTP_DST_PORT" },
+ { 150, "RTP_FIRST_SSRC" },
+ { 151, "RTP_FIRST_TS" },
+ { 152, "RTP_LAST_SSRC" },
+ { 153, "RTP_LAST_TS" },
+ { 154, "RTP_IN_JITTER" },
+ { 155, "RTP_OUT_JITTER" },
+ { 156, "RTP_IN_PKT_LOST" },
+ { 157, "RTP_OUT_PKT_LOST" },
+ { 158, "RTP_OUT_PAYLOAD_TYPE" },
+ { 159, "RTP_IN_MAX_DELTA" },
+ { 160, "RTP_OUT_MAX_DELTA" },
+ { 165, "L7_PROTO" },
+ { 180, "HTTP_URL" },
+ { 181, "HTTP_RET_CODE" },
+ { 182, "HTTP_REFERER" },
+ { 183, "HTTP_UA" },
+ { 184, "HTTP_MIME" },
+ { 185, "SMTP_MAIL_FROM" },
+ { 186, "SMTP_RCPT_TO" },
+ { 195, "MYSQL_SERVER_VERSION" },
+ { 196, "MYSQL_USERNAME" },
+ { 197, "MYSQL_DB" },
+ { 198, "MYSQL_QUERY" },
+ { 199, "MYSQL_RESPONSE" },
{ 0, NULL }
};
static value_string_ext v9_v10_template_types_ext = VALUE_STRING_EXT_INIT(v9_v10_template_types);
+static value_string_ext v10_template_types_plixer_ext = VALUE_STRING_EXT_INIT(v10_template_types_plixer);
+static value_string_ext v10_template_types_ntop_ext = VALUE_STRING_EXT_INIT(v10_template_types_ntop);
+
static const value_string v9_scope_field_types[] = {
{ 1, "System" },
{ 2, "Interface" },
{ 5, "Template" },
{ 0, NULL }
};
-
static value_string_ext v9_scope_field_types_ext = VALUE_STRING_EXT_INIT(v9_scope_field_types);
static const value_string v9_sampler_mode[] = {
{ 2, "Random" },
{ 0, NULL }
};
+
static const value_string v9_direction[] = {
{ 0, "Ingress" },
{ 1, "Egress" },
{ 0, NULL }
};
+
+#define FORWARDING_STATUS_UNKNOWN 0
+#define FORWARDING_STATUS_FORWARD 1
+#define FORWARDING_STATUS_DROP 2
+#define FORWARDING_STATUS_CONSUME 3
+
static const value_string v9_forwarding_status[] = {
- { 0, "Unknown"}, /* Observed on IOS-XR 3.2 */
- { 1, "Forward"}, /* Observed on 7200 12.4(9)T */
- { 2, "Drop"}, /* Observed on 7200 12.4(9)T */
- { 3, "Consume"}, /* Observed on 7200 12.4(9)T */
+ { FORWARDING_STATUS_UNKNOWN, "Unknown"}, /* Observed on IOS-XR 3.2 */
+ { FORWARDING_STATUS_FORWARD, "Forward"}, /* Observed on 7200 12.4(9)T */
+ { FORWARDING_STATUS_DROP, "Drop"}, /* Observed on 7200 12.4(9)T */
+ { FORWARDING_STATUS_CONSUME, "Consume"}, /* Observed on 7200 12.4(9)T */
{ 0, NULL }
};
-static const value_string v9_forwarding_status_code[] = {
- { 64, "Forwarded (Unknown)" },
- { 65, "Forwarded Fragmented" },
- { 66, "Forwarded not Fragmented" },
- { 128, "Dropped (Unknown)" },
- { 129, "Drop ACL Deny" },
- { 130, "Drop ACL drop" },
- { 131, "Drop Unroutable" },
- { 132, "Drop Adjacency" },
- { 133, "Drop Fragmentation & DF set" },
- { 134, "Drop Bad header checksum" },
- { 135, "Drop Bad total Length" },
- { 136, "Drop Bad Header Length" },
- { 137, "Drop bad TTL" },
- { 138, "Drop Policer" },
- { 139, "Drop WRED" },
- { 140, "Drop RPF" },
- { 141, "Drop For us" },
- { 142, "Drop Bad output interface" },
- { 143, "Drop Hardware" },
- { 192, "Consumed (Unknown)" },
- { 193, "Terminate Punt Adjacency" },
- { 194, "Terminate Incomplete Adjacency" },
- { 195, "Terminate For us" },
- { 0, NULL }
+
+static const value_string v9_forwarding_status_unknown_code[] = {
+ { 0, NULL }
+};
+
+static const value_string v9_forwarding_status_forward_code[] = {
+ { 0, "Forwarded (Unknown)" },
+ { 1, "Forwarded Fragmented" },
+ { 2, "Forwarded not Fragmented" },
+ { 0, NULL }
+};
+
+static const value_string v9_forwarding_status_drop_code[] = {
+ { 0, "Dropped (Unknown)" },
+ { 1, "Drop ACL Deny" },
+ { 2, "Drop ACL drop" },
+ { 3, "Drop Unroutable" },
+ { 4, "Drop Adjacency" },
+ { 5, "Drop Fragmentation & DF set" },
+ { 6, "Drop Bad header checksum" },
+ { 7, "Drop Bad total Length" },
+ { 8, "Drop Bad Header Length" },
+ { 9, "Drop bad TTL" },
+ { 10, "Drop Policer" },
+ { 11, "Drop WRED" },
+ { 12, "Drop RPF" },
+ { 13, "Drop For us" },
+ { 14, "Drop Bad output interface" },
+ { 15, "Drop Hardware" },
+ { 0, NULL }
+};
+
+static const value_string v9_forwarding_status_consume_code[] = {
+ { 0, "Consumed (Unknown)" },
+ { 1, "Terminate Punt Adjacency" },
+ { 2, "Terminate Incomplete Adjacency" },
+ { 3, "Terminate For us" },
+ { 0, NULL }
};
+
static const value_string v9_firewall_event[] = {
{ 0, "Default (ignore)"},
{ 1, "Flow created"},
{ 2, "Flow deleted"},
{ 3, "Flow denied"},
- { 4, "Flow alart"},
+ { 4, "Flow alert"},
{ 0, NULL }
};
{ 1004, "Flow denied (TCP flow beginning with not TCP SYN)"},
{ 0, NULL }
};
+
static const value_string engine_type[] = {
{ 0, "RP"},
{ 1, "VIP/Linecard"},
{ 2, "PFC/DFC" },
{ 0, NULL }
};
+
static const value_string v9_flow_end_reason[] = {
{ 0, "Unknown"},
{ 1, "Idle timeout"},
{ 5, "Lack of resources" },
{ 0, NULL }
};
+
static const value_string v9_biflow_direction[] = {
{ 0, "Arbitrary"},
{ 1, "Initiator"},
{ 3, "Perimeter" },
{ 0, NULL }
};
+
static const value_string selector_algorithm[] = {
{ 0, "Reserved"},
{ 1, "Systematic count-based Sampling"},
{ 4, "Uniform probabilistic Sampling"},
{ 5, "Property match Filtering"},
{ 6, "Hash based Filtering using BOB"},
- { 7, " Hash based Filtering using IPSX"},
+ { 7, "Hash based Filtering using IPSX"},
{ 8, "Hash based Filtering using CRC"},
{ 0, NULL }
};
+static value_string_ext selector_algorithm_ext = VALUE_STRING_EXT_INIT(selector_algorithm);
+static const value_string performance_monitor_specials[] = {
+ { 0xFFFFFFFF, "Not Measured"},
+ { 0xFFFF, "Not Measured"},
+ { 0, NULL }
+};
/*
static int ett_unixtime = -1;
static int ett_flow = -1;
static int ett_flowtime = -1;
+static int ett_str_len = -1;
static int ett_template = -1;
static int ett_field = -1;
static int ett_dataflowset = -1;
static int hf_cflow_template_ipfix_field_type_enterprise = -1;
static int hf_cflow_template_ipfix_field_pen = -1;
+/* IPFIX / vendor */
+static int hf_cflow_template_plixer_field_type = -1;
+static int hf_cflow_template_ntop_field_type = -1;
+
+
/*
* pdu storage
*/
static int hf_cflow_if_descr = -1;
static int hf_cflow_sampler_name = -1;
static int hf_cflow_forwarding_status = -1;
-static int hf_cflow_forwarding_code = -1;
+static int hf_cflow_forwarding_status_unknown_code = -1;
+static int hf_cflow_forwarding_status_forward_code = -1;
+static int hf_cflow_forwarding_status_consume_code = -1;
+static int hf_cflow_forwarding_status_drop_code = -1;
static int hf_cflow_nbar_appl_desc = -1;
static int hf_cflow_nbar_appl_id = -1;
static int hf_cflow_nbar_appl_name = -1;
static int hf_cflow_ipv6_exthdr = -1;
static int hf_cflow_dstmac = -1;
static int hf_cflow_post_srcmac = -1;
+static int hf_cflow_permanent_packets = -1;
+static int hf_cflow_permanent_packets64 = -1;
+static int hf_cflow_permanent_octets = -1;
+static int hf_cflow_permanent_octets64 = -1;
static int hf_cflow_fragment_offset = -1;
static int hf_cflow_mpls_vpn_rd = -1;
static int hf_cflow_mpls_top_label_prefix_length = -1; /* ID: 91 */
static int hf_cflow_information_element_semantics = -1; /* ID: 344 */
static int hf_cflow_information_element_units = -1; /* ID: 345 */
static int hf_cflow_private_enterprise_number = -1; /* ID: 346 */
+static int hf_cflow_packets_dropped = -1; /* ID: 37000 */
+static int hf_cflow_byte_rate = -1; /* ID: 37003 */
+static int hf_cflow_application_media_bytes = -1; /* ID: 37004 */
+static int hf_cflow_application_media_byte_rate = -1; /* ID: 37006 */
+static int hf_cflow_application_media_packets = -1; /* ID: 37007 */
+static int hf_cflow_application_media_packet_rate = -1; /* ID: 37009 */
+static int hf_cflow_application_media_event = -1; /* ID: 37011 */
+static int hf_cflow_monitor_event = -1; /* ID: 37012 */
+static int hf_cflow_timestamp_interval = -1; /* ID: 37013 */
+static int hf_cflow_transport_packets_expected = -1; /* ID: 37014 */
+static int hf_cflow_transport_round_trip_time = -1; /* ID: 37016 */
+static int hf_cflow_transport_round_trip_time_string = -1; /* ID: 37016 */
+static int hf_cflow_transport_event_packet_loss = -1; /* ID: 37017 */
+static int hf_cflow_transport_packets_lost = -1; /* ID: 37019 */
+static int hf_cflow_transport_packets_lost_string = -1; /* ID: 37019 */
+static int hf_cflow_transport_packets_lost_rate = -1; /* ID: 37021 */
+static int hf_cflow_transport_packets_lost_rate_string = -1; /* ID: 37021 */
+static int hf_cflow_transport_rtp_ssrc = -1; /* ID: 37022 */
+static int hf_cflow_transport_rtp_jitter_mean = -1; /* ID: 37023 */
+static int hf_cflow_transport_rtp_jitter_mean_string = -1; /* ID: 37023 */
+static int hf_cflow_transport_rtp_jitter_min = -1; /* ID: 37024 */
+static int hf_cflow_transport_rtp_jitter_min_string = -1; /* ID: 37024 */
+static int hf_cflow_transport_rtp_jitter_max = -1; /* ID: 37025 */
+static int hf_cflow_transport_rtp_jitter_max_string = -1; /* ID: 37025 */
+
+/* Ericsson SE NAT Logging */
+static int hf_cflow_nat_context_id = -1; /* ID: 24628 */
+static int hf_cflow_nat_context_name = -1; /* ID: 24629 */
+static int hf_cflow_nat_assign_time = -1; /* ID: 24630 */
+static int hf_cflow_nat_unassign_time = -1; /* ID: 24631 */
+static int hf_cflow_nat_int_addr = -1; /* ID: 24632 */
+static int hf_cflow_nat_ext_addr = -1; /* ID: 24633 */
+static int hf_cflow_nat_ext_port_first = -1; /* ID: 24634 */
+static int hf_cflow_nat_ext_port_last = -1; /* ID: 24635 */
+
/* Cisco ASA 5500 Series */
static int hf_cflow_ingress_acl_id = -1; /* NF_F_INGRESS_ACL_ID (33000) */
static int hf_pie_cace_local_cmd_len = -1;
static int hf_pie_cace_local_cmd = -1;
+static int hf_pie_ntop_fragmented = -1;
+static int hf_pie_ntop_fingerprint = -1;
+static int hf_pie_ntop_client_nw_delay_sec = -1;
+static int hf_pie_ntop_client_nw_delay_usec = -1;
+static int hf_pie_ntop_server_nw_delay_sec = -1;
+static int hf_pie_ntop_server_nw_delay_usec = -1;
+static int hf_pie_ntop_appl_latency_sec = -1;
+static int hf_pie_ntop_icmp_flags = -1;
+static int hf_pie_ntop_src_ip_country = -1;
+static int hf_pie_ntop_src_ip_city = -1;
+static int hf_pie_ntop_dst_ip_country = -1;
+static int hf_pie_ntop_dst_ip_city = -1;
+static int hf_pie_ntop_flow_proto_port = -1;
+
+static int hf_pie_ntop_longest_flow_pkt = -1;
+static int hf_pie_ntop_ooorder_in_pkts = -1;
+static int hf_pie_ntop_ooorder_out_pkts = -1;
+static int hf_pie_ntop_retransmitted_in_pkts = -1;
+static int hf_pie_ntop_retransmitted_out_pkts = -1;
+static int hf_pie_ntop_shortest_flow_pkt = -1;
+static int hf_pie_ntop_tunnel_id = -1;
+static int hf_pie_ntop_untunneled_ipv4_dst_addr = -1;
+static int hf_pie_ntop_untunneled_ipv4_src_addr = -1;
+static int hf_pie_ntop_untunneled_l4_dst_port = -1;
+static int hf_pie_ntop_untunneled_l4_src_port = -1;
+static int hf_pie_ntop_untunneled_protocol = -1;
+
+static int hf_pie_ntop_dump_path = -1;
+static int hf_pie_ntop_sip_call_id = -1;
+static int hf_pie_ntop_sip_calling_party = -1;
+static int hf_pie_ntop_sip_called_party = -1;
+static int hf_pie_ntop_sip_rtp_codecs = -1;
+static int hf_pie_ntop_sip_invite_time = -1;
+static int hf_pie_ntop_sip_trying_time = -1;
+static int hf_pie_ntop_sip_ringing_time = -1;
+static int hf_pie_ntop_sip_ok_time = -1;
+static int hf_pie_ntop_sip_bye_time = -1;
+static int hf_pie_ntop_sip_rtp_src_ip = -1;
+static int hf_pie_ntop_sip_rtp_src_port = -1;
+static int hf_pie_ntop_sip_rtp_dst_ip = -1;
+static int hf_pie_ntop_sip_rtp_dst_port = -1;
+static int hf_pie_ntop_rtp_first_ssrc = -1;
+static int hf_pie_ntop_rtp_first_ts = -1;
+static int hf_pie_ntop_rtp_last_ssrc = -1;
+static int hf_pie_ntop_rtp_last_ts = -1;
+static int hf_pie_ntop_rtp_in_jitter = -1;
+static int hf_pie_ntop_rtp_out_jitter = -1;
+static int hf_pie_ntop_rtp_in_pkt_lost = -1;
+static int hf_pie_ntop_rtp_out_pkt_lost = -1;
+static int hf_pie_ntop_rtp_out_payload_type = -1;
+static int hf_pie_ntop_rtp_in_max_delta = -1;
+static int hf_pie_ntop_rtp_out_max_delta = -1;
+static int hf_pie_ntop_proc_id = -1;
+static int hf_pie_ntop_proc_name = -1;
+static int hf_pie_ntop_http_url = -1;
+static int hf_pie_ntop_http_ret_code = -1;
+static int hf_pie_ntop_smtp_mail_from = -1;
+static int hf_pie_ntop_smtp_rcpt_to = -1;
+
+static int hf_pie_ntop_mysql_server_version = -1;
+static int hf_pie_ntop_mysql_username = -1;
+static int hf_pie_ntop_mysql_db = -1;
+static int hf_pie_ntop_mysql_query = -1;
+static int hf_pie_ntop_mysql_response = -1;
+
+static int hf_pie_plixer_client_ip_v4 = -1;
+static int hf_pie_plixer_client_hostname = -1; /* string */
+static int hf_pie_plixer_partner_name = -1; /* string */
+static int hf_pie_plixer_server_hostname = -1; /* string */
+static int hf_pie_plixer_server_ip_v4 = -1;
+static int hf_pie_plixer_recipient_address = -1; /* string */
+static int hf_pie_plixer_event_id = -1;
+static int hf_pie_plixer_msgid = -1; /* string */
+
+static int hf_pie_plixer_priority = -1;
+static int hf_pie_plixer_recipient_report_status = -1;
+static int hf_pie_plixer_number_recipients = -1;
+static int hf_pie_plixer_origination_time = -1;
+static int hf_pie_plixer_encryption = -1; /* string */
+static int hf_pie_plixer_service_version = -1; /* string */
+static int hf_pie_plixer_linked_msgid = -1; /* string */
+static int hf_pie_plixer_message_subject = -1; /* string */
+static int hf_pie_plixer_sender_address = -1; /* string */
+static int hf_pie_plixer_date_time = -1;
+
+static int hf_string_len_short = -1;
+static int hf_string_len_long = -1;
+
+
static const value_string special_mpls_top_label_type[] = {
{0, "Unknown"},
{1, "TE-MIDPT"},
return ti;
}
+
+static void
+nbar_fmt_id(gchar *result, guint32 nbar_id)
+{
+ guint32 nbar_id_type = (nbar_id>>24)&0xFF;
+ nbar_id &= 0xFFFFFF;
+
+ g_snprintf(result, ITEM_LABEL_LENGTH,
+ "NBAR Application ID: %d:%d (type:id)", nbar_id_type, nbar_id);
+}
+
+
void proto_reg_handoff_netflow(void);
typedef struct _hdrinfo_t {
int offset, int len, hdrinfo_t *hdrinfo, guint16 flowset_id);
static int v9_v10_template_hash(guint16 id, const address *net_src,
guint32 src_id);
-static struct v9_v10_template *v9_v10_template_get(guint16 id, address *net_src,
- guint32 src_id);
+static struct v9_v10_template *v9_v10_template_cache_addr(guint16 id, address *net_src, guint32 src_id);
+static struct v9_v10_template *v9_v10_template_get(guint16 id, address *net_src, guint32 src_id);
static const gchar *getprefix(const guint32 *address, int prefix);
static int flow_process_ints(proto_tree *pdutree, tvbuff_t *tvb,
int offset, int bytes,
const char *text);
-/* ------------------------------------ */
-/* NTP <-> nstime conversions */
-/* XXX: ToDo: Put this (and ntp_fmt_ts from packet-ntp.c) in a util lib */
-
-/* NTP_BASETIME is in fact epoch - ntp_start_time */
-#define NTP_BASETIME 2208988800ul
-#define FLOAT_DENOM 4294967296.0 /* (float) (2**32) */
-
-#if 0
-typedef struct _ntptime_t {
- long ntp_sec; /* since 1900 */
- long ntp_frac_sec; /* n/(2**32) */
-} ntptime_t;
-
-static void
-nstime_to_ntptime(nstime_t *nst, ntptime_t *ntpt) {
- ntpt->ntp_sec = nst->secs + NTP_BASETIME;
- ntpt->ntp_frac_sec = (long) ((nst->nsecs*FLOAT_DENOM)/1000000000.0);
-}
-
-static void
-ntptime_to_nstime(ntptime_t *ntpt, nstime_t *nst) {
- nst->secs = ntpt->ntp_sec - NTP_BASETIME;
- nst->nsecs = (int)((ntpt->ntp_frac_sec*1000000000.0)/FLOAT_DENOM);
-}
-#endif
-
-static void
-ntptime_buf_to_nstime(const guint8 *ntptime_buf, nstime_t *nstime) {
- nstime->secs = pntohl(&ntptime_buf[0]) - NTP_BASETIME;
- nstime->nsecs = (int)((pntohl(&ntptime_buf[4])*1000000000.0)/FLOAT_DENOM);
+static int pen_to_type_hf_list (guint32 pen) {
+ switch (pen) {
+ case VENDOR_PLIXER:
+ return TF_PLIXER;
+ case VENDOR_NTOP:
+ return TF_NTOP;
+ default:
+ return TF_NO_VENDOR_INFO;
+ }
}
-/* ------------------------------------ */
static int
dissect_netflow(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
ipfix_debug0("dissect_netflow: start");
ver = tvb_get_ntohs(tvb, offset);
-
+
ipfix_debug1("dissect_netflow: found version %d", ver);
switch (ver) {
}
if (pdus == 0) { /* no payload to decode - in theory */
- /* This is absurd, but does happens in practice. */
+ /* This is absurd, but does happen in practice. */
proto_tree_add_text(netflow_tree, tvb, offset, tvb_length_remaining(tvb, offset),
- "FlowSets impossibles - PDU Count is %d", pdus);
+ "FlowSets impossible - PDU Count is %d", pdus);
return tvb_length(tvb);
}
/*
}
static guint
-dissect_v9_pdu_scope(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pdutree, int offset,
+dissect_v9_pdu_scope(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *pdutree, int offset,
struct v9_v10_template *tplt)
{
int orig_offset;
- proto_item *ti;
int i;
DISSECTOR_ASSERT(tplt->fields[TF_SCOPES] != NULL);
guint16 type = tplt->fields[TF_SCOPES][i].type;
guint16 length = tplt->fields[TF_SCOPES][i].length;
if (length == 0) { /* XXX: Zero length fields probably shouldn't be included in the cached template */
+ /* YYY: Maybe. If you don't cache the zero length fields can you still compare that you actually have the same template with the same ID. See WMeier comment "c." above */
continue;
}
switch (type) {
- /* XXX: template length fields should be validated during temlate processing ... */
+ /* XXX: template length fields should be validated during template processing ... */
case 1: /* system */
- ti = proto_tree_add_item(pdutree, hf_cflow_scope_system,
+ proto_tree_add_item(pdutree, hf_cflow_scope_system,
tvb, offset, length, ENC_NA);
- if (length != 4) {
- expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_WARN,
- "ScopeSystem: invalid size %u", length);
- }
break;
case 2: /* interface */
- ti = proto_tree_add_item(pdutree, hf_cflow_scope_interface,
- tvb, offset, length, ENC_BIG_ENDIAN);
- if (length != 4) {
- expert_add_info_format(pinfo, ti, PI_MALFORMED, PI_WARN,
- "ScopeInterface: invalid size %u", length);
- }
+ proto_tree_add_item(pdutree, hf_cflow_scope_interface,
+ tvb, offset, length, ENC_NA);
break;
case 3: /* linecard */
proto_tree_add_item(pdutree, hf_cflow_scope_linecard,
int i;
address local_addr, remote_addr;
- guint16 local_port = 0, remote_port = 0, ipv4_id = 0, icmp_id = 0;
+ guint16 local_port = 0, remote_port = 0/*, ipv4_id = 0, icmp_id = 0*/;
guint32 uid = 0, pid = 0;
int uname_len;
gchar *uname_str = NULL;
gchar *cmd_str = NULL;
guint16 got_flags = 0;
+ int string_len_short = 0;
+ int string_len_long = 0;
+
+ proto_tree *string_tree;
+
+ gchar * gen_str = NULL;
+ int gen_str_offset = 0;
proto_item *ti;
- const guint8 *reftime;
guint16 count;
struct v9_v10_template_entry *entries;
proto_tree *fwdstattree;
pen_str = entries[i].pen_str;
if (length == 0) { /* XXX: Zero length fields probably shouldn't be included in the cached template */
+ /* YYY: Maybe. If you don't cache the zero length fields can you still compare that you actually have the same template with the same ID. See WMeier comment "c." above */
continue;
}
/* See if variable length field */
vstr_len = 0;
if (length == VARIABLE_LENGTH) {
vstr_len = 1;
- length = tvb_get_guint8(tvb, offset);
+ string_len_short = length = tvb_get_guint8(tvb, offset);
if (length == 255) {
vstr_len = 3;
- length = tvb_get_ntohs(tvb, offset+1);
+ string_len_long = length = tvb_get_ntohs(tvb, offset+1);
}
offset += vstr_len;
+ gen_str_offset = offset;
}
/* v9 types
ti = NULL;
switch (pen_type) {
- case 85: /* BYTES_PERMANENT */
case 1: /* bytes */
if (length == 4) {
ti = proto_tree_add_item(pdutree, hf_cflow_octets,
}
break;
- case 86: /* PACKETS_PERMANENT */
case 2: /* packets */
if (length == 4) {
ti = proto_tree_add_item(pdutree, hf_cflow_packets,
case 152: /* flowStartMilliseconds: 64-bit integer */
offset_s[rev] = offset;
ts_start[rev].secs = tvb_get_ntoh64(tvb, offset)/1000;
- ts_start[rev].nsecs = (tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
+ ts_start[rev].nsecs = (int)(tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
goto timestamp_common;
break;
case 153: /* flowEndMilliseconds; 64-bit integer */
offset_e[rev] = offset;
ts_end[rev].secs = (tvb_get_ntoh64(tvb, offset)/1000);
- ts_end[rev].nsecs = (tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
+ ts_end[rev].nsecs = (int)(tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
goto timestamp_common;
break;
case 154: /* flowStartMicroseconds: 64-bit NTP format */
offset_s[rev] = offset;
- ntptime_buf_to_nstime(tvb_get_ptr(tvb, offset, 8), &ts_start[rev]);
+ ntp_to_nstime(tvb, offset, &ts_start[rev]);
goto timestamp_common;
break;
case 155: /* flowEndMicroseconds: 64-bit NTP format */
/* XXX: Not tested ... */
offset_e[rev] = offset;
- ntptime_buf_to_nstime(tvb_get_ptr(tvb, offset, 8), &ts_end[rev]);
+ ntp_to_nstime(tvb, offset, &ts_end[rev]);
goto timestamp_common;
break;
case 156: /* flowStartNanoseconds: 64-bit NTP format */
/* XXX: Not tested ... */
offset_s[rev] = offset;
- ntptime_buf_to_nstime(tvb_get_ptr(tvb, offset, 8), &ts_start[rev]);
+ ntp_to_nstime(tvb, offset, &ts_start[rev]);
goto timestamp_common;
break;
case 157: /* flowEndNanoseconds: 64-bit NTP format */
/* XXX: Not tested ... */
offset_e[rev] = offset;
- ntptime_buf_to_nstime(tvb_get_ptr(tvb, offset, 8), &ts_end[rev]);
+ ntp_to_nstime(tvb, offset, &ts_end[rev]);
goto timestamp_common;
break;
offset_s[rev] = offset;
usec = tvb_get_ntohl(tvb, offset);
ts_start[rev].secs = (((guint64)(hdrinfo->export_time_secs)*1000000 - usec) / 1000000);
- ts_start[rev].nsecs = (((guint64)(hdrinfo->export_time_secs)*1000000 - usec) % 1000000) * 1000;
+ ts_start[rev].nsecs = (int)(((guint64)(hdrinfo->export_time_secs)*1000000 - usec) % 1000000) * 1000;
goto timestamp_common;
break;
offset_e[rev] = offset;
usec = tvb_get_ntohl(tvb, offset);
ts_end[rev].secs = (((guint64)(hdrinfo->export_time_secs)*1000000 - usec) / 1000000);
- ts_end[rev].nsecs = (((guint64)(hdrinfo->export_time_secs)*1000000 - usec) % 1000000) * 1000;
+ ts_end[rev].nsecs = (int)(((guint64)(hdrinfo->export_time_secs)*1000000 - usec) % 1000000) * 1000;
/* This code executed for all timestamp fields above */
/* !! Assumption: Only 1 set of time fields in a flow */
case 82: /* IF_NAME */
ti = proto_tree_add_item(pdutree, hf_cflow_if_name,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 83: /* IF_DESCR */
ti = proto_tree_add_item(pdutree, hf_cflow_if_descr,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 84: /* SAMPLER_NAME */
ti = proto_tree_add_item(pdutree, hf_cflow_sampler_name,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
+ break;
+
+ case 85: /* BYTES_PERMANENT */
+ if (length == 4) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_permanent_octets,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else if (length == 8) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_permanent_octets64,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ ti = proto_tree_add_text(pdutree,
+ tvb, offset, length,
+ "Running Octets: length %u", length);
+ }
+ break;
+
+ case 86: /* PACKETS_PERMANENT */
+ if (length == 4) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_permanent_packets,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else if (length == 8) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_permanent_packets64,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ ti = proto_tree_add_text(pdutree,
+ tvb, offset, length,
+ "Running Packets: length %u", length);
+ }
break;
case 88: /* fragmentOffset */
tvb, offset, length, ENC_BIG_ENDIAN);
break;
- case 89: /* FORWARDING_STATUS */
+ case 89: {
+ /* FORWARDING_STATUS */
/* Forwarding status is encoded on 1 byte with
* the 2 left bits giving the status and the 6
* remaining bits giving the reason code. */
+ guint8 forwarding_status;
+ const value_string *x_vs;
+ int x_hf;
+
ti = proto_tree_add_text(pdutree, tvb, offset, length, "Forwarding Status");
+ fwdstattree = proto_item_add_subtree(ti, ett_fwdstat);
+ forwarding_status = tvb_get_guint8(tvb, offset)>>6;
+ switch(forwarding_status) {
+ default:
+ case FORWARDING_STATUS_UNKNOWN:
+ x_vs = v9_forwarding_status_unknown_code;
+ x_hf = hf_cflow_forwarding_status_unknown_code;
+ break;
+ case FORWARDING_STATUS_FORWARD:
+ x_vs = v9_forwarding_status_forward_code;
+ x_hf = hf_cflow_forwarding_status_forward_code;
+ break;
+ case FORWARDING_STATUS_DROP:
+ x_vs = v9_forwarding_status_drop_code;
+ x_hf = hf_cflow_forwarding_status_drop_code;
+ break;
+ case FORWARDING_STATUS_CONSUME:
+ x_vs = v9_forwarding_status_consume_code;
+ x_hf = hf_cflow_forwarding_status_consume_code;
+ break;
+ }
- fwdstattree = proto_item_add_subtree(ti, ett_fwdstat);
proto_tree_add_item(fwdstattree, hf_cflow_forwarding_status,
- tvb, offset, length, ENC_NA);
- proto_tree_add_item(fwdstattree, hf_cflow_forwarding_code,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_NA);
+
+ proto_tree_add_item(fwdstattree, x_hf,
+ tvb, offset, length, ENC_NA);
/* add status code to tree summary */
if (length==1) {
- proto_item_append_text(ti, ": %s", val_to_str((tvb_get_guint8(tvb, offset)>>6),
- v9_forwarding_status, "Unknown(%d)"));
- proto_item_append_text(ti, ": %s", val_to_str((tvb_get_guint8(tvb, offset)&0x3F),
- v9_forwarding_status_code, "Unknown(%d)"));
+ proto_item_append_text(ti, ": %s", val_to_str_const(forwarding_status,
+ v9_forwarding_status, "(Unknown)"));
+ proto_item_append_text(ti, ": %s", val_to_str_const((tvb_get_guint8(tvb, offset)&0x3F),
+ x_vs, "(Unknown)"));
};
+ }
break;
case 90: /* mplsVpnRouteDistinguisher */
case 94: /* NBAR applicationDesc */
ti = proto_tree_add_item(pdutree, hf_cflow_nbar_appl_desc,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 95: /* NBAR applicationId */
ti = proto_tree_add_item(pdutree, hf_cflow_nbar_appl_id,
- tvb, offset+2, 2, ENC_BIG_ENDIAN); /*XXX: 2 bytes skipped ?? */
+ tvb, offset, length, ENC_BIG_ENDIAN);
break;
case 96: /* NBAR applicationName */
ti = proto_tree_add_item(pdutree, hf_cflow_nbar_appl_name,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 98: /* postIpDiffServCodePoint */
tvb, offset, length, ENC_NA);
break;
- case 128: /* source AS Peer */
- ti = proto_tree_add_item(pdutree, hf_cflow_peer_srcas,
+ case 128: /* dest AS Peer */
+ ti = proto_tree_add_item(pdutree, hf_cflow_peer_dstas,
tvb, offset, length, ENC_BIG_ENDIAN);
break;
- case 129: /* dest AS Peer*/
- ti = proto_tree_add_item(pdutree, hf_cflow_peer_dstas,
+ case 129: /* source AS Peer*/
+ ti = proto_tree_add_item(pdutree, hf_cflow_peer_srcas,
tvb, offset, length, ENC_BIG_ENDIAN);
break;
case 147: /* wlanSSID */
ti = proto_tree_add_item(pdutree, hf_cflow_wlan_ssid,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 148: /* flowId */
case 160: /* systemInitTimeMilliseconds */
ts.secs = (tvb_get_ntoh64(tvb, offset)/1000);
- ts.nsecs = (tvb_get_ntoh64(tvb, offset)%1000) *1000000;
+ ts.nsecs = (int)(tvb_get_ntoh64(tvb, offset)%1000) *1000000;
ti = proto_tree_add_time(pdutree,
hf_cflow_sys_init_time,
tvb, offset, length, &ts);
case 236: /* VRFname */
ti = proto_tree_add_item(pdutree, hf_cflow_vrfname,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 237: /* postMplsTopLabelExp */
case 247: /* metroEvcId */
ti = proto_tree_add_item(pdutree, hf_cflow_metro_evc_id,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 248: /* metroEvcType */
case 258: /* collectionTimeMilliseconds */
ts.secs = (tvb_get_ntoh64(tvb, offset)/1000);
- ts.nsecs = (tvb_get_ntoh64(tvb, offset)%1000) *1000000;
+ ts.nsecs = (int)(tvb_get_ntoh64(tvb, offset)%1000) *1000000;
ti = proto_tree_add_time(pdutree,
hf_cflow_collection_time_milliseconds,
tvb, offset, length, &ts);
break;
case 268: /* maxFlowEndMicroseconds */
- reftime = tvb_get_ptr(tvb, offset, 8);
- ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_max_flow_end_microseconds,
- tvb, offset, length, reftime, "%s", ntp_fmt_ts(reftime));
+ ti = proto_tree_add_item(pdutree, hf_cflow_max_flow_end_microseconds,
+ tvb, offset, length, ENC_TIME_NTP|ENC_BIG_ENDIAN);
break;
case 269: /* maxFlowEndMilliseconds */
ts.secs = (tvb_get_ntoh64(tvb, offset)/1000);
- ts.nsecs = (tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
+ ts.nsecs = (int)(tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
ti = proto_tree_add_time(pdutree, hf_cflow_max_flow_end_milliseconds,
tvb, offset, length, &ts);
break;
case 270: /* maxFlowEndNanoseconds */
- reftime = tvb_get_ptr(tvb, offset, 8);
- ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_max_flow_end_nanoseconds,
- tvb, offset, length, reftime, "%s", ntp_fmt_ts(reftime));
+ ti = proto_tree_add_item(pdutree, hf_cflow_max_flow_end_nanoseconds,
+ tvb, offset, length, ENC_TIME_NTP|ENC_BIG_ENDIAN);
break;
case 271: /* minFlowStartMicroseconds */
- reftime = tvb_get_ptr(tvb, offset, 8);
- ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_min_flow_start_microseconds,
- tvb, offset, length, reftime, "%s", ntp_fmt_ts(reftime));
+ ti = proto_tree_add_item(pdutree, hf_cflow_min_flow_start_microseconds,
+ tvb, offset, length, ENC_TIME_NTP|ENC_BIG_ENDIAN);
break;
case 272: /* minFlowStartMilliseconds */
break;
case 273: /* minFlowStartNanoseconds */
- reftime = tvb_get_ptr(tvb, offset, 8);
- ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_min_flow_start_nanoseconds,
- tvb, offset, length, reftime, "%s", ntp_fmt_ts(reftime));
+ ti = proto_tree_add_item(pdutree, hf_cflow_min_flow_start_nanoseconds,
+ tvb, offset, length, ENC_TIME_NTP|ENC_BIG_ENDIAN);
break;
case 274: /* collectorCertificate */
case 323: /* observationTimeMilliseconds */
ts.secs = (tvb_get_ntoh64(tvb, offset)/1000);
- ts.nsecs = (tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
+ ts.nsecs = (int)(tvb_get_ntoh64(tvb, offset)%1000) * 1000000;
ti = proto_tree_add_time(pdutree, hf_cflow_observation_time_milliseconds,
tvb, offset, length, &ts);
break;
case 324: /* observationTimeMicroseconds */
- reftime = tvb_get_ptr(tvb, offset, 8);
- ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_observation_time_microseconds,
- tvb, offset, length, reftime, "%s", ntp_fmt_ts(reftime));
+ ti = proto_tree_add_item(pdutree, hf_cflow_observation_time_microseconds,
+ tvb, offset, length, ENC_TIME_NTP|ENC_BIG_ENDIAN);
break;
case 325: /* observationTimeNanoseconds */
- reftime = tvb_get_ptr(tvb, offset, 8);
- ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_observation_time_nanoseconds,
- tvb, offset, length, reftime, "%s", ntp_fmt_ts(reftime));
+ ti = proto_tree_add_item(pdutree, hf_cflow_observation_time_nanoseconds,
+ tvb, offset, length, ENC_TIME_NTP|ENC_BIG_ENDIAN);
break;
case 326: /* digestHashValue */
case 335: /* selectorName */
ti = proto_tree_add_item(pdutree, hf_cflow_selector_name,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 336: /* upperCILimit */
case 340: /* informationElementDescription */
ti = proto_tree_add_item(pdutree, hf_cflow_information_element_description,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 341: /* informationElementName */
ti = proto_tree_add_item(pdutree, hf_cflow_information_element_name,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
case 342: /* informationElementRangeBegin */
tvb, offset, length, ENC_BIG_ENDIAN);
break;
+ case 37000: /* packets_dropped */
+ ti = proto_tree_add_item(pdutree, hf_cflow_packets_dropped,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37003: /* byte_rate */
+ ti = proto_tree_add_item(pdutree, hf_cflow_byte_rate,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37004: /* application_media_bytes */
+ ti = proto_tree_add_item(pdutree, hf_cflow_application_media_bytes,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37006: /* application_media_byte_rate */
+ ti = proto_tree_add_item(pdutree, hf_cflow_application_media_byte_rate,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37007: /* application_media_packets */
+ ti = proto_tree_add_item(pdutree, hf_cflow_application_media_packets,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37009: /* application_media_packet_rate */
+ ti = proto_tree_add_item(pdutree, hf_cflow_application_media_packet_rate,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37011: /* application_media_event */
+ ti = proto_tree_add_item(pdutree, hf_cflow_application_media_event,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case 37012: /* monitor_event */
+ ti = proto_tree_add_item(pdutree, hf_cflow_monitor_event,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case 37013: /* timestamp_interval */
+ ti = proto_tree_add_item(pdutree, hf_cflow_timestamp_interval,
+ tvb, offset, length, ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN);
+ break;
+ case 37014: /* transport_packets_expected */
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_packets_expected,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37016: /* transport_round_trip_time */
+ if (tvb_get_ntohl(tvb,offset)== 0xFFFFFFFF ) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_round_trip_time_string,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ /* value is in microseconds, adjust to nanoseconds*/
+ ts.secs =0;
+ ts.nsecs= tvb_get_ntohl(tvb,offset) * 1000;
+ ti = proto_tree_add_time(pdutree, hf_cflow_transport_round_trip_time,
+ tvb, offset, length, &ts);
+ }
+ break;
+ case 37017: /* transport_event_packet_loss */
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_event_packet_loss,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37019: /* transport_packets_lost */
+ if (tvb_get_ntohl(tvb,offset)== 0xFFFFFFFF ) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_packets_lost_string,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_packets_lost,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ }
+ break;
+ case 37021: /* transport_packets_lost_rate */
+ if (tvb_get_ntohl(tvb,offset)== 0xFFFF ) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_packets_lost_rate_string,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_packets_lost_rate,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ }
+ break;
+ case 37022: /* transport_rtp_ssrc */
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_rtp_ssrc,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 37023: /* transport_rtp_jitter_mean */
+ if (tvb_get_ntohl(tvb,offset)== 0xFFFFFFFF ) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_rtp_jitter_mean_string,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ /* value is in microseconds, adjust to nanoseconds*/
+ ts.secs =0;
+ ts.nsecs= tvb_get_ntohl(tvb,offset) * 1000;
+
+ ti = proto_tree_add_time(pdutree, hf_cflow_transport_rtp_jitter_mean,
+ tvb, offset, length, &ts);
+ }
+ break;
+ case 37024: /* transport_rtp_jitter_min */
+ if (tvb_get_ntohl(tvb,offset)== 0xFFFFFFFF ) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_rtp_jitter_min_string,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ /* value is in microseconds, adjust to nanoseconds*/
+ ts.secs =0;
+ ts.nsecs= tvb_get_ntohl(tvb,offset) * 1000;
+ ti = proto_tree_add_time(pdutree, hf_cflow_transport_rtp_jitter_min,
+ tvb, offset, length, &ts);
+ }
+ break;
+ case 37025: /* transport_rtp_jitter_max */
+ if (tvb_get_ntohl(tvb,offset)== 0xFFFFFFFF ) {
+ ti = proto_tree_add_item(pdutree, hf_cflow_transport_rtp_jitter_max_string,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ } else {
+ /* value is in microseconds, adjust to nanoseconds*/
+ ts.secs =0;
+ ts.nsecs= tvb_get_ntohl(tvb,offset) * 1000;
+ ti = proto_tree_add_time(pdutree, hf_cflow_transport_rtp_jitter_max,
+ tvb, offset, length, &ts);
+ }
+ break;
+
+
+ /* Ericsson SE NAT Logging */
+ case 24628: /* natContextId */
+ ti = proto_tree_add_item(pdutree, hf_cflow_nat_context_id,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 24629: /* natContextName */
+ ti = proto_tree_add_item(pdutree, hf_cflow_nat_context_name,
+ tvb, offset, length, ENC_UTF_8|ENC_NA);
+ break;
+ case 24630: /* natAssignTime */
+ ts.secs = tvb_get_ntohl(tvb, offset);
+ ts.nsecs = 0;
+ ti = proto_tree_add_time(pdutree, hf_cflow_nat_assign_time,
+ tvb, offset, length, &ts);
+ break;
+ case 24631: /* natUnAssignTime */
+ ts.secs = tvb_get_ntohl(tvb, offset);
+ ts.nsecs = 0;
+ ti = proto_tree_add_time(pdutree, hf_cflow_nat_unassign_time,
+ tvb, offset, length, &ts);
+ break;
+ case 24632: /* natInternalAddr */
+ ti = proto_tree_add_item(pdutree, hf_cflow_nat_int_addr,
+ tvb, offset, length, ENC_NA);
+ break;
+ case 24633: /* natExternalAddr */
+ ti = proto_tree_add_item(pdutree, hf_cflow_nat_ext_addr,
+ tvb, offset, length, ENC_NA);
+ break;
+ case 24634: /* natExternalPortFirst */
+ ti = proto_tree_add_item(pdutree, hf_cflow_nat_ext_port_first,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case 24635: /* natExternalPortLast */
+ ti = proto_tree_add_item(pdutree, hf_cflow_nat_ext_port_last,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
/* Cisco ASA 5500 Series */
case 33000: /* NF_F_INGRESS_ACL_ID */
proto_tree_add_item(pdutree, hf_cflow_ingress_acl_id,
break;
case 40000: /* NF_F_USERNAME[_MAX] */
proto_tree_add_item(pdutree, hf_cflow_aaa_username,
- tvb, offset, length, ENC_NA);
+ tvb, offset, length, ENC_ASCII|ENC_NA);
break;
/* CACE Technologies */
case VENDOR_CACE << 16 | 6: /* caceLocalIPv4id */
ti = proto_tree_add_item(pdutree, hf_pie_cace_local_ipv4_id,
tvb, offset, length, ENC_BIG_ENDIAN);
- ipv4_id = tvb_get_ntohs(tvb, offset);
- got_flags |= GOT_IPv4_ID;
+ /*ipv4_id = tvb_get_ntohs(tvb, offset);*/
+ /*got_flags |= GOT_IPv4_ID;*/
break;
case VENDOR_CACE << 16 | 7: /* caceLocalICMPid */
ti = proto_tree_add_item(pdutree, hf_pie_cace_local_icmp_id,
tvb, offset, length, ENC_BIG_ENDIAN);
- icmp_id = tvb_get_ntohs(tvb, offset);
- got_flags |= GOT_ICMP_ID;
+ /*icmp_id = tvb_get_ntohs(tvb, offset);*/
+ /*got_flags |= GOT_ICMP_ID;*/
break;
case VENDOR_CACE << 16 | 8: /* caceLocalProcessUserId */
got_flags |= GOT_COMMAND;
break;
- default: /* Unknown Field ID */
- if ((hdrinfo->vspec == 9) || (pen == REVPEN)) {
- ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_unknown_field_type,
- tvb, offset, length,
- tvb_get_ptr(tvb, offset, length),
- "Type %u: Value (hex bytes): %s",
- masked_type,
- tvb_bytes_to_str_punct(tvb, offset, length, ' '));
- } else { /* v10 PEN */
- ti = proto_tree_add_bytes_format_value(pdutree, hf_ipfix_enterprise_private_entry,
- tvb, offset, length,
- tvb_get_ptr(tvb, offset, length),
- "(%s) Type %u: Value (hex bytes): %s",
- pen_str,
- masked_type,
- tvb_bytes_to_str_punct(tvb, offset, length, ' '));
- }
+ /* START NTOP */
+ case (NTOP_BASE + 80): /* FRAGMENTED */
+ case ((VENDOR_NTOP << 16) | 80): /* FRAGMENTED */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_fragmented,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 81): /* FINGERPRINT */
+ case ((VENDOR_NTOP << 16) | 81): /* FINGERPRINT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_fingerprint,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 82): /* CLIENT_NW_DELAY_SEC */
+ case ((VENDOR_NTOP << 16) | 82): /* CLIENT_NW_DELAY_SEC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_client_nw_delay_sec,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 83): /* /\* CLIENT_NW_DELAY_USEC *\/ */
+ case ((VENDOR_NTOP << 16) | 83): /* CLIENT_NW_DELAY_USEC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_client_nw_delay_usec,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 84): /* SERVER_NW_DELAY_SEC */
+ case ((VENDOR_NTOP << 16) | 84): /* SERVER_NW_DELAY_SEC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_server_nw_delay_sec,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 85): /* SERVER_NW_DELAY_USEC */
+ case ((VENDOR_NTOP << 16) | 85): /* SERVER_NW_DELAY_USEC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_server_nw_delay_usec,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 86): /* APPL_LATENCY_SEC */
+ case ((VENDOR_NTOP << 16) | 86): /* APPL_LATENCY_SEC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_appl_latency_sec,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 87): /* APPL_LATENCY_USEC */
+ case ((VENDOR_NTOP << 16) | 87): /* APPL_LATENCY_USEC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_appl_latency_sec,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 98): /* ICMP_FLAGS */
+ case ((VENDOR_NTOP << 16) | 98): /* ICMP_FLAGS */
+ /* Cumulative of all flow ICMP types */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_icmp_flags,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 101): /* SRC_IP_COUNTRY */
+ case ((VENDOR_NTOP << 16) | 101): /* SRC_IP_COUNTRY */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_src_ip_country,
+ tvb, offset, length, ENC_ASCII|ENC_NA);
+ break;
+ case (NTOP_BASE + 102): /* SRC_IP_CITY */
+ case ((VENDOR_NTOP << 16) | 102): /* SRC_IP_CITY */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_src_ip_city,
+ tvb, offset, length, ENC_ASCII|ENC_NA);
+ break;
+ case (NTOP_BASE + 103): /* DST_IP_COUNTRY */
+ case ((VENDOR_NTOP << 16) | 103): /* DST_IP_COUNTRY */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_dst_ip_country,
+ tvb, offset, length, ENC_ASCII|ENC_NA);
+ break;
+ case (NTOP_BASE + 104): /* DST_IP_CITY */
+ case ((VENDOR_NTOP << 16) | 104): /* DST_IP_CITY */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_dst_ip_city,
+ tvb, offset, length, ENC_ASCII|ENC_NA);
+ break;
+ case (NTOP_BASE + 105): /* FLOW_PROTO_PORT */
+ case ((VENDOR_NTOP << 16) | 105): /* FLOW_PROTO_PORT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_flow_proto_port,
+ tvb, offset, length, ENC_BIG_ENDIAN);
break;
- } /* switch (pen_type) */
-
- if (ti && (vstr_len != 0)) { /* XXX: ugh: not very pretty: how to show/highlight actual length bytes ?? */
- proto_item_append_text(ti, " (Variable Length)");
- }
- if (ti && (pen == REVPEN)) {
- /* XXX: why showing type ? type not shown if not reverse */
- proto_item_append_text(ti, " (Reverse Type %u %s)",
- masked_type,
- val_to_str_ext_const(masked_type, &v9_v10_template_types_ext,"Unknown"));
- }
+ case (NTOP_BASE + 106): /* TUNNEL_ID */
+ case ((VENDOR_NTOP << 16) | 106): /* TUNNEL_ID */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_tunnel_id,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 107): /* LONGEST_FLOW_PKT */
+ case ((VENDOR_NTOP << 16) | 107): /* LONGEST_FLOW_PKT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_longest_flow_pkt,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 108): /* SHORTEST_FLOW_PKT */
+ case ((VENDOR_NTOP << 16) | 108): /* SHORTEST_FLOW_PKT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_shortest_flow_pkt,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 109): /* RETRANSMITTED_IN_PKTS */
+ case ((VENDOR_NTOP << 16) | 109): /* RETRANSMITTED_IN_PKTS */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_retransmitted_in_pkts,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 110): /* RETRANSMITTED_OUT_PKTS */
+ case ((VENDOR_NTOP << 16) | 110): /* RETRANSMITTED_OUT_PKTS */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_retransmitted_out_pkts,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 111): /* OOORDER_IN_PKTS */
+ case ((VENDOR_NTOP << 16) | 111): /* OOORDER_IN_PKTS */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_ooorder_in_pkts,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 112): /* OOORDER_OUT_PKTS */
+ case ((VENDOR_NTOP << 16) | 112): /* OOORDER_OUT_PKTS */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_ooorder_out_pkts,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 113): /* UNTUNNELED_PROTOCOL */
+ case ((VENDOR_NTOP << 16) | 113): /* UNTUNNELED_PROTOCOL */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_untunneled_protocol,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 114): /* UNTUNNELED_IPV4_SRC_ADDR */
+ case ((VENDOR_NTOP << 16) | 114): /* UNTUNNELED_IPV4_SRC_ADDR */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_untunneled_ipv4_src_addr,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 115): /* UNTUNNELED_L4_SRC_PORT */
+ case ((VENDOR_NTOP << 16) | 115): /* UNTUNNELED_L4_SRC_PORT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_untunneled_l4_src_port,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 116): /* UNTUNNELED_IPV4_DST_ADDR */
+ case ((VENDOR_NTOP << 16) | 116): /* UNTUNNELED_IPV4_DST_ADDR */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_untunneled_ipv4_dst_addr,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 117): /* UNTUNNELED_L4_DST_PORT */
+ case ((VENDOR_NTOP << 16) | 117): /* UNTUNNELED_L4_DST_PORT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_untunneled_l4_dst_port,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
- offset += length;
- } /* for (i=0; i < count; i++) */
+ case (NTOP_BASE + 120): /* DUMP_PATH */
+ case ((VENDOR_NTOP << 16) | 120): /* DUMP_PATH */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_dump_path,
+ tvb, offset, length, ENC_ASCII|ENC_NA);
+ break;
- /* If only "start" or "end" time, show it here */
- /* XXX: length is actually be 8 if millisec, microsec, nanosec time */
+ case (NTOP_BASE + 130): /* SIP_CALL_ID */
+ case ((VENDOR_NTOP << 16) | 130): /* SIP_CALL_ID */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_sip_call_id,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 131): /* SIP_CALLING_PARTY */
+ case ((VENDOR_NTOP << 16) | 131): /* SIP_CALLING_PARTY */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_sip_calling_party,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 132): /* SIP_CALLED_PARTY */
+ case ((VENDOR_NTOP << 16) | 132): /* SIP_CALLED_PARTY */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_sip_called_party,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 133): /* SIP_RTP_CODECS */
+ case ((VENDOR_NTOP << 16) | 133): /* SIP_RTP_CODECS */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_sip_rtp_codecs,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 134): /* SIP_INVITE_TIME */
+ case ((VENDOR_NTOP << 16) | 134): /* SIP_INVITE_TIME */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_invite_time,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 135): /* SIP_TRYING_TIME */
+ case ((VENDOR_NTOP << 16) | 135): /* SIP_TRYING_TIME */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_trying_time,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 136): /* SIP_RINGING_TIME */
+ case ((VENDOR_NTOP << 16) | 136): /* SIP_RINGING_TIME */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_ringing_time,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 137): /* SIP_OK_TIME */
+ case ((VENDOR_NTOP << 16) | 137): /* SIP_OK_TIME */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_ok_time,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 138): /* SIP_BYE_TIME */
+ case ((VENDOR_NTOP << 16) | 138): /* SIP_BYE_TIME */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_bye_time,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 139): /* SIP_RTP_SRC_IP */
+ case ((VENDOR_NTOP << 16) | 139): /* SIP_RTP_SRC_IP */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_rtp_src_ip,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 140): /* SIP_RTP_SRC_PORT */
+ case ((VENDOR_NTOP << 16) | 140): /* SIP_RTP_SRC_PORT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_rtp_src_port,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 141): /* SIP_RTP_DST_IP */
+ case ((VENDOR_NTOP << 16) | 141): /* SIP_RTP_DST_IP */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_rtp_dst_ip,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 142): /* SIP_RTP_DST_PORT */
+ case ((VENDOR_NTOP << 16) | 142): /* SIP_RTP_DST_PORT */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_sip_rtp_dst_port,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 150): /* RTP_FIRST_SSRC */
+ case ((VENDOR_NTOP << 16) | 150): /* RTP_FIRST_SSRC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_first_ssrc,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 151): /* RTP_FIRST_TS */
+ case ((VENDOR_NTOP << 16) | 151): /* RTP_FIRST_TS */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_first_ts,
+ tvb, offset, length, ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 152): /* RTP_LAST_SSRC */
+ case ((VENDOR_NTOP << 16) | 152): /* RTP_LAST_SSRC */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_last_ssrc,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 153): /* RTP_LAST_TS */
+ case ((VENDOR_NTOP << 16) | 153): /* RTP_LAST_TS */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_last_ts,
+ tvb, offset, length, ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 154): /* RTP_IN_JITTER */
+ case ((VENDOR_NTOP << 16) | 154): /* RTP_IN_JITTER */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_in_jitter,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 155): /* RTP_OUT_JITTER */
+ case ((VENDOR_NTOP << 16) | 155): /* RTP_OUT_JITTER */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_out_jitter,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 156): /* RTP_IN_PKT_LOST */
+ case ((VENDOR_NTOP << 16) | 156): /* RTP_IN_PKT_LOST */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_in_pkt_lost,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 157): /* RTP_OUT_PKT_LOST */
+ case ((VENDOR_NTOP << 16) | 157): /* RTP_OUT_PKT_LOST */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_out_pkt_lost,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 158): /* RTP_OUT_PAYLOAD_TYPE */
+ case ((VENDOR_NTOP << 16) | 158): /* RTP_OUT_PAYLOAD_TYPE */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_out_payload_type,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 159): /* RTP_IN_MAX_DELTA */
+ case ((VENDOR_NTOP << 16) | 159): /* RTP_IN_MAX_DELTA */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_in_max_delta,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 160): /* RTP_OUT_MAX_DELTA */
+ case ((VENDOR_NTOP << 16) | 160): /* RTP_OUT_MAX_DELTA */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_rtp_out_max_delta,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 168): /* PROC_ID */
+ case ((VENDOR_NTOP << 16) | 168): /* PROC_ID */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_proc_id,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case (NTOP_BASE + 169): /* PROC_NAME */
+ case ((VENDOR_NTOP << 16) | 169): /* PROC_NAME */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_proc_name,
+ tvb, offset, length, ENC_ASCII|ENC_NA);
+ break;
+ case (NTOP_BASE + 180): /* HTTP_URL */
+ case ((VENDOR_NTOP << 16) | 180): /* HTTP_URL */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_http_url,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 181): /* HTTP_RET_CODE */
+ case ((VENDOR_NTOP << 16) | 181): /* HTTP_RET_CODE */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_http_ret_code,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+
+ case (NTOP_BASE + 182): /* HTTP_REFERER */
+ case ((VENDOR_NTOP << 16) | 182): /* HTTP_REFERER */
+ break;
+ case (NTOP_BASE + 183): /* HTTP_UA */
+ case ((VENDOR_NTOP << 16) | 183): /* HTTP_UA */
+ break;
+ case (NTOP_BASE + 184): /* HTTP_MIME */
+ case ((VENDOR_NTOP << 16) | 184): /* HTTP_MIME */
+ break;
+
+ case (NTOP_BASE + 185): /* SMTP_MAIL_FROM */
+ case ((VENDOR_NTOP << 16) | 185): /* SMTP_MAIL_FROM */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_smtp_mail_from,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 186): /* SMTP_RCPT_TO */
+ case ((VENDOR_NTOP << 16) | 186): /* SMTP_RCPT_TO */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_smtp_rcpt_to,
+ tvb, offset, length, gen_str);
+ break;
+
+ case (NTOP_BASE + 190): /* FLOW_ID */
+ case ((VENDOR_NTOP << 16) | 190): /* FLOW_ID */
+ ti = proto_tree_add_item(pdutree, hf_cflow_flow_id,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+
+ case (NTOP_BASE + 195): /* MYSQL_SERVER_VERSION */
+ case ((VENDOR_NTOP << 16) | 195): /* MYSQL_SERVER_VERSION */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_mysql_server_version,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 196): /* MYSQL_USERNAME */
+ case ((VENDOR_NTOP << 16) | 196): /* MYSQL_USERNAME */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_mysql_username,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 197): /* MYSQL_DB */
+ case ((VENDOR_NTOP << 16) | 197): /* MYSQL_DB */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_mysql_db,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 198): /* MYSQL_QUERY */
+ case ((VENDOR_NTOP << 16) | 198): /* MYSQL_QUERY */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_ntop_mysql_query,
+ tvb, offset, length, gen_str);
+ break;
+ case (NTOP_BASE + 199): /* MYSQL_RESPONSE */
+ case ((VENDOR_NTOP << 16) | 199): /* MYSQL_RESPONSE */
+ ti = proto_tree_add_item(pdutree, hf_pie_ntop_mysql_response,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+
+ break;
+
+ /* END NTOP */
+
+ /* START Plixer International */
+ case ((VENDOR_PLIXER << 16) | 100): /* client_ip_v4 */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_client_ip_v4,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 101): /* client_hostname */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_client_hostname,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 102): /* partner_name */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_partner_name,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 103): /* server_hostname */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_server_hostname,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 104): /* server_ip_v4 */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_server_ip_v4,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 105): /* recipient_address */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_recipient_address,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 106): /* event_id */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_event_id,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 107): /* msgid */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_msgid,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 108): /* priority */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_priority,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 109): /* recipient_report_status */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_recipient_report_status,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 110): /* number_recipients */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_number_recipients,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 111): /* origination_time */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_origination_time,
+ tvb, offset, length, ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 112): /* encryption */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_encryption,
+ tvb, offset, length, ENC_BIG_ENDIAN);
+ break;
+ case ((VENDOR_PLIXER << 16) | 113): /* service_version */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_service_version,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 114): /* linked_msgid */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_linked_msgid,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 115): /* message_subject */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_message_subject,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 116): /* sender_address */
+ gen_str = tvb_format_text(tvb, offset, length);
+ ti = proto_tree_add_string(pdutree, hf_pie_plixer_sender_address,
+ tvb, offset, length, gen_str);
+ break;
+ case ((VENDOR_PLIXER << 16) | 117): /* date_time */
+ ti = proto_tree_add_item(pdutree, hf_pie_plixer_date_time,
+ tvb, offset, length, ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN);
+ break;
+ /* END Plixer International */
+
+ default: /* Unknown Field ID */
+ if ((hdrinfo->vspec == 9) || (pen == REVPEN)) {
+ ti = proto_tree_add_bytes_format_value(pdutree, hf_cflow_unknown_field_type,
+ tvb, offset, length, NULL,
+ "Type %u: Value (hex bytes): %s",
+ masked_type,
+ tvb_bytes_to_str_punct(tvb, offset, length, ' '));
+ } else { /* v10 PEN */
+ ti = proto_tree_add_bytes_format_value(pdutree, hf_ipfix_enterprise_private_entry,
+ tvb, offset, length, NULL,
+ "(%s) Type %u: Value (hex bytes): %s",
+ pen_str ? pen_str : "(null)",
+ masked_type,
+ tvb_bytes_to_str_punct(tvb, offset, length, ' '));
+ }
+ break;
+
+ } /* switch (pen_type) */
+
+ if (ti && (vstr_len != 0)) {
+ /* XXX: ugh: not very pretty: how to show/highlight actual length bytes ?? */
+ /* YYY: added the length in a tree. Not sure if this is best. */
+ proto_item_append_text(ti, " (Variable Length)");
+ PROTO_ITEM_SET_GENERATED(ti);
+ string_tree = proto_item_add_subtree(ti, ett_str_len);
+ proto_tree_add_uint(string_tree, hf_string_len_short, tvb,
+ gen_str_offset-vstr_len, 1, string_len_short);
+ if (vstr_len == 3) {
+ proto_tree_add_uint(string_tree, hf_string_len_long, tvb,
+ gen_str_offset-2, 2, string_len_long);
+ }
+
+
+
+ }
+
+ if (ti && (pen == REVPEN)) {
+ /* XXX: why showing type ? type not shown if not reverse */
+ proto_item_append_text(ti, " (Reverse Type %u %s)",
+ masked_type,
+ val_to_str_ext_const(masked_type, &v9_v10_template_types_ext,"Unknown"));
+ }
+
+ offset += length;
+ } /* for (i=0; i < count; i++) */
+
+ /* If only "start" or "end" time, show it here */
+ /* XXX: length is actually 8 if millisec, microsec, nanosec time */
for (i = 0; i < 2; i++) {
if (!(offset_s[i] && offset_e[i])) {
if (offset_s[i]) {
static const int *v9_template_type_hf_list[TF_NUM] = {
&hf_cflow_template_scope_field_type, /* scope */
&hf_cflow_template_field_type}; /* entry */
-static const int *v10_template_type_hf_list[TF_NUM] = {
+static const int *v10_template_type_hf_list[TF_NUM_EXT] = {
&hf_cflow_template_ipfix_field_type, /* scope */
- &hf_cflow_template_ipfix_field_type}; /* entry */
+ &hf_cflow_template_ipfix_field_type,
+ &hf_cflow_template_plixer_field_type,
+ &hf_cflow_template_ntop_field_type,
+ NULL};
static value_string_ext *v9_template_type_vse_list[TF_NUM] = {
&v9_scope_field_types_ext, /* scope */
&v9_v10_template_types_ext }; /* entry */
-static value_string_ext *v10_template_type_vse_list[TF_NUM] = {
+static value_string_ext *v10_template_type_vse_list[TF_NUM_EXT] = {
&v9_v10_template_types_ext, /* scope */
- &v9_v10_template_types_ext }; /* entry */
+ &v9_v10_template_types_ext, /* entry */
+ &v10_template_types_plixer_ext,
+ &v10_template_types_ntop_ext,
+ NULL};
static int
dissect_v9_v10_template_fields(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tplt_tree, int offset,
for(i=0; i<count; i++) {
guint16 type;
guint16 length;
- guint16 pen;
+ guint32 pen;
const gchar *pen_str;
proto_tree *field_tree;
proto_item *field_item;
proto_tree_add_item(field_tree, hf_cflow_template_ipfix_pen_provided,
tvb, offset, 2, ENC_BIG_ENDIAN);
if ( !(type & 0x8000) || (pen == REVPEN)) {
- proto_item *ti;
- ti = proto_tree_add_item(field_tree, *v10_template_type_hf_list[fields_type],
+ proto_item *rp_ti;
+ rp_ti = proto_tree_add_item(field_tree, *v10_template_type_hf_list[fields_type],
tvb, offset, 2, ENC_BIG_ENDIAN);
proto_item_append_text(field_item, ": %s",
val_to_str_ext(type&0x7fff, v10_template_type_vse_list[fields_type], "Unknown(%d)"));
if (pen == REVPEN) {
- proto_item_append_text(ti, " [Reverse]");
+ proto_item_append_text(rp_ti, " [Reverse]");
proto_item_append_text(field_item, " [Reverse]");
}
- } else { /* Private Enterprise */
- proto_item *ti;
- ti = proto_tree_add_item(field_tree, hf_cflow_template_ipfix_field_type_enterprise,
- tvb, offset, 2, ENC_BIG_ENDIAN);
- proto_item_append_text(ti, " [pen: %s]", pen_str);
- proto_item_append_text(field_item, ": %3u [pen: %s]", type&0x7fff, pen_str);
+ } else {
+ int fields_type_pen = pen_to_type_hf_list(pen);
+ if (fields_type_pen != TF_NO_VENDOR_INFO) {
+ proto_tree_add_item(field_tree, *v10_template_type_hf_list[fields_type_pen],
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ proto_item_append_text(field_item, ": %s",
+ val_to_str_ext(type&0x7fff, v10_template_type_vse_list[fields_type_pen], "Unknown(%d)"));
+ } else { /* Private Enterprise */
+ proto_item *pen_ti;
+ pen_ti = proto_tree_add_item(field_tree, hf_cflow_template_ipfix_field_type_enterprise,
+ tvb, offset, 2, ENC_BIG_ENDIAN);
+ proto_item_append_text(pen_ti, " [pen: %s]", pen_str);
+ proto_item_append_text(field_item, ": %3u [pen: %s]", type&0x7fff, pen_str);
+ }
}
}
remaining = length;
while (remaining > 3) { /* allow for padding */
+ struct v9_v10_template *tmplt_cache_p;
struct v9_v10_template tplt;
proto_tree *tplt_tree;
proto_item *tplt_item;
proto_item_append_text(tplt_item, " (Scope Count = %u; Data Count = %u)", option_scope_field_count, option_field_count);
proto_item_set_len(tplt_item, 6 +4*(option_scope_field_count+option_field_count));
- if (option_field_count > V9TEMPLATE_MAX_FIELDS) {
+ if (v9template_max_fields &&
+ (option_field_count > v9template_max_fields)) {
expert_add_info_format(pinfo, ti, PI_UNDECODED, PI_NOTE,
- "More options (%u) than we can handle",
+ "More options (%u) than we can handle. Maximum value can be adjusted in the protocol preferences.",
option_field_count);
}
- if (option_scope_field_count > V9TEMPLATE_MAX_FIELDS) {
+ if (v9template_max_fields &&
+ (option_scope_field_count > v9template_max_fields)) {
expert_add_info_format(pinfo, ti, PI_UNDECODED, PI_NOTE,
- "More scopes (%u) than we can handle [template won't be used]",
+ "More scopes (%u) than we can handle [template won't be used]. Maximum value can be adjusted in the protocol preferences.",
option_scope_field_count);
}
SE_COPY_ADDRESS(&tplt.source_addr, &hdrinfo->net_src);
tplt.source_id = hdrinfo->src_id;
- tplt.option_template = TRUE; /* Option template */ /* XXX: ? not used ? */
tplt.field_count[TF_SCOPES] = option_scope_field_count;
tplt.field_count[TF_ENTRIES] = option_field_count;
-
- /* If entry for this hash already exists (whether or not actually for for this id, ...) */
- /* tplt.fields[TF_SCOPES] and tplt.fields[TF_ENTRIES] will be NULL and thus this */
- /* template will not be cached. */
- /* ToDo: expert warning if replacement/collision and new template ignored. */
- /* XXX: Is an Options template with only scope fields allowed for V9 ?? */
-
- do {
- if ((option_scope_field_count == 0) || (option_scope_field_count > V9TEMPLATE_MAX_FIELDS)
- /**|| (option_field_count == 0)**/ || (option_field_count > V9TEMPLATE_MAX_FIELDS)) {
- break; /* Don't allow cache of this template */
- }
- if (v9_v10_template_get(id, &hdrinfo->net_src, hdrinfo->src_id)) {
- /* Entry for this hash already exists; Can be dup or collision. */
- /* XXX: ToDo: use GHashTable so no collisions. */
- break; /* Don't allow cache of this template */
- }
- tplt.fields[TF_SCOPES] = se_alloc0(option_scope_field_count *sizeof(struct v9_v10_template_entry));
- tplt.fields[TF_ENTRIES] = se_alloc0(option_field_count *sizeof(struct v9_v10_template_entry));
- break;
- } while (FALSE);
+ tplt.template_exists = TRUE;
+
+ /* If an entry for this hash already exists (whether or not actually for for this id, ...) */
+ /* then after the 'do {} while' tplt.fields[TF_SCOPES] and tplt.fields[TF_ENTRIES] will */
+ /* be NULL (no memory will have been allocated) and thus this template will not be cached */
+ /* after dissection. */
+ /* ToDo: expert warning if replacement/collision and new template ignored. */
+ /* XXX: Is an Options template with only scope fields allowed for V9 ?? */
+
+ tmplt_cache_p = v9_v10_template_cache_addr(tplt.id, &tplt.source_addr, tplt.source_id);
+ if (!pinfo->fd->flags.visited) { /* cache template info only during first pass */
+ do {
+ if ((option_scope_field_count == 0) ||
+ (v9template_max_fields &&
+ ((option_scope_field_count > v9template_max_fields)
+ || (option_field_count > v9template_max_fields)))) {
+ break; /* Don't allow cache of this template */
+ }
+ if (tmplt_cache_p->template_exists) {
+ /* Entry for this hash already exists; Can be dup or collision. */
+ /* ToDo: use GHashTable so no collisions. */
+ /* ToDo: Test for changed template ? */
+ break; /* Don't allow cache of this template */
+ }
+ tplt.fields[TF_SCOPES] = se_alloc0(option_scope_field_count *sizeof(struct v9_v10_template_entry));
+ tplt.fields[TF_ENTRIES] = se_alloc0(option_field_count *sizeof(struct v9_v10_template_entry));
+ break;
+ } while (FALSE);
+ }
offset = dissect_v9_v10_template_fields(tvb, pinfo, tplt_tree, offset,
hdrinfo, &tplt, TF_SCOPES);
hdrinfo, &tplt, TF_ENTRIES);
if (tplt.fields[TF_SCOPES] || tplt.fields[TF_ENTRIES]) {
- memcpy(&v9_v10_template_cache[v9_v10_template_hash(tplt.id,
- &tplt.source_addr,
- tplt.source_id)],
- &tplt, sizeof(tplt));
+ memcpy(tmplt_cache_p, &tplt, sizeof(tplt));
}
remaining -= offset - orig_offset;
remaining = length;
while (remaining > 3) { /* allow for padding */
+ struct v9_v10_template *tmplt_cache_p;
struct v9_v10_template tplt;
proto_tree *tplt_tree;
proto_item *tplt_item;
tvb, offset, 2, ENC_BIG_ENDIAN);
offset += 2;
- if (count > V9TEMPLATE_MAX_FIELDS) {
+ if (v9template_max_fields && (count > v9template_max_fields)) {
expert_add_info_format(pinfo, ti, PI_UNDECODED, PI_NOTE,
- "More entries (%u) than we can handle [template won't be used]",
+ "More entries (%u) than we can handle [template won't be used]."
+ " Maximum value can be adjusted in the protocol preferences.",
count);
}
SE_COPY_ADDRESS(&tplt.source_addr, &hdrinfo->net_src);
tplt.source_id = hdrinfo->src_id;
tplt.field_count[TF_ENTRIES] = count;
-
- /* If entry for this hash already exists (whether or not actually for for this id, ...) */
- /* tplt.fields[TF_ENTRIES]will be NULL and thus this template will not be cached. */
- do {
- if ((count == 0) || (count > V9TEMPLATE_MAX_FIELDS)) {
- break; /* Don't allow cache of this template */
- }
- if (v9_v10_template_get(id, &hdrinfo->net_src, hdrinfo->src_id)) {
- /* Entry for this hash already exists; Can be dup or collision. */
- /* XXX: ToDo: use GHashTable so no collisions. */
- break; /* Don't allow cache of this template */
- }
- tplt.fields[TF_ENTRIES] = se_alloc0(count * sizeof(struct v9_v10_template_entry));
- break;
- } while (FALSE);
-
+ tplt.template_exists = TRUE;
+
+ /* If an entry for this hash already exists (whether or not actually for for this id, ...) */
+ /* then after the 'do {} while' tplt.fields[TF_ENTRIES] will be NULL (no memory will have */
+ /* been allocated) and thus this template will not be cached. */
+ /* ToDo: expert warning if replacement/collision and new template ignored. */
+
+ tmplt_cache_p = v9_v10_template_cache_addr(tplt.id, &tplt.source_addr, tplt.source_id);
+ if (!pinfo->fd->flags.visited) { /* cache template info only during first pass */
+ do {
+ if ((count == 0) ||
+ (v9template_max_fields && (count > v9template_max_fields))) {
+ break; /* Don't allow cache of this template */
+ }
+ if (tmplt_cache_p->template_exists) {
+ /* Entry for this hash already exists; Can be dup or collision. */
+ /* ToDo: use GHashTable so no collisions. */
+ /* ToDo: Test for changed template ? */
+ break; /* Don't allow cache of this template */
+ }
+ tplt.fields[TF_ENTRIES] = se_alloc0(count * sizeof(struct v9_v10_template_entry));
+ break;
+ } while (FALSE);
+ }
offset = dissect_v9_v10_template_fields(tvb, pinfo, tplt_tree, offset,
hdrinfo, &tplt, TF_ENTRIES);
if (tplt.fields[TF_ENTRIES]) {
- memcpy(&v9_v10_template_cache[v9_v10_template_hash(tplt.id,
- &tplt.source_addr,
- tplt.source_id)],
- &tplt, sizeof(tplt));
+ memcpy(tmplt_cache_p, &tplt, sizeof(tplt));
}
remaining -= offset - orig_offset;
}
p = (guint8 *)(net_src->data);
- val = id;
+ val = id << 9;
switch (net_src->type) {
case AT_IPv4:
p += 4;
}
- val += src_id;
+ val = (val + src_id) % V9_V10_TEMPLATE_CACHE_MAX_ENTRIES;
+
+ return val;
+}
+
- return val % V9_V10_TEMPLATE_CACHE_MAX_ENTRIES;
+static struct v9_v10_template *
+v9_v10_template_cache_addr(guint16 id, address *net_src, guint32 src_id)
+{
+ return &v9_v10_template_cache[v9_v10_template_hash(id, net_src, src_id)];
}
static struct v9_v10_template *
{
struct v9_v10_template *tplt;
- tplt = &v9_v10_template_cache[v9_v10_template_hash(id, net_src, src_id)];
+ tplt = v9_v10_template_cache_addr(id, net_src, src_id);
- if (tplt->id != id ||
+ if ((tplt->template_exists != TRUE) ||
+ (tplt->id != id) ||
!ADDRESSES_EQUAL(&tplt->source_addr, net_src) ||
- tplt->source_id != src_id) {
+ (tplt->source_id != src_id)) {
tplt = NULL;
}
},
{&hf_cflow_aggmethod,
{"AggMethod", "cflow.aggmethod",
- FT_UINT8, BASE_DEC, VALS(v8_agg), 0x0,
+ FT_UINT8, BASE_DEC|BASE_EXT_STRING, &v8_agg_ext, 0x0,
"CFlow V8 Aggregation Method", HFILL}
},
{&hf_cflow_aggversion,
{&hf_cflow_srcaddr,
{"SrcAddr", "cflow.srcaddr",
FT_IPv4, BASE_NONE, NULL, 0x0,
- "Flow Source Address", HFILL}
+ "Flow Source Address (IPv4)", HFILL}
},
{&hf_cflow_srcaddr_v6,
{"SrcAddr", "cflow.srcaddrv6",
FT_IPv6, BASE_NONE, NULL, 0x0,
- "Flow Source Address", HFILL}
+ "Flow Source Address (IPv6)", HFILL}
},
{&hf_cflow_srcnet,
{"SrcNet", "cflow.srcnet",
{&hf_cflow_dstaddr,
{"DstAddr", "cflow.dstaddr",
FT_IPv4, BASE_NONE, NULL, 0x0,
- "Flow Destination Address", HFILL}
+ "Flow Destination Address (IPv4)", HFILL}
},
{&hf_cflow_dstaddr_v6,
{"DstAddr", "cflow.dstaddrv6",
FT_IPv6, BASE_NONE, NULL, 0x0,
- "Flow Destination Address", HFILL}
+ "Flow Destination Address (IPv6)", HFILL}
},
{&hf_cflow_dstnet,
{"DstNet", "cflow.dstnet",
{&hf_cflow_nexthop,
{"NextHop", "cflow.nexthop",
FT_IPv4, BASE_NONE, NULL, 0x0,
- "Router nexthop", HFILL}
+ "Router nexthop (IPv4)", HFILL}
},
{&hf_cflow_nexthop_v6,
{"NextHop", "cflow.nexthopv6",
FT_IPv6, BASE_NONE, NULL, 0x0,
- "Router nexthop", HFILL}
+ "Router nexthop (IPv6)", HFILL}
},
{&hf_cflow_bgpnexthop,
{"BGPNextHop", "cflow.bgpnexthop",
FT_IPv4, BASE_NONE, NULL, 0x0,
- "BGP Router Nexthop", HFILL}
+ "BGP Router Nexthop (IPv4)", HFILL}
},
{&hf_cflow_bgpnexthop_v6,
{"BGPNextHop", "cflow.bgpnexthopv6",
FT_IPv6, BASE_NONE, NULL, 0x0,
- "BGP Router Nexthop", HFILL}
+ "BGP Router Nexthop (IPv6)", HFILL}
},
{&hf_cflow_inputint,
{"InputInt", "cflow.inputint",
FT_UINT8, BASE_DEC, VALS(v9_forwarding_status), 0xC0,
"Forwarding Status", HFILL}
},
- {&hf_cflow_forwarding_code,
- {"ForwdCode", "cflow.forwarding_code",
- FT_UINT8, BASE_DEC, VALS(v9_forwarding_status_code), 0x3F,
- "Forwarding Code", HFILL}
+ {&hf_cflow_forwarding_status_unknown_code,
+ {"ForwdCode", "cflow.forwarding_status_unknown_code",
+ FT_UINT8, BASE_DEC, VALS(v9_forwarding_status_unknown_code), 0x3F,
+ NULL, HFILL}
+ },
+ {&hf_cflow_forwarding_status_forward_code,
+ {"ForwdCode", "cflow.forwarding_status_foreward_code",
+ FT_UINT8, BASE_DEC, VALS(v9_forwarding_status_forward_code), 0x3F,
+ NULL, HFILL}
+ },
+ {&hf_cflow_forwarding_status_drop_code,
+ {"ForwdCode", "cflow.forwarding_status_drop_code",
+ FT_UINT8, BASE_DEC, VALS(v9_forwarding_status_drop_code), 0x3F,
+ NULL, HFILL}
+ },
+ {&hf_cflow_forwarding_status_consume_code,
+ {"ForwdCode", "cflow.forwarding_status_consume_code",
+ FT_UINT8, BASE_DEC, VALS(v9_forwarding_status_consume_code), 0x3F,
+ NULL, HFILL}
},
{&hf_cflow_nbar_appl_desc,
{"ApplicationDesc", "cflow.appl_desc",
},
{&hf_cflow_nbar_appl_id,
{"ApplicationID", "cflow.appl_id",
- FT_UINT16, BASE_DEC, NULL, 0x0,
+ FT_UINT32, BASE_CUSTOM, nbar_fmt_id, 0x0,
"Application ID (NBAR)", HFILL}
},
{&hf_cflow_nbar_appl_name,
{&hf_cflow_flow_exporter,
{"FlowExporter", "cflow.flow_exporter",
FT_BYTES/*FT_IPv4*/, BASE_NONE, NULL, 0x0,
- "Flow Exporter", HFILL}
+ NULL, HFILL}
},
{&hf_cflow_icmp_ipv4_type,
{"IPv4 ICMP Type", "cflow.icmp_ipv4_type",
{&hf_cflow_octets_squared64,
{"OctetsSquared", "cflow.octets_squared",
FT_UINT64, BASE_DEC, NULL, 0x0,
- "Octets Squared", HFILL}
+ NULL, HFILL}
},
{&hf_cflow_udp_length,
{"UDP Length", "cflow.udp_length",
{&hf_cflow_is_multicast,
{"IsMulticast", "cflow.is_multicast",
FT_UINT8, BASE_DEC, NULL, 0x0,
- "Is Multicast", HFILL}
+ NULL, HFILL}
},
{&hf_cflow_ip_header_words,
{"IPHeaderLen", "cflow.ip_header_words",
{&hf_cflow_option_map,
{"OptionMap", "cflow.option_map",
FT_BYTES, BASE_NONE, NULL, 0x0,
- "Option Map", HFILL}
+ NULL, HFILL}
},
{&hf_cflow_section_header,
{"SectionHeader", "cflow.section_header",
FT_ETHER, BASE_NONE, NULL, 0x0,
NULL, HFILL}
},
+ {&hf_cflow_permanent_packets,
+ {"Permanent Packets", "cflow.permanent_packets",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ "Running Count of packets for permanent flows", HFILL}
+ },
+ {&hf_cflow_permanent_packets64,
+ {"Permanent Packets", "cflow.permanent_packets64",
+ FT_UINT64, BASE_DEC, NULL, 0x0,
+ "Running Count of packets for permanent flows", HFILL}
+ },
+ {&hf_cflow_permanent_octets,
+ {"Permanent Octets", "cflow.permanent_octets",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ "Running Count of bytes for permanent flows", HFILL}
+ },
+ {&hf_cflow_permanent_octets64,
+ {"Permanent Octets", "cflow.permanent_octets64",
+ FT_UINT64, BASE_DEC, NULL, 0x0,
+ "Running Count of bytes for permanent flows", HFILL}
+ },
{&hf_cflow_fragment_offset,
{"Fragment Offset", "cflow.fragment_offset",
FT_UINT16, BASE_DEC, NULL, 0x0,
{&hf_cflow_dstnet_v6,
{"DstNet", "cflow.dstnetv6",
FT_IPv6, BASE_NONE, NULL, 0x0,
- "Flow Destination Network", HFILL}
+ "Flow Destination Network (IPv6)", HFILL}
},
{&hf_cflow_srcnet_v6,
{"SrcNet", "cflow.srcnetv6",
FT_IPv6, BASE_NONE, NULL, 0x0,
- "Flow Source Network", HFILL}
+ "Flow Source Network (IPv6)", HFILL}
},
{&hf_cflow_ignore_packets,
{"Ignored Packets", "cflow.ignore_packets",
{&hf_cflow_collector_addr,
{"CollectorAddr", "cflow.collector_addr",
FT_IPv4, BASE_NONE, NULL, 0x0,
- "Flow Collector Address", HFILL}
+ "Flow Collector Address (IPv4)", HFILL}
},
{&hf_cflow_collector_addr_v6,
{"CollectorAddr", "cflow.collector_addr_v6",
FT_IPv6, BASE_NONE, NULL, 0x0,
- "Flow Collector Address", HFILL}
+ "Flow Collector Address (IPv6)", HFILL}
},
{&hf_cflow_export_interface,
{"ExportInterface", "cflow.export_interface",
FT_UINT32, BASE_DEC, NULL, 0x0,
- "Export Interface", HFILL}
+ NULL, HFILL}
},
{&hf_cflow_export_protocol_version,
{"ExportProtocolVersion", "cflow.export_protocol_version",
FT_UINT8, BASE_DEC, NULL, 0x0,
- "Export Protocol Version", HFILL}
+ NULL, HFILL}
},
{&hf_cflow_export_prot,
{"ExportTransportProtocol", "cflow.exporter_protocol",
},
{&hf_cflow_max_flow_end_microseconds,
{"Max Flow End Microseconds", "cflow.max_flow_end_microseconds",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
NULL, HFILL}
},
{&hf_cflow_max_flow_end_milliseconds,
},
{&hf_cflow_max_flow_end_nanoseconds,
{"Max Flow End Nanoseconds", "cflow.max_flow_end_nanoseconds",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
NULL, HFILL}
},
{&hf_cflow_min_flow_start_microseconds,
{"Min Flow Start Microseconds", "cflow.min_flow_start_microseconds",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
NULL, HFILL}
},
{&hf_cflow_min_flow_start_milliseconds,
},
{&hf_cflow_min_flow_start_nanoseconds,
{"Min Flow Start Nanoseconds", "cflow.min_flow_start_nanoseconds",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
NULL, HFILL}
},
{&hf_cflow_collector_certificate,
},
{&hf_cflow_selector_algorithm,
{"Selector Algorithm", "cflow.selector_algorithm",
- FT_UINT16, BASE_DEC, VALS(selector_algorithm), 0x0,
+ FT_UINT16, BASE_DEC|BASE_EXT_STRING, &selector_algorithm_ext, 0x0,
NULL, HFILL}
},
{&hf_cflow_sampling_packet_interval,
},
{&hf_cflow_observation_time_microseconds,
{"Observation Time Microseconds", "cflow.observation_time_microseconds",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
NULL, HFILL}
},
{&hf_cflow_observation_time_nanoseconds,
{"Observation Time Nanoseconds", "cflow.observation_time_nanoseconds",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_UTC, NULL, 0x0,
NULL, HFILL}
},
{&hf_cflow_digest_hash_value,
*/
{&hf_cflow_scope_system,
{"ScopeSystem", "cflow.scope_system",
- FT_IPv4, BASE_NONE, NULL, 0x0,
+ FT_BYTES, BASE_NONE, NULL, 0x0,
"Option Scope System", HFILL}
},
{&hf_cflow_scope_interface,
FT_UINT16, BASE_DEC|BASE_EXT_STRING, &v9_v10_template_types_ext, 0x7FFF,
"Template field type", HFILL}
},
+ {&hf_cflow_template_plixer_field_type,
+ {"Type", "cflow.template_plixer_field_type",
+ FT_UINT16, BASE_DEC|BASE_EXT_STRING, &v10_template_types_plixer_ext, 0x7FFF,
+ "Template field type", HFILL}
+ },
+ {&hf_cflow_template_ntop_field_type,
+ {"Type", "cflow.template_ntop_field_type",
+ FT_UINT16, BASE_DEC|BASE_EXT_STRING, &v10_template_types_ntop_ext, 0x7FFF,
+ "Template field type", HFILL}
+ },
{&hf_cflow_template_ipfix_field_type_enterprise,
{"Type", "cflow.template_ipfix_field_type_enterprise",
FT_UINT16, BASE_DEC, NULL, 0x7FFF,
FT_UINT32, BASE_DEC, NULL, 0x0,
"IPFIX Private Enterprise Number", HFILL}
},
-
- /* Cisco ASA 5500 Series */
- {&hf_cflow_ingress_acl_id,
- {"Ingress ACL ID", "cflow.ingress_acl_id",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ {&hf_cflow_packets_dropped,
+ {"Packets Dropped",
+ "cflow.packets_dropped",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL}
- },
- {&hf_cflow_egress_acl_id,
- {"Egress ACL ID", "cflow.egress_acl_id",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ },
+ {&hf_cflow_byte_rate,
+ {"Byte Rate",
+ "cflow.byte_rate",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL}
- },
- {&hf_cflow_fw_ext_event,
- {"Extended firewall event code", "cflow.fw_ext_event",
- FT_UINT16, BASE_DEC, VALS(v9_extended_firewall_event), 0x0,
+ },
+ {&hf_cflow_application_media_bytes,
+ {"Media Bytes",
+ "cflow.application_media_bytes",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL}
- },
- {&hf_cflow_aaa_username,
- {"AAA username", "cflow.aaa_username",
- FT_STRING, BASE_NONE, NULL, 0x0,
+ },
+ {&hf_cflow_application_media_byte_rate,
+ {"Media Byte Rate",
+ "cflow.media_byte_rate",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL}
- },
-
- {&hf_ipfix_enterprise_private_entry,
- {"Enterprise Private entry", "cflow.enterprise_private_entry",
- FT_BYTES, BASE_NONE, NULL, 0x0,
+ },
+ {&hf_cflow_application_media_packets,
+ {"Media Packets",
+ "cflow.application_media_packets",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
NULL, HFILL}
},
- /* Private Information Elements */
-
- /* CACE Technologies, 32622 / 0 */
- {&hf_pie_cace_local_ipv4_address,
- {"Local IPv4 Address", "cflow.pie.cace.localaddr4",
- FT_IPv4, BASE_NONE, NULL, 0x0,
- "Local IPv4 Address (caceLocalIPv4Address)", HFILL}
+ {&hf_cflow_application_media_packet_rate,
+ {"Media Packet Rate",
+ "cflow.media_packet_rate",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
},
- /* CACE Technologies, 32622 / 1 */
- {&hf_pie_cace_remote_ipv4_address,
- {"Remote IPv4 Address", "cflow.pie.cace.remoteaddr4",
- FT_IPv4, BASE_NONE, NULL, 0x0,
- "Remote IPv4 Address (caceRemoteIPv4Address)", HFILL}
+ {&hf_cflow_application_media_event,
+ {"Media Event",
+ "cflow.application_media_event",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
},
- /* CACE Technologies, 32622 / 2 */
- {&hf_pie_cace_local_ipv6_address,
- {"Local IPv6 Address", "cflow.pie.cace.localaddr6",
- FT_IPv6, BASE_NONE, NULL, 0x0,
- "Local IPv6 Address (caceLocalIPv6Address)", HFILL}
+ {&hf_cflow_monitor_event,
+ {"Monitor Event",
+ "cflow.monitor_event",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
},
- /* CACE Technologies, 32622 / 3 */
- {&hf_pie_cace_remote_ipv6_address,
- {"Remote IPv6 Address", "cflow.pie.cace.remoteaddr6",
- FT_IPv6, BASE_NONE, NULL, 0x0,
- "Remote IPv6 Address (caceRemoteIPv6Address)", HFILL}
+ {&hf_cflow_timestamp_interval,
+ {"Timestamp Interval",
+ "cflow.timestamp_interval",
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
+ NULL, HFILL}
},
- /* CACE Technologies, 32622 / 4 */
- {&hf_pie_cace_local_port,
- {"Local Port", "cflow.pie.cace.localport",
- FT_UINT16, BASE_DEC, NULL, 0x0,
- "Local Transport Port (caceLocalTransportPort)", HFILL}
+ {&hf_cflow_transport_packets_expected,
+ {"Transport Packets Expected",
+ "cflow.transport_packets_expected",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
},
- /* CACE Technologies, 32622 / 5 */
- {&hf_pie_cace_remote_port,
+ {&hf_cflow_transport_round_trip_time_string,
+ {"Transport Round-Trip-Time",
+ "cflow.transport_rtt",
+ FT_UINT32, BASE_DEC, VALS(performance_monitor_specials), 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_round_trip_time,
+ {"Transport Round-Trip-Time",
+ "cflow.transport_rtt",
+ FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_event_packet_loss,
+ {"Transport Packet Loss Events",
+ "cflow.transport_packet_loss_event",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_packets_lost,
+ {"Transport Packets Lost",
+ "cflow.transport_packets_lost",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_packets_lost_string,
+ {"Transport Packets Lost",
+ "cflow.transport_packets_lost",
+ FT_UINT32, BASE_HEX, VALS(performance_monitor_specials), 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_packets_lost_rate,
+ {"Transport Packet Loss Rate",
+ "cflow.transport_packet_loss_rate",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_packets_lost_rate_string,
+ {"Transport Packet Loss Rate",
+ "cflow.transport_packet_loss_rate",
+ FT_UINT32, BASE_HEX, VALS(performance_monitor_specials) , 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_rtp_ssrc,
+ {"RTP SSRC",
+ "cflow.transport_rtp_ssrc",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_rtp_jitter_mean,
+ {"RTP Mean Jitter",
+ "cflow.transport_jitter_mean",
+ FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_rtp_jitter_mean_string,
+ {"RTP Mean Jitter",
+ "cflow.transport_jitter_mean",
+ FT_UINT32, BASE_HEX, VALS(performance_monitor_specials), 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_rtp_jitter_min,
+ {"RTP Min Jitter",
+ "cflow.transport_jitter_min",
+ FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_rtp_jitter_min_string,
+ {"RTP Min Jitter",
+ "cflow.transport_jitter_min",
+ FT_UINT32, BASE_HEX, VALS(performance_monitor_specials), 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_rtp_jitter_max,
+ {"RTP Max Jitter",
+ "cflow.transport_jitter_max",
+ FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_transport_rtp_jitter_max_string,
+ {"RTP Max Jitter",
+ "cflow.transport_jitter_max",
+ FT_UINT32, BASE_HEX, VALS(performance_monitor_specials), 0x0,
+ NULL, HFILL}
+ },
+ /* Ericsson SE NAT Logging */
+ {&hf_cflow_nat_context_id,
+ {"NAT Context ID", "cflow.nat_context_id",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ "Internal context ID", HFILL}
+ },
+ {&hf_cflow_nat_context_name,
+ {"NAT Context Name", "cflow.nat_context_name",
+ FT_STRINGZ, BASE_NONE, NULL, 0x0,
+ "Zero terminated context Name", HFILL}
+ },
+ {&hf_cflow_nat_assign_time,
+ {"NAT Assign Time", "cflow.nat_assign_time",
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
+ "Seconds of UNIX timestamp for assign", HFILL}
+ },
+ {&hf_cflow_nat_unassign_time,
+ {"NAT Unassign Time", "cflow.nat_unassign_time",
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
+ "Seconds of UNIX timestamp for unassign", HFILL}
+ },
+ {&hf_cflow_nat_int_addr,
+ {"Internal IPv4 address", "cflow.nat_int_addr",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_nat_ext_addr,
+ {"External IPv4 address", "cflow.nat_ext_addr",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_nat_ext_port_first,
+ {"NAT port start", "cflow.nat_ext_port_first",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ "External L4 port start", HFILL}
+ },
+ {&hf_cflow_nat_ext_port_last,
+ {"NAT port end", "cflow.nat_ext_port_last",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ "External L4 port end", HFILL}
+ },
+ /* Cisco ASA 5500 Series */
+ {&hf_cflow_ingress_acl_id,
+ {"Ingress ACL ID", "cflow.ingress_acl_id",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_egress_acl_id,
+ {"Egress ACL ID", "cflow.egress_acl_id",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_fw_ext_event,
+ {"Extended firewall event code", "cflow.fw_ext_event",
+ FT_UINT16, BASE_DEC, VALS(v9_extended_firewall_event), 0x0,
+ NULL, HFILL}
+ },
+ {&hf_cflow_aaa_username,
+ {"AAA username", "cflow.aaa_username",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+
+ {&hf_ipfix_enterprise_private_entry,
+ {"Enterprise Private entry", "cflow.enterprise_private_entry",
+ FT_BYTES, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* Private Information Elements */
+
+ /* CACE Technologies, 32622 / 0 */
+ {&hf_pie_cace_local_ipv4_address,
+ {"Local IPv4 Address", "cflow.pie.cace.localaddr4",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ "Local IPv4 Address (caceLocalIPv4Address)", HFILL}
+ },
+ /* CACE Technologies, 32622 / 1 */
+ {&hf_pie_cace_remote_ipv4_address,
+ {"Remote IPv4 Address", "cflow.pie.cace.remoteaddr4",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ "Remote IPv4 Address (caceRemoteIPv4Address)", HFILL}
+ },
+ /* CACE Technologies, 32622 / 2 */
+ {&hf_pie_cace_local_ipv6_address,
+ {"Local IPv6 Address", "cflow.pie.cace.localaddr6",
+ FT_IPv6, BASE_NONE, NULL, 0x0,
+ "Local IPv6 Address (caceLocalIPv6Address)", HFILL}
+ },
+ /* CACE Technologies, 32622 / 3 */
+ {&hf_pie_cace_remote_ipv6_address,
+ {"Remote IPv6 Address", "cflow.pie.cace.remoteaddr6",
+ FT_IPv6, BASE_NONE, NULL, 0x0,
+ "Remote IPv6 Address (caceRemoteIPv6Address)", HFILL}
+ },
+ /* CACE Technologies, 32622 / 4 */
+ {&hf_pie_cace_local_port,
+ {"Local Port", "cflow.pie.cace.localport",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ "Local Transport Port (caceLocalTransportPort)", HFILL}
+ },
+ /* CACE Technologies, 32622 / 5 */
+ {&hf_pie_cace_remote_port,
{"Remote Port", "cflow.pie.cace.remoteport",
FT_UINT16, BASE_DEC, NULL, 0x0,
"Remote Transport Port (caceRemoteTransportPort)", HFILL}
{"Local Command", "cflow.pie.cace.localcmd",
FT_STRING, BASE_NONE, NULL, 0x0,
"Local Command (caceLocalProcessCommand)", HFILL}
+ },
+ /* ntop, 35632 / 80 */
+ {&hf_pie_ntop_fragmented,
+ {"Fragmented","cflow.pie.ntop.fragmented",
+ FT_BOOLEAN, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 81 */
+ {&hf_pie_ntop_fingerprint,
+ {"Fingerprint","cflow.pie.ntop.fingerprint",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 82 */
+ {&hf_pie_ntop_client_nw_delay_sec,
+ {"Client_nw_delay_sec","cflow.pie.ntop.client_nw_delay_sec",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 83 */
+ {&hf_pie_ntop_client_nw_delay_usec,
+ {"Client_nw_delay_usec","cflow.pie.ntop.client_nw_delay_usec",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 84 */
+ {&hf_pie_ntop_server_nw_delay_sec,
+ {"Server_nw_delay_sec","cflow.pie.ntop.server_nw_delay_sec",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 85 */
+ {&hf_pie_ntop_server_nw_delay_usec,
+ {"Server_nw_delay_usec","cflow.pie.ntop.server_nw_delay_usec",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 86 */
+ {&hf_pie_ntop_appl_latency_sec,
+ {"Appl_latency_sec","cflow.pie.ntop.appl_latency_sec",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 98 */
+ {&hf_pie_ntop_icmp_flags,
+ {"Icmp_flags","cflow.pie.ntop.icmp_flags",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 101 */
+ {&hf_pie_ntop_src_ip_country,
+ {"Src_ip_country","cflow.pie.ntop.src_ip_country",
+ FT_STRINGZ, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 102 */
+ {&hf_pie_ntop_src_ip_city,
+ {"Src_ip_city","cflow.pie.ntop.src_ip_city",
+ FT_STRINGZ, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 103 */
+ {&hf_pie_ntop_dst_ip_country,
+ {"Dst_ip_country","cflow.pie.ntop.dst_ip_country",
+ FT_STRINGZ, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 104 */
+ {&hf_pie_ntop_dst_ip_city,
+ {"Dst_ip_city","cflow.pie.ntop.dst_ip_city",
+ FT_STRINGZ, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 105 */
+ {&hf_pie_ntop_flow_proto_port,
+ {"Flow_proto_port","cflow.pie.ntop.flow_proto_port",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 106 */
+ {&hf_pie_ntop_tunnel_id,
+ {"Tunnel_id","cflow.pie.ntop.tunnel_id",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 107 */
+ {&hf_pie_ntop_longest_flow_pkt,
+ {"Longest_flow_pkt","cflow.pie.ntop.longest_flow_pkt",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 108 */
+ {&hf_pie_ntop_shortest_flow_pkt,
+ {"Shortest_flow_pkt","cflow.pie.ntop.shortest_flow_pkt",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 109 */
+ {&hf_pie_ntop_retransmitted_in_pkts,
+ {"Retransmitted_in_pkts","cflow.pie.ntop.retransmitted_in_pkts",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 110 */
+ {&hf_pie_ntop_retransmitted_out_pkts,
+ {"Retransmitted_out_pkts","cflow.pie.ntop.retransmitted_out_pkts",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 111 */
+ {&hf_pie_ntop_ooorder_in_pkts,
+ {"Ooorder_in_pkts","cflow.pie.ntop.ooorder_in_pkts",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 112 */
+ {&hf_pie_ntop_ooorder_out_pkts,
+ {"Ooorder_out_pkts","cflow.pie.ntop.ooorder_out_pkts",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 113 */
+ {&hf_pie_ntop_untunneled_protocol,
+ {"Untunneled_protocol","cflow.pie.ntop.untunneled_protocol",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 114 */
+ {&hf_pie_ntop_untunneled_ipv4_src_addr,
+ {"Untunneled_ipv4_src_addr","cflow.pie.ntop.untunneled_ipv4_src_addr",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 115 */
+ {&hf_pie_ntop_untunneled_l4_src_port,
+ {"Untunneled_l4_src_port","cflow.pie.ntop.untunneled_l4_src_port",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 116 */
+ {&hf_pie_ntop_untunneled_ipv4_dst_addr,
+ {"Untunneled_ipv4_dst_addr","cflow.pie.ntop.untunneled_ipv4_dst_addr",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 117 */
+ {&hf_pie_ntop_untunneled_l4_dst_port,
+ {"Untunneled_l4_dst_port","cflow.pie.ntop.untunneled_l4_dst_port",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+
+ /* ntop, 35632 / 110 */
+ {&hf_pie_ntop_dump_path,
+ {"Dump_path","cflow.pie.ntop.dump_path",
+ FT_STRINGZ, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 130 */
+ {&hf_pie_ntop_sip_call_id,
+ {"Sip_call_id","cflow.pie.ntop.sip_call_id",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 131 */
+ {&hf_pie_ntop_sip_calling_party,
+ {"Sip_calling_party","cflow.pie.ntop.sip_calling_party",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 132 */
+ {&hf_pie_ntop_sip_called_party,
+ {"Sip_called_party","cflow.pie.ntop.sip_called_party",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 133 */
+ {&hf_pie_ntop_sip_rtp_codecs,
+ {"Sip_rtp_codecs","cflow.pie.ntop.sip_rtp_codecs",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 134 */
+ {&hf_pie_ntop_sip_invite_time,
+ {"Sip_invite_time","cflow.pie.ntop.sip_invite_time",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 135 */
+ {&hf_pie_ntop_sip_trying_time,
+ {"Sip_trying_time","cflow.pie.ntop.sip_trying_time",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 136 */
+ {&hf_pie_ntop_sip_ringing_time,
+ {"Sip_ringing_time","cflow.pie.ntop.sip_ringing_time",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 137 */
+ {&hf_pie_ntop_sip_ok_time,
+ {"Sip_ok_time","cflow.pie.ntop.sip_ok_time",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 138 */
+ {&hf_pie_ntop_sip_bye_time,
+ {"Sip_bye_time","cflow.pie.ntop.sip_bye_time",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 139 */
+ {&hf_pie_ntop_sip_rtp_src_ip,
+ {"Sip_rtp_src_ip","cflow.pie.ntop.sip_rtp_src_ip",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 140 */
+ {&hf_pie_ntop_sip_rtp_src_port,
+ {"Sip_rtp_src_port","cflow.pie.ntop.sip_rtp_src_port",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 141 */
+ {&hf_pie_ntop_sip_rtp_dst_ip,
+ {"Sip_rtp_dst_ip","cflow.pie.ntop.sip_rtp_dst_ip",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 142 */
+ {&hf_pie_ntop_sip_rtp_dst_port,
+ {"Sip_rtp_dst_port","cflow.pie.ntop.sip_rtp_dst_port",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 150 */
+ {&hf_pie_ntop_rtp_first_ssrc,
+ {"Rtp_first_ssrc","cflow.pie.ntop.rtp_first_ssrc",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 151 */
+ {&hf_pie_ntop_rtp_first_ts,
+ {"Rtp_first_ts","cflow.pie.ntop.rtp_first_ts",
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 152 */
+ {&hf_pie_ntop_rtp_last_ssrc,
+ {"Rtp_last_ssrc","cflow.pie.ntop.rtp_last_ssrc",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 153 */
+ {&hf_pie_ntop_rtp_last_ts,
+ {"Rtp_last_ts","cflow.pie.ntop.rtp_last_ts",
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 154 */
+ {&hf_pie_ntop_rtp_in_jitter,
+ {"Rtp_in_jitter","cflow.pie.ntop.rtp_in_jitter",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 155 */
+ {&hf_pie_ntop_rtp_out_jitter,
+ {"Rtp_out_jitter","cflow.pie.ntop.rtp_out_jitter",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 156 */
+ {&hf_pie_ntop_rtp_in_pkt_lost,
+ {"Rtp_in_pkt_lost","cflow.pie.ntop.rtp_in_pkt_lost",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 157 */
+ {&hf_pie_ntop_rtp_out_pkt_lost,
+ {"Rtp_out_pkt_lost","cflow.pie.ntop.rtp_out_pkt_lost",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 158 */
+ {&hf_pie_ntop_rtp_out_payload_type,
+ {"Rtp_out_payload_type","cflow.pie.ntop.rtp_out_payload_type",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 159 */
+ {&hf_pie_ntop_rtp_in_max_delta,
+ {"Rtp_in_max_delta","cflow.pie.ntop.rtp_in_max_delta",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 160 */
+ {&hf_pie_ntop_rtp_out_max_delta,
+ {"Rtp_out_max_delta","cflow.pie.ntop.rtp_out_max_delta",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 168 */
+ {&hf_pie_ntop_proc_id,
+ {"Proc_id","cflow.pie.ntop.proc_id",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 169 */
+ {&hf_pie_ntop_proc_name,
+ {"Proc_name","cflow.pie.ntop.proc_name",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 180 */
+ {&hf_pie_ntop_http_url,
+ {"Http_url","cflow.pie.ntop.http_url",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 181 */
+ {&hf_pie_ntop_http_ret_code,
+ {"Http_ret_code","cflow.pie.ntop.http_ret_code",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 185 */
+ {&hf_pie_ntop_smtp_mail_from,
+ {"Smtp_mail_from","cflow.pie.ntop.smtp_mail_from",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 186 */
+ {&hf_pie_ntop_smtp_rcpt_to,
+ {"Smtp_rcpt_to","cflow.pie.ntop.smtp_rcpt_to",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 195 */
+ {&hf_pie_ntop_mysql_server_version,
+ {"Mysql_server_version","cflow.pie.ntop.mysql_server_version",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 196 */
+ {&hf_pie_ntop_mysql_username,
+ {"Mysql_username","cflow.pie.ntop.mysql_username",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 197 */
+ {&hf_pie_ntop_mysql_db,
+ {"Mysql_db","cflow.pie.ntop.mysql_db",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 198 */
+ {&hf_pie_ntop_mysql_query,
+ {"Mysql_query","cflow.pie.ntop.mysql_query",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* ntop, 35632 / 199 */
+ {&hf_pie_ntop_mysql_response,
+ {"Mysql_response","cflow.pie.ntop.mysql_response",
+ FT_UINT16, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+
+ /* plixer, 13745 / 100 */
+ {&hf_pie_plixer_client_ip_v4,
+ {"client_ip_v4","cflow.pie.plixer.client.ip_v4",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_pie_plixer_client_hostname,
+ /* plixer, 13745 / 101 */
+ {"client_hostname","cflow.pie.plixer.client_hostname",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 102 */
+ {&hf_pie_plixer_partner_name,
+ {"Partner_name","cflow.pie.plixer.partner_name",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 103 */
+ {&hf_pie_plixer_server_hostname,
+ {"Server_hostname","cflow.pie.plixer.server_hostname",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 104 */
+ {&hf_pie_plixer_server_ip_v4,
+ {"Server_ip_v4","cflow.pie.plixer.server_ip_v4",
+ FT_IPv4, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 105 */
+ {&hf_pie_plixer_recipient_address,
+ {"Recipient_address","cflow.pie.plixer.recipient_address",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 106 */
+ {&hf_pie_plixer_event_id,
+ {"Event_id","cflow.pie.plixer.event_id",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 107 */
+ {&hf_pie_plixer_msgid,
+ {"Msgid","cflow.pie.plixer.msgid",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 108 */
+ {&hf_pie_plixer_priority,
+ {"Priority","cflow.pie.plixer_priority",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 109 */
+ {&hf_pie_plixer_recipient_report_status,
+ {"Recipient_report_status","cflow.pie.plixer.recipient_report_status",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 110 */
+ {&hf_pie_plixer_number_recipients,
+ {"Number_recipients","cflow.pie.plixer.number_recipients",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 111 */
+ {&hf_pie_plixer_origination_time,
+ {"Origination_time","cflow.pie.plixer.origination_time",
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 112 */
+ {&hf_pie_plixer_encryption,
+ {"Cncryption","cflow.pie.plixer.encryption",
+ FT_UINT32, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 113 */
+ {&hf_pie_plixer_service_version,
+ {"Service_version","cflow.pie.plixer.service_version",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 114 */
+ {&hf_pie_plixer_linked_msgid,
+ {"Linked_msgid","cflow.pie.plixer.linked_msgid",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 115 */
+ {&hf_pie_plixer_message_subject,
+ {"Message_subject","cflow.pie.plixer.message_subject",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 116 */
+ {&hf_pie_plixer_sender_address,
+ {"Sender_address","cflow.pie.plixer.sender_address",
+ FT_STRING, BASE_NONE, NULL, 0x0,
+ NULL, HFILL}
+ },
+ /* plixer, 13745 / 117 */
+ {&hf_pie_plixer_date_time,
+ {"Date_time","cflow.pie.plixer.date_time",
+ FT_ABSOLUTE_TIME, ABSOLUTE_TIME_LOCAL, NULL, 0x0,
+ NULL, HFILL}
+ },
+
+ {&hf_string_len_short,
+ {"String_len_short","cflow.string_len_short",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
+ },
+ {&hf_string_len_long,
+ {"String_len_short","cflow.string_len_long",
+ FT_UINT8, BASE_DEC, NULL, 0x0,
+ NULL, HFILL}
}
};
&ett_unixtime,
&ett_flow,
&ett_flowtime,
+ &ett_str_len,
&ett_template,
&ett_field,
&ett_dataflowset,
" (default: " IPFIX_UDP_PORTS ")",
&global_ipfix_ports, MAX_UDP_PORT);
+ prefs_register_uint_preference(netflow_module, "max_template_fields",
+ "Maximum number of fields allowed in a template",
+ "Set the number of fields allowed in a template. "
+ "Use 0 (zero) for unlimited. "
+ " (default: " STRINGIFY(V9TEMPLATE_MAX_FIELDS_DEF) ")",
+ 10, &v9template_max_fields);
+
register_init_routine(&netflow_reinit);
}
netflow_delete_callback(guint32 port)
{
if ( port ) {
- dissector_delete("udp.port", port, netflow_handle);
+ dissector_delete_uint("udp.port", port, netflow_handle);
}
}
netflow_add_callback(guint32 port)
{
if ( port ) {
- dissector_add("udp.port", port, netflow_handle);
+ dissector_add_uint("udp.port", port, netflow_handle);
}
}
ipfix_delete_callback(guint32 port)
{
if ( port ) {
- dissector_delete("udp.port", port, netflow_handle);
- dissector_delete("tcp.port", port, netflow_handle);
- dissector_delete("sctp.port", port, netflow_handle);
+ dissector_delete_uint("udp.port", port, netflow_handle);
+ dissector_delete_uint("tcp.port", port, netflow_handle);
+ dissector_delete_uint("sctp.port", port, netflow_handle);
}
}
ipfix_add_callback(guint32 port)
{
if ( port ) {
- dissector_add("udp.port", port, netflow_handle);
- dissector_add("tcp.port", port, netflow_handle);
- dissector_add("sctp.port", port, netflow_handle);
+ dissector_add_uint("udp.port", port, netflow_handle);
+ dissector_add_uint("tcp.port", port, netflow_handle);
+ dissector_add_uint("sctp.port", port, netflow_handle);
}
}
if (!netflow_prefs_initialized) {
netflow_handle = new_create_dissector_handle(dissect_netflow, proto_netflow);
netflow_prefs_initialized = TRUE;
- dissector_add("wtap_encap", WTAP_ENCAP_RAW_IPFIX, netflow_handle);
+ dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IPFIX, netflow_handle);
} else {
range_foreach(netflow_ports, netflow_delete_callback);
g_free(netflow_ports);
* indent-tabs-mode: t
* End:
*
- * ex: set shiftwidth=8 tabstop=8 noexpandtab
+ * ex: set shiftwidth=8 tabstop=8 noexpandtab:
* :indentSize=8:tabSize=8:noTabs=false:
*/