Here is a diff file to allow patching the flow-filter source from
flow-tools 0.66 so that filtering can be done by the exporter IP
address specified in an acl file.
I am not an expert with diff, so if some other options should be used,
let me know and I'll try it again.
Is there some official method of requesting that this be included in
flow-tools in the future?
81a82
> char *acl_std_exporter_name;
85a87
> int acl_std_exporter_index, acl_std_exporter_index2;
111a114
> acl_std_exporter_name = (char*)0L;
114a118
> acl_std_exporter_index = -1;
126c130
< while ((i = getopt(argc, argv, "a:A:b:C:d:D:E:f:i:I:kop:P:r:S:t:T:x:z:"))
---
> while ((i = getopt(argc, argv, "a:A:b:C:d:D:E:f:i:I:kop:P:r:S:t:T:x:y:z:"))
270a275,278
> case 'y': /* exporter ip standard access list filter */
> acl_std_exporter_name = optarg;
> break;
>
310a319
> if (acl_std_exporter_name) xflag |= FT_XFIELD_EXADDR;
396a406,413
> if (acl_std_exporter_name) {
> if ((acl_std_exporter_index = acl_find(acl_list, acl_std_exporter_name))
> == -1)
> fterr_errx(1, "Couldn't find list %s\n", acl_std_exporter_name);
>
> acl_std_exporter_index2 = acl_list.names[acl_std_exporter_index].num;
> }
>
409a427
> cur.exaddr = ((u_int32*)(rec+fo.exaddr));
523a542,552
> /* eval flow exporter addr and exporter standard acl */
> if (acl_std_exporter_index != -1) {
> ret = acl_eval_std(acl_list, acl_std_exporter_index2, *cur.exaddr);
> if (ret == 1) {
> if (!first_match)
> continue;
> } else if (first_match) {
> goto found;
> }
> }
>
600a630
> acl_dump_std(acl_list, acl_std_exporter_index);
618a649
> fprintf(stderr, " [-y exporter_filter_name]\n");
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
