Hello, i saw, that nfcapd/nfdump is missing the implementation for IP_PROTOCOL_VERSION (60) field for netflow version 9.
This is really bad because we can't decide which IP address to show in nfdump output. I'm using nprobe to send the netflow data with the following template: "%IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV4_SRC_ADDR %IPV4_DST_ADDR %LAST_SWITCHED %FIRST_SWITCHED %IN_BYTES %OUT_BYTES %IN_PKTS %OUT_PKTS %L4_SRC_PORT %L4_DST_PORT %PROTOCOL %TCP_FLAGS %IP_PROTOCOL_VERSION %INPUT_SRC_TOS %SRC_AS %DST_AS %IPV6_SRC_MASK %IPV6_DST_MASK %SRC_MASK %DST_MASK" nfdump output, for e.g. ICMP6, only displays 0.0.0.0 as IP addresses instead of the real IPv6 adresses. The decission which IP SRC/DST address to display could be done by using the IP_PROTOCOL_VERSION field. Can you please implement this field for that purpose ? Regards -- Carsten Schöne Leiter Rechenzentrum InterNetX GmbH Maximilianstr. 6 93047 Regensburg Tel. +49 941 59559-480 Fax +49 941 59579-051 www.internetx.com www.facebook.com/InterNetX www.twitter.com/InterNetX Geschäftsführer/CEO: Thomas Mörz Amtsgericht Regensburg, HRB 7142 ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
