Hi Peter, nprobe has no option to define multiple templates, so this should be supported on receivers side - which is nfdump in this case.
It would be great if you can implement the field as an option. bye Carsten Peter Haag schrieb: > > > On 22/7/10 2:53 PM, InterNetX - Carsten Schoene wrote: >> Hello, > >> i saw, that nfcapd/nfdump is missing the implementation for >> IP_PROTOCOL_VERSION (60) field >> for netflow version 9. > >> This is really bad because we can't decide which IP address to show in >> nfdump output. > > > This field is not really needed. Different templates should be used for IPv4 > and IPv6. Using IP_PROTOCOL_VERSION (60) is > ambiguous is therefore not really needed. > nfdump automatically detects v4/v6 flows and processes them accordingly. Have > both protocols mixed in the same template > is not a good idea amd inefficient anyway. Furthermore nfdump optimises space > and packs addresses in the same slots. > This also produces collisions. > > Therefore I would strongly recommend to separate template for v4/v6, where > nfdump is designed for. > > - Peter > >> I'm using nprobe to send the netflow data with the following template: >> "%IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV4_SRC_ADDR %IPV4_DST_ADDR %LAST_SWITCHED >> %FIRST_SWITCHED >> %IN_BYTES %OUT_BYTES %IN_PKTS %OUT_PKTS %L4_SRC_PORT %L4_DST_PORT %PROTOCOL >> %TCP_FLAGS >> %IP_PROTOCOL_VERSION %INPUT_SRC_TOS %SRC_AS %DST_AS %IPV6_SRC_MASK >> %IPV6_DST_MASK %SRC_MASK %DST_MASK" > >> nfdump output, for e.g. ICMP6, only displays 0.0.0.0 as IP addresses instead >> of the real IPv6 >> adresses. The decission which IP SRC/DST address to display could be done by >> using the >> IP_PROTOCOL_VERSION field. > >> Can you please implement this field for that purpose ? > >> Regards -- Carsten Schöne Leiter Rechenzentrum InterNetX GmbH Maximilianstr. 6 93047 Regensburg Tel. +49 941 59559-480 Fax +49 941 59579-051 www.internetx.com www.facebook.com/InterNetX www.twitter.com/InterNetX Geschäftsführer/CEO: Thomas Mörz Amtsgericht Regensburg, HRB 7142 ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
