-
Notifications
You must be signed in to change notification settings - Fork 1
/
netflow.def
55 lines (55 loc) · 4.26 KB
/
netflow.def
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
/* name description type id, size_min, size_max */
FIELD(in_bytes, "Bytes", NF_FIELD_INT, 1, 4, 8)
FIELD(in_pkts, "Packets", NF_FIELD_INT, 2, 4, 8)
FIELD(protocol, "Protocol", NF_FIELD_INT, 4, 1, 1)
FIELD(src_tos, "Src TOS", NF_FIELD_INT, 5, 1, 1)
FIELD(dst_tos, "Dst TOS", NF_FIELD_INT, 55, 1, 1)
FIELD(tcp_flags, "TCP flags", NF_FIELD_INT, 6, 1, 1)
FIELD(l4_src_port, "Src port", NF_FIELD_INT, 7, 2, 2)
FIELD(ip4_src_addr, "IPv4 src addr", NF_FIELD_IP_ADDR, 8, 4, 4)
FIELD(src_mask, "Src mask", NF_FIELD_INT, 9, 1, 1)
FIELD(input_snmp, "Input SNMP index", NF_FIELD_INT, 10, 2, 4)
FIELD(l4_dst_port, "Dst port", NF_FIELD_INT, 11, 2, 2)
FIELD(ip4_dst_addr, "IPv4 dst addr", NF_FIELD_IP_ADDR, 12, 4, 4)
FIELD(dst_mask, "Dst mask", NF_FIELD_INT, 13, 1, 1)
FIELD(output_snmp, "Output SNMP index", NF_FIELD_INT, 14, 2, 4)
FIELD(ip4_next_hop, "IPv4 next hop", NF_FIELD_IP_ADDR, 15, 4, 4)
FIELD(src_as, "Src AS", NF_FIELD_INT, 16, 2, 4)
FIELD(dst_as, "Dst AS", NF_FIELD_INT, 17, 2, 4)
FIELD(bgp_next_hop, "BGP IPv4 next hop", NF_FIELD_IP_ADDR, 18, 4, 4)
FIELD(last_switched, "Flow end time", NF_FIELD_INT, 21, 4, 4)
FIELD(first_switched, "Flow start time", NF_FIELD_INT, 22, 4, 4)
FIELD(ip6_src_addr, "IPv6 src addr", NF_FIELD_IP_ADDR, 27, 16, 16)
FIELD(ip6_dst_addr, "IPv6 dst addr", NF_FIELD_IP_ADDR, 28, 16, 16)
FIELD(icmp_type, "ICMP type", NF_FIELD_INT, 32, 2, 2)
FIELD(sampler_id, "Flow sampler id", NF_FIELD_INT, 48, 1, 2)
FIELD(min_ttl, "Min TTL", NF_FIELD_INT, 52, 1, 1)
FIELD(max_ttl, "Max TTL", NF_FIELD_INT, 53, 1, 1)
FIELD(src_vlan, "Src VLAN", NF_FIELD_INT, 58, 2, 2)
FIELD(dst_vlan, "Dst VLAN", NF_FIELD_INT, 59, 2, 2)
FIELD(ip_protocol_version, "IP version", NF_FIELD_INT, 60, 1, 1)
FIELD(direction, "Flow direction", NF_FIELD_INT, 61, 1, 1)
FIELD(if_name, "Interface name", NF_FIELD_STRING, 82, 1, 16)
FIELD(fwd_status, "Forwarding status", NF_FIELD_INT, 89, 1, 1)
FIELD(flow_start_ms, "Flow start ms", NF_FIELD_INT, 152,8, 8)
FIELD(flow_end_ms, "Flow end ms", NF_FIELD_INT, 153,8, 8)
FIELD(flow_end_reason, "Flow end reason", NF_FIELD_INT, 136,1, 1)
FIELD(ioctets, "Initator octets", NF_FIELD_INT, 231,8, 8)
FIELD(roctets, "Responder octets", NF_FIELD_INT, 232,8, 8)
FIELD(ipackets, "Initator packets", NF_FIELD_INT, 298,8, 8)
FIELD(rpackets, "Responder packets", NF_FIELD_INT, 239,8, 8)
FIELD(ingrs_vrf, "Ingress VRFID", NF_FIELD_INT, 234,4, 4)
FIELD(egrs_vrf, "Egress VRFID", NF_FIELD_INT, 235,4, 4)
FIELD(dot1q_vlan, "Dot1q VLAN", NF_FIELD_INT, 243,2, 2)
FIELD(dot1q_cvlan, "Dot1q customer VLAN",NF_FIELD_INT, 245,2, 2)
FIELD(dns_name, "DNS Domain", NF_FIELD_STRING, 65510,1,256)
FIELD(dns_ips, "DNS Addresses", NF_FIELD_STRING, 65511,1,512)
FIELD(sni, "SNI domain name", NF_FIELD_STRING, 65512,1,256)
FIELD(class0, "Class0", NF_FIELD_STRING, 65520,1,CLASS_NAME_MAX)
FIELD(class1, "Class1", NF_FIELD_STRING, 65521,1,CLASS_NAME_MAX)
FIELD(class2, "Class2", NF_FIELD_STRING, 65522,1,CLASS_NAME_MAX)
FIELD(class3, "Class3", NF_FIELD_STRING, 65523,1,CLASS_NAME_MAX)
FIELD(class4, "Class4", NF_FIELD_STRING, 65524,1,CLASS_NAME_MAX)
FIELD(pad1, "Padding", NF_FIELD_INT, 65530,1,1)
FIELD(pad2, "Padding", NF_FIELD_INT, 65531,2,2)
#undef FIELD