diff --git a/README.md b/README.md index 7984177..2d77890 100755 --- a/README.md +++ b/README.md @@ -259,120 +259,124 @@ nfcapd supports a large range of netflow v9 tags. Version 1.6 nfdump supports the following fields. This list can be found in netflow_v9.h // Flowset record types -#define NF9_IN_BYTES 1 -#define NF9_IN_PACKETS 2 -#define NF9_FLOWS_AGGR 3 -#define NF9_IN_PROTOCOL 4 -#define NF9_SRC_TOS 5 -#define NF9_TCP_FLAGS 6 -#define NF9_L4_SRC_PORT 7 -#define NF9_IPV4_SRC_ADDR 8 -#define NF9_SRC_MASK 9 -#define NF9_INPUT_SNMP 10 -#define NF9_L4_DST_PORT 11 -#define NF9_IPV4_DST_ADDR 12 -#define NF9_DST_MASK 13 -#define NF9_OUTPUT_SNMP 14 -#define NF9_V4_NEXT_HOP 15 -#define NF9_SRC_AS 16 -#define NF9_DST_AS 17 -#define NF9_BGP_V4_NEXT_HOP 18 -#define NF9_LAST_SWITCHED 21 -#define NF9_FIRST_SWITCHED 22 -#define NF9_OUT_BYTES 23 -#define NF9_OUT_PKTS 24 +* NF9_IN_BYTES 1 +* IN_PACKETS 2 +* NF9_FLOWS_AGGR 3 +* NF9_IN_PROTOCOL 4 +* NF9_SRC_TOS 5 +* NF9_TCP_FLAGS 6 +* NF9_L4_SRC_PORT 7 +* NF9_IPV4_SRC_ADDR 8 +* NF9_SRC_MASK 9 +* NF9_INPUT_SNMP 10 +* NF9_L4_DST_PORT 11 +* NF9_IPV4_DST_ADDR 12 +* NF9_DST_MASK 13 +* NF9_OUTPUT_SNMP 14 +* NF9_V4_NEXT_HOP 15 +* NF9_SRC_AS 16 +* NF9_DST_AS 17 +* NF9_BGP_V4_NEXT_HOP 18 -#define NF9_IPV6_SRC_ADDR 27 -#define NF9_IPV6_DST_ADDR 28 -#define NF9_IPV6_SRC_MASK 29 -#define NF9_IPV6_DST_MASK 30 +* NF9_LAST_SWITCHED 21 +* NF9_FIRST_SWITCHED 22 +* NF9_OUT_BYTES 23 +* NF9_OUT_PKTS 24 -#define NF9_IPV6_FLOW_LABEL 31 -#define NF9_ICMP_TYPE 32 +* NF9_IPV6_SRC_ADDR 27 +* NF9_IPV6_DST_ADDR 28 +* NF9_IPV6_SRC_MASK 29 +* NF9_IPV6_DST_MASK 30 -#define NF9_SAMPLING_INTERVAL 34 -#define NF9_SAMPLING_ALGORITHM 35 +* NF9_IPV6_FLOW_LABEL 31 +* NF9_ICMP_TYPE 32 -#define NF9_ENGINE_TYPE 38 -#define NF9_ENGINE_ID 39 +* NF9_SAMPLING_INTERVAL 34 +* NF9_SAMPLING_ALGORITHM 35 -#define NF9_FLOW_SAMPLER_ID 48 -#define FLOW_SAMPLER_MODE 49 -#define NF9_FLOW_SAMPLER_RANDOM_INTERVAL 50 +* NF9_ENGINE_TYPE 38 +* NF9_ENGINE_ID 39 -// #define NF9_MIN_TTL 52 -// #define NF9_MAX_TTL 53 -// #define NF9_IPV4_IDENT 54 +* NF9_FLOW_SAMPLER_ID 48 +* FLOW_SAMPLER_MODE 49 +* NF9_FLOW_SAMPLER_RANDOM_INTERVAL 50 -#define NF9_DST_TOS 55 -#define NF9_IN_SRC_MAC 56 -#define NF9_OUT_DST_MAC 57 -#define NF9_SRC_VLAN 58 -#define NF9_DST_VLAN 59 +* NF9_MIN_TTL 52 +* NF9_MAX_TTL 53 +* NF9_IPV4_IDENT 54 -#define NF9_DIRECTION 61 -#define NF9_V6_NEXT_HOP 62 -#define NF9_BPG_V6_NEXT_HOP 63 +* NF9_DST_TOS 55 +* NF9_IN_SRC_MAC 56 +* NF9_OUT_DST_MAC 57 +* NF9_SRC_VLAN 58 +* NF9_DST_VLAN 59 + +* NF9_DIRECTION 61 +* NF9_V6_NEXT_HOP 62 +* NF9_BPG_V6_NEXT_HOP 63 // #define NF9_V6_OPTION_HEADERS 64 -#define NF9_MPLS_LABEL_1 70 -#define NF9_MPLS_LABEL_2 71 -#define NF9_MPLS_LABEL_3 72 -#define NF9_MPLS_LABEL_4 73 -#define NF9_MPLS_LABEL_5 74 -#define NF9_MPLS_LABEL_6 75 -#define NF9_MPLS_LABEL_7 76 -#define NF9_MPLS_LABEL_8 77 -#define NF9_MPLS_LABEL_9 78 -#define NF9_MPLS_LABEL_10 79 -#define NF9_IN_DST_MAC 80 -#define NF9_OUT_SRC_MAC 81 +* NF9_MPLS_LABEL_1 70 +* NF9_MPLS_LABEL_2 71 +* NF9_MPLS_LABEL_3 72 +* NF9_MPLS_LABEL_4 73 +* NF9_MPLS_LABEL_5 74 +* NF9_MPLS_LABEL_6 75 +* NF9_MPLS_LABEL_7 76 +* NF9_MPLS_LABEL_8 77 +* NF9_MPLS_LABEL_9 78 +* NF9_MPLS_LABEL_10 79 +* NF9_IN_DST_MAC 80 +* NF9_OUT_SRC_MAC 81 -#define NF9_FORWARDING_STATUS 89 +* NF9_FORWARDING_STATUS 89 -#define NF9_BGP_ADJ_NEXT_AS 128 -#define NF9_BGP_ADJ_PREV_AS 129 +* NF9_BGP_ADJ_NEXT_AS 128 +* NF9_BGP_ADJ_PREV_AS 129 // CISCO ASA NSEL extension - Network Security Event Logging -#define NF_F_FLOW_BYTES 85 -#define NF_F_CONN_ID 148 -#define NF_F_FLOW_CREATE_TIME_MSEC 152 -#define NF_F_ICMP_TYPE 176 -#define NF_F_ICMP_CODE 177 -#define NF_F_ICMP_TYPE_IPV6 178 -#define NF_F_ICMP_CODE_IPV6 179 -#define NF_F_FWD_FLOW_DELTA_BYTES 231 -#define NF_F_REV_FLOW_DELTA_BYTES 232 -#define NF_F_FW_EVENT84 233 -#define NF_F_EVENT_TIME_MSEC 323 -#define NF_F_INGRESS_ACL_ID 33000 -#define NF_F_EGRESS_ACL_ID 33001 -#define NF_F_FW_EXT_EVENT 33002 -#define NF_F_USERNAME 40000 -#define NF_F_XLATE_SRC_ADDR_IPV4 40001 -#define NF_F_XLATE_DST_ADDR_IPV4 40002 -#define NF_F_XLATE_SRC_PORT 40003 -#define NF_F_XLATE_DST_PORT 40004 -#define NF_F_FW_EVENT 40005 + +* NF_F_FLOW_BYTES 85 +* NF_F_CONN_ID 148 +* NF_F_FLOW_CREATE_TIME_MSEC 152 +* NF_F_ICMP_TYPE 176 +* NF_F_ICMP_CODE 177 +* NF_F_ICMP_TYPE_IPV6 178 +* NF_F_ICMP_CODE_IPV6 179 +* NF_F_FWD_FLOW_DELTA_BYTES 231 +* NF_F_REV_FLOW_DELTA_BYTES 232 +* NF_F_FW_EVENT84 233 +* NF_F_EVENT_TIME_MSEC 323 +* NF_F_INGRESS_ACL_ID 33000 +* NF_F_EGRESS_ACL_ID 33001 +* NF_F_FW_EXT_EVENT 33002 +* NF_F_USERNAME 40000 +* NF_F_XLATE_SRC_ADDR_IPV4 40001 +* NF_F_XLATE_DST_ADDR_IPV4 40002 +* NF_F_XLATE_SRC_PORT 40003 +* NF_F_XLATE_DST_PORT 40004 +* NF_F_FW_EVENT 40005 // Cisco ASR 1000 series NEL extension - Nat Event Logging -#define NF_N_NAT_EVENT 230 -#define NF_N_INGRESS_VRFID 234 -#define NF_N_NAT_INSIDE_GLOBAL_IPV4 225 -#define NF_N_NAT_OUTSIDE_GLOBAL_IPV4 226 -#define NF_N_POST_NAPT_SRC_PORT 227 -#define NF_N_POST_NAPT_DST_PORT 228 + +* NF_N_NAT_EVENT 230 +* NF_N_INGRESS_VRFID 234 +* NF_N_NAT_INSIDE_GLOBAL_IPV4 225 +* NF_N_NAT_OUTSIDE_GLOBAL_IPV4 226 +* NF_N_POST_NAPT_SRC_PORT 227 +* NF_N_POST_NAPT_DST_PORT 228 // nprobe latency extensions -#define NF9_NPROBE_CLIENT_NW_DELAY_SEC 57554 -#define NF9_NPROBE_CLIENT_NW_DELAY_USEC 57555 -#define NF9_NPROBE_SERVER_NW_DELAY_SEC 57556 -#define NF9_NPROBE_SERVER_NW_DELAY_USEC 57557 -#define NF9_NPROBE_APPL_LATENCY_SEC 57558 -#define NF9_NPROBE_APPL_LATENCY_USEC 57559 + +* NF9_NPROBE_CLIENT_NW_DELAY_SEC 57554 +* NF9_NPROBE_CLIENT_NW_DELAY_USEC 57555 +* NF9_NPROBE_SERVER_NW_DELAY_SEC 57556 +* NF9_NPROBE_SERVER_NW_DELAY_USEC 57557 +* NF9_NPROBE_APPL_LATENCY_SEC 57558 +* NF9_NPROBE_APPL_LATENCY_USEC 57559 32 and 64 bit counters are supported for any counters. However, internally nfdump stores packets and bytes counters always as 64bit counters.