Add CISCO ASA elements initiatorPackets (298) responderPackets (299)

bin/netflow_v9.c

@@ -210,6 +210,7 @@ static struct v9_element_map_s {
 	{ NF9_IN_BYTES, 			 "bytes",			_8bytes,  _8bytes, move64_sampling, zero64, COMMON_BLOCK },
 	{ NF9_IN_PACKETS, 			 "packets",			_4bytes,  _8bytes, move32_sampling, zero64, COMMON_BLOCK },
 	{ NF9_IN_PACKETS, 			 "packets",			_8bytes,  _8bytes, move64_sampling, zero64, COMMON_BLOCK },
+	{ NF_F_INITIATORPACKETS, 	 "packets",			_8bytes,  _8bytes, move64_sampling, zero64, COMMON_BLOCK },
 
 	{ NF9_FLOWS_AGGR, 			 "flows",			_4bytes,  _4bytes, move32, zero32, EX_AGGR_FLOWS_4 },
 	{ NF9_FLOWS_AGGR, 			 "flows",			_8bytes,  _8bytes, move64, zero64, EX_AGGR_FLOWS_8 },
@@ -242,6 +243,7 @@ static struct v9_element_map_s {
 	{ NF9_OUT_BYTES, 			 "out bytes",		_8bytes,  _8bytes, move64_sampling, zero64, EX_OUT_BYTES_8 },
 	{ NF9_OUT_PKTS, 			 "out packets",		_4bytes,  _8bytes, move32_sampling, zero64, EX_OUT_PKG_8 },
 	{ NF9_OUT_PKTS, 			 "out packets",		_8bytes,  _8bytes, move64_sampling, zero64, EX_OUT_PKG_8 },
+	{ NF_F_RESPONDERPACKETS, 	 "out packets",		_8bytes,  _8bytes, move64_sampling, zero64, EX_OUT_PKG_8 },
 	{ NF9_IPV6_SRC_ADDR,		 "V6 src addr",		_16bytes, _16bytes, move128, zero128, COMMON_BLOCK },
 	{ NF9_IPV6_DST_ADDR,		 "V6 dst addr",		_16bytes, _16bytes, move128, zero128, COMMON_BLOCK },
 	{ NF9_IPV6_SRC_MASK, 	 	 "V6 src mask",		_1byte,   _1byte,  move8, zero8, EX_MULIPLE },
@@ -783,7 +785,12 @@ size_t				size_required;
 	 * This record is expected in the output stream. If not available
 	 * in the template, assume empty 4 bytes value
 	 */
-	PushSequence( table, NF9_IN_PACKETS, &offset, &table->packets, 0);
+	if ( cache.lookup_info[NF_F_INITIATORPACKETS].found ) {
+		PushSequence( table, NF_F_INITIATORPACKETS, &offset, &table->packets, 0);
+		dbg_printf("Push NF_F_INITIATORPACKETS\n");
+	} else {
+		PushSequence( table, NF9_IN_PACKETS, &offset, &table->packets, 0);
+	}
 	// fix: always have 64bit counters due to possible sampling
 	SetFlag(table->flags, FLAG_PKG_64);
 
@@ -866,7 +873,12 @@ size_t				size_required;
 				PushSequence( table, NF9_OUT_PKTS, &offset, &table->out_packets, 0);
 				break;
 			case EX_OUT_PKG_8:
-				PushSequence( table, NF9_OUT_PKTS, &offset, &table->out_packets, 0);
+				if ( cache.lookup_info[NF_F_RESPONDERPACKETS].found ) {
+					PushSequence( table, NF_F_RESPONDERPACKETS, &offset, &table->out_packets, 0);
+					dbg_printf("Push NF_F_RESPONDERPACKETS\n");
+				} else {
+					PushSequence( table, NF9_OUT_PKTS, &offset, &table->out_packets, 0);
+				}
 				break;
 			case EX_OUT_BYTES_4:
 				if ( cache.lookup_info[NF_F_REV_FLOW_DELTA_BYTES].found ) {

bin/netflow_v9.h

@@ -290,6 +290,10 @@ typedef struct common_header_s {
 #define NF_F_XLATE_DST_PORT_84      40004
 #define NF_F_FW_EVENT_84            40005
 
+// ASA 5508
+#define NF_F_INITIATORPACKETS		298
+#define NF_F_RESPONDERPACKETS		299
+
 // Cisco ASR 1000 series NEL extension - Nat Event Logging
 #define NF_N_NAT_EVENT				230
 #define NF_N_INGRESS_VRFID			234

bin/nf_common.c

@@ -658,7 +658,7 @@ char *Get_fwd_status_name(uint32_t id) {
 
 } // End of Get_fwd_status_name
 
-void format_file_block_header(void *header, char ** s, int tag) {
+void format_file_block_header(void *header, char **s, int tag) {
 data_block_header_t *h = (data_block_header_t *)header;
 	
 	snprintf(data_string,STRINGSIZE-1 ,""
@@ -673,7 +673,7 @@ data_block_header_t *h = (data_block_header_t *)header;
 
 } // End of format_file_block_header
 
-void format_file_block_record(void *record, char ** s, int tag) {
+void format_file_block_record(void *record, char **s, int tag) {
 char 		*_s, as[IP_STRING_LEN], ds[IP_STRING_LEN], datestr1[64], datestr2[64], datestr3[64], flags_str[16];
 char		s_snet[IP_STRING_LEN], s_dnet[IP_STRING_LEN], s_proto[32];
 int			i, id;