Comments (3)
notti
commented on July 29, 2024
At the moment, transport layers that aren't TCP/UDP simply aren't exported.
- Do you mean exposed as TransportLayer in packet?
- Or are you not seeing the flows?
at 1.:
What you described above would do exactly that. Right now the transport layers that target the most IEs in the IANA ipfix spec are implemented (TCP, UDP, ICMPv4/6). All the other layers below, that are implemented, are the ones that are needed to being able to decode those.
The original Idea was that if features needed more, they should decode the rest themselves. Right now there is no generic way of doing that, but it shouldn't be hard to implement. Maybe add something to decode() that holds a pointer to the top most decoded layer (which would be IP for OSPF) which can be retrieved with some function. From there on one could continue with NextLayerType() and LayerPayload().
The reason this is done by hand was to get this part really fast (every packet has to go through this!). This works faster because no layers are ever allocated (they are part of the packet buffer) - instead the layers are reused everytime.
Maybe it we could also provide an additional slice in the packet buffer where one could add additionally decoded Layers so if multiple features use the same layer it only needs to be decoded once. This can then be done in a generic way (gopacket hast functions where you can daisy chain the NextLayer and decoding stuff) - or with some kind of filter.
at 2.:
Well this can be caused by the flow key. If for instance the port is part of the flow key this can never work since OSPF has no notion of ports. The same is true for every other protocol that has no ports.
from go-flows.
dcferreira
commented on July 29, 2024
Sorry, I wasn't clear. I have a file with empty flowkey, and only feature is packetTotalCount. When I run it on an OSPF packet, the csv exporter doesn't export anything.
I also tried with some other flowkeys (e.g., only source ip).
from go-flows.
notti
commented on July 29, 2024
Ah sorry thats then option 3.
try flipping the lines
Line 624 in a066f89
Line 576 in a066f89
to
return true
These should actually return true (basically false would mean "I couldn't decode the packet" - But these two actually say "I couldn't find TCP,UDP,ICMP"). In the beginning this was needed, since the flow key didn't check if layers existed... Should be fixed by now. So hopefully nothing breaks if this is true...
from go-flows.
Related Issues (15)
- SIGSEGV when exporting each packet as a flow HOT 2
- Change label function to decoded version
- Implementing application layer features HOT 3
- the distinct operation does not work as expected HOT 2
- -perpacket and flowDirection
- panic: runtime error: integer divide by zero - {"divide": ["ipTotalLength", "flowDurationMilliseconds"]}
- SLL support HOT 5
- Error when creating feature with "and" function
- Improve perpacket export
- Tests with pcap files HOT 1
- Read Error (and doesn't stop) HOT 4
- Allow non-existing ports in flowkey
- UpConvertTypes may return invalid values HOT 1
- How to properly use the CSV input feature HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-flows.