[flow-tools] Suggested feature

Mark Fullmer maf@eng.oar.net
Fri, 31 Jan 2003 10:25:19 -0500 

The "ip-next-hop-address" report in flow-report implements summaries
by next-hop.

mark

On Fri, Jan 31, 2003 at 02:59:21PM +1100, Will Lotto wrote:
> G'day,
> 
> First, thanks everyone for their help with the redundancy thing. I've
> decided to go down the path of two collectors, and just manually fail
> over if one goes awry.
> 
> I've been using the corperate gateway router (a cisco 3620 with NAT) for
> testing, and I've noticed it records all NAT'd traffic with the
> destination of the router, and a NextHop address of the computer it's
> destined to.
> It does not record flows for data traveling from it's NAT to the end
> computer, which means accounting via destination-address is impossible.
> 
> The suggested feature is simple, add a report to flow-stats, flow-report
> and flow-print showing the Next-Hop address.
> 
> 
> Here's a sample of (hack) code that allows me to total the traffic in
> flow-stats totaling for destination being next-hop
> 
> int format8(struct fmtargs *args)
> {
>   struct fts3rec_offsets fo;
>   struct fopd32 cur;
>   struct ftver ftv;
>   struct ftchash *ftch;
>   struct ftchash_rec_ip ftch_recip, *ftch_recipp;
>   struct fopd total;
>   u_int32 hash;
>   char *rec;
> 
>   ftio_get_ver(&args->ftio, &ftv);
> 
>   if (ftio_check_xfield(&args->ftio, FT_XFIELD_DPKTS |
>     FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST |
>     FT_XFIELD_NEXTHOP)) {
>     fterr_warnx("Flow record missing required field for format."); /*
> FT_XFIELD_NEXTHOP changed */
>     return -1;
>   }
> 
>   fts3rec_compute_offsets(&fo, &ftv);
> 
>   bzero(&total, sizeof total);
> 
>   bzero(&ftch_recip, sizeof ftch_recip);
> 
>   if (!(ftch = ftchash_new(65536, sizeof (struct ftchash_rec_ip), 4,
> 65536))) {
>     fterr_warnx("ftchash_new(): failed");
>     return -1;
>   }
> 
>   cur.flows = 1;
> 
>   while ((rec = ftio_read(&args->ftio))) {
> 
>     CUR_GET_PLUS_FLOWS;
> 
>     TOTAL_INC;
> 
>     ftch_recip.addr = *((u_int32*)(rec+fo.nexthop)); /* nexthop not
> destination */
> 
>     hash = (ftch_recip.addr>>16) ^ (ftch_recip.addr & 0xFFFF);
> 
>     if (!(ftch_recipp = ftchash_update(ftch, &ftch_recip, hash))) {
>       fterr_warnx("ftch_update(): failed");
>       ftchash_free(ftch);
>       return -1;
>     }
> 
>     STAT_INCP(ftch_recipp);
> 
>   }
> 
>   chash_ip_dump(ftch, args->cc, args->sort_order, args->options,
> &total);
> 
>   ftchash_free(ftch);
> 
>   return 0;
> 
> } /* format8 */
> 
> 
> Thanks,
> 
> Will Lotto