From 4f639231c83b09ea004c03e95c702b7750bf9930 Mon Sep 17 00:00:00 2001 From: Ander Juaristi Date: Fri, 26 Apr 2019 09:58:06 +0200 Subject: IPFIX: Add IPFIX output plugin This patch adds an IPFIX output plugin to ulogd2. It generates NetFlow/IPFIX traces and sends them to a remote server (collector) via TCP or UDP. Based on original work by Holger Eitzenberger . How to test this ---------------- I am currently testing this with the NFCT input and Wireshark. Place the following in ulogd.conf: # this will print all flows on screen loglevel=1 # load NFCT and IPFIX plugins plugin="/lib/ulogd/ulogd_inpflow_NFCT.so" plugin="/lib/ulogd/ulogd_output_IPFIX.so" stack=ct1:NFCT,ipfix1:IPFIX [ct1] netlink_socket_buffer_size=217088 netlink_socket_buffer_maxsize=1085440 accept_proto_filter=tcp,sctp [ipfix1] oid=1 host="127.0.0.1" #port=4739 #send_template="once" I am currently testing it by launching a plain NetCat listener on port 4739 (the default for IPFIX) and then running Wireshark and see that it dissects the IPFIX/NetFlow traffic correctly (obviously this relies on the Wireshark NetFlow dissector being correct). First: nc -vvvv -l 127.0.0.1 4739 Then: sudo ulogd -vc ulogd.conf Signed-off-by: Ander Juaristi Signed-off-by: Pablo Neira Ayuso --- include/ulogd/ulogd.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/ulogd/ulogd.h b/include/ulogd/ulogd.h index 2e38195..1636a8c 100644 --- a/include/ulogd/ulogd.h +++ b/include/ulogd/ulogd.h @@ -28,6 +28,11 @@ /* types without length */ #define ULOGD_RET_NONE 0x0000 +#define __packed __attribute__((packed)) +#define __noreturn __attribute__((noreturn)) +#define __cold __attribute__((cold)) + +#define __packed __attribute__((packed)) #define ULOGD_RET_INT8 0x0001 #define ULOGD_RET_INT16 0x0002 -- cgit v1.2.3