Implement #515 features

man/nfdump.1

@@ -1713,6 +1713,10 @@ Forwarding Status
 Src vlan label
 .It Cm %dvln
 Dst vlan label
+.It Cm %scvln
+Src customer vlan label
+.It Cm %dcvln
+Dst customer vlan label
 .It Cm %ismc
 Input Src Mac Addr
 .It Cm %odmc

src/inline/nffile_inline.c

@@ -44,13 +44,16 @@ static inline int MapRecordHandle(recordHandle_t *handle, recordHeaderV3_t *reco
     elementHeader_t *elementHeader = (elementHeader_t *)((void *)recordHeaderV3 + sizeof(recordHeaderV3_t));
     // map all extensions
     for (int i = 0; i < recordHeaderV3->numElements; i++) {
-        if ((elementHeader->type > 0 && elementHeader->type < MAXEXTENSIONS) && elementHeader->length != 0) {
+        if (elementHeader->length == 0 || elementHeader->type == 0) {
+            LogInfo("Corrupt extension Type: %u with Length: %u", elementHeader->type, elementHeader->length);
+            return 0;
+        }
+        if (elementHeader->type < MAXEXTENSIONS) {
             handle->extensionList[elementHeader->type] = (void *)elementHeader + sizeof(elementHeader_t);
-            elementHeader = (elementHeader_t *)((void *)elementHeader + elementHeader->length);
         } else {
-            LogError("Invalid extension Type: %u, Length: %u", elementHeader->type, elementHeader->length);
-            return 0;
+            LogInfo("Skip unknown extension Type: %u, Length: %u", elementHeader->type, elementHeader->length);
         }
+        elementHeader = (elementHeader_t *)((void *)elementHeader + elementHeader->length);
     }
     handle->extensionList[EXnull] = (void *)recordHeaderV3;
     handle->extensionList[EXlocal] = (void *)handle;

src/libnfdump/filter/grammar.y

@@ -1956,17 +1956,28 @@ static int AddVlanNumber(direction_t direction, uint64_t num) {
 
 	int ret = -1;
 	switch ( direction ) {
-		case DIR_UNSPEC:
-			ret = Connect_OR(
-				NewElement(EXvLanID, OFFsrcVlan, SIZEsrcVlan, num, CMP_EQ, FUNC_NONE, NULLPtr),
-				NewElement(EXvLanID, OFFdstVlan, SIZEdstVlan, num, CMP_EQ, FUNC_NONE, NULLPtr)
+		case DIR_UNSPEC: {
+			int src = Connect_OR(
+			  NewElement(EXvLanID, OFFsrcVlan, SIZEsrcVlan, num, CMP_EQ, FUNC_NONE, NULLPtr),
+			  NewElement(EXdot1qID, OFFvlanID, SIZEvlanID, num, CMP_EQ, FUNC_NONE, NULLPtr)
 			);
-			break;
+			int dst = Connect_OR(
+			  NewElement(EXvLanID, OFFdstVlan, SIZEdstVlan, num, CMP_EQ, FUNC_NONE, NULLPtr),
+			  NewElement(EXdot1qID, OFFpostVlanID, SIZEpostVlanID, num, CMP_EQ, FUNC_NONE, NULLPtr)
+			);
+			ret = Connect_OR(src,dst);
+			} break;
 		case DIR_SRC: 
-			ret = NewElement(EXvLanID, OFFsrcVlan, SIZEsrcVlan, num, CMP_EQ, FUNC_NONE, NULLPtr);
+			ret = Connect_OR(
+			  NewElement(EXvLanID, OFFsrcVlan, SIZEsrcVlan, num, CMP_EQ, FUNC_NONE, NULLPtr),
+			  NewElement(EXdot1qID, OFFvlanID, SIZEvlanID, num, CMP_EQ, FUNC_NONE, NULLPtr)
+			);
 			break;
 		case DIR_DST: 
-			ret = NewElement(EXvLanID, OFFdstVlan, SIZEdstVlan, num, CMP_EQ, FUNC_NONE, NULLPtr);
+			ret = Connect_OR(
+			  NewElement(EXvLanID, OFFdstVlan, SIZEdstVlan, num, CMP_EQ, FUNC_NONE, NULLPtr),
+			  NewElement(EXdot1qID, OFFpostVlanID, SIZEpostVlanID, num, CMP_EQ, FUNC_NONE, NULLPtr)
+			);
 			break;
 		default:
 			yyerror("Unknown vlan direction");

src/libnffile/nfxV3.h

@@ -641,8 +641,36 @@ typedef struct EXpfinfo_s {
 #define SIZEpfRuleNr MemberSize(EXpfinfo_t, rulenr)
 #define EXpfinfoSize (sizeof(EXpfinfo_t) - 4 + sizeof(elementHeader_t))
 
+typedef struct EXdot1q_s {
+#define EXdot1qID 38
+    uint16_t vlanID;
+    uint16_t customerVlanId;
+    uint16_t postVlanID;
+    uint16_t postCustomerVlanId;
+#define OFFvlanID offsetof(EXdot1q_t, vlanID)
+#define SIZEvlanID MemberSize(EXdot1q_t, vlanID)
+#define OFFpostVlanID offsetof(EXdot1q_t, postVlanID)
+#define SIZEpostVlanID MemberSize(EXdot1q_t, postVlanID)
+#define OFFcustomerVlanId offsetof(EXdot1q_t, customerVlanId)
+#define SIZEcustomerVlanId MemberSize(EXdot1q_t, customerVlanId)
+#define OFFpostCustomerVlanId offsetof(EXdot1q_t, postCustomerVlanId)
+#define SIZEpostCustomerVlanId MemberSize(EXdot1q_t, postCustomerVlanId)
+} EXdot1q_t;
+#define EXdot1qSize (sizeof(EXdot1q_t) + sizeof(elementHeader_t))
+
+typedef struct EXphysicalInterface_s {
+#define EXphysicalInterfaceID 39
+    uint32_t ingress;
+    uint32_t egress;
+#define OFFphysIngress offsetof(EXphysicalInterface_t, ingress)
+#define SIZEphysIngress MemberSize(EXphysicalInterface_t, ingress)
+#define OFFphysEgress offsetof(EXphysicalInterface_t, egress)
+#define SIZEphysEgress MemberSize(EXphysicalInterface_t, egress)
+} EXphysicalInterface_t;
+#define EXphysicalInterfaceSize (sizeof(EXphysicalInterface_t) + sizeof(elementHeader_t))
+
 // max possible elements
-#define MAXEXTENSIONS 38
+#define MAXEXTENSIONS 40
 
 // push a fixed length extension to the v3 record
 // h v3 record header
@@ -710,7 +738,7 @@ static const struct extensionTable_s {
     EXTENSION(EXnselXlateIPv4), EXTENSION(EXnselXlateIPv6), EXTENSION(EXnselXlatePort), EXTENSION(EXnselAcl),      EXTENSION(EXnselUser),
     EXTENSION(EXnelCommon),     EXTENSION(EXnelXlatePort),  EXTENSION(EXnbarApp),       EXTENSION(EXlabel),        EXTENSION(EXinPayload),
     EXTENSION(EXoutPayload),    EXTENSION(EXtunIPv4),       EXTENSION(EXtunIPv6),       EXTENSION(EXobservation),  EXTENSION(EXinmonMeta),
-    EXTENSION(EXinmonFrame),    EXTENSION(EXvrf),           EXTENSION(EXpfinfo)};
+    EXTENSION(EXinmonFrame),    EXTENSION(EXvrf),           EXTENSION(EXpfinfo),        EXTENSION(EXdot1q),        EXTENSION(EXphysicalInterface)};
 
 typedef struct record_map_s {
     recordHeaderV3_t *recordHeader;

src/netflow/ipfix.c

@@ -171,10 +171,14 @@ static const struct ipfixTranslationMap_s {
     {IPFIX_postIpClassOfService, SIZEdstTos, NumberCopy, EXflowMiscID, OFFdstTos, STACK_NONE, "post IP class of Service"},
     {IPFIX_SourceMacAddress, SIZEinSrcMac, NumberCopy, EXmacAddrID, OFFinSrcMac, STACK_NONE, "in src MAC addr"},
     {IPFIX_postDestinationMacAddress, SIZEoutDstMac, NumberCopy, EXmacAddrID, OFFoutDstMac, STACK_NONE, "out dst MAC addr"},
-    {IPFIX_vlanId, SIZEsrcVlan, NumberCopy, EXvLanID, OFFsrcVlan, STACK_NONE, "src VLAN ID"},
-    {IPFIX_postVlanId, SIZEdstVlan, NumberCopy, EXvLanID, OFFdstVlan, STACK_NONE, "dst VLAN ID"},
-    {IPFIX_dot1qVlanId, SIZEsrcVlan, NumberCopy, EXvLanID, OFFsrcVlan, STACK_NONE, "src VLAN ID"},
-    {IPFIX_postDot1qVlanId, SIZEdstVlan, NumberCopy, EXvLanID, OFFdstVlan, STACK_NONE, "dst VLAN ID"},
+    {IPFIX_vlanId, SIZEvlanID, NumberCopy, EXvLanID, OFFvlanID, STACK_NONE, "src VLAN ID"},
+    {IPFIX_postVlanId, SIZEpostVlanID, NumberCopy, EXvLanID, OFFpostVlanID, STACK_NONE, "dst VLAN ID"},
+    {IPFIX_dot1qVlanId, SIZEvlanID, NumberCopy, EXdot1qID, OFFvlanID, STACK_NONE, "dot1q VLAN ID"},
+    {IPFIX_postDot1qVlanId, SIZEpostVlanID, NumberCopy, EXdot1qID, OFFpostVlanID, STACK_NONE, "dot1q post VLAN ID"},
+    {IPFIX_dot1qCustomerVlanId, SIZEcustomerVlanId, NumberCopy, EXdot1qID, OFFcustomerVlanId, STACK_NONE, "dot1q customer VLAN ID"},
+    {IPFIX_postDot1qCustomerVlanId, SIZEpostCustomerVlanId, NumberCopy, EXdot1qID, OFFpostCustomerVlanId, STACK_NONE, "dot1q post customer VLAN ID"},
+    {IPFIX_ingressPhysicalInterface, SIZEphysIngress, NumberCopy, EXphysicalInterfaceID, OFFphysIngress, STACK_NONE, "ingress physical interface ID"},
+    {IPFIX_egressPhysicalInterface, SIZEphysEgress, NumberCopy, EXphysicalInterfaceID, OFFphysEgress, STACK_NONE, "egress physical interface ID"},
     {IPFIX_flowDirection, SIZEdir, NumberCopy, EXflowMiscID, OFFdir, STACK_NONE, "flow direction"},
     {IPFIX_biflowDirection, SIZEbiFlowDir, NumberCopy, EXflowMiscID, OFFbiFlowDir, STACK_NONE, "biFlow direction"},
     {IPFIX_flowEndReason, SIZEflowEndReason, NumberCopy, EXflowMiscID, OFFflowEndReason, STACK_NONE, "Flow end reason"},

src/netflow/ipfix.h

@@ -309,6 +309,12 @@ typedef struct ipfix_template_elements_e_s {
 #define IPFIX_dot1qVlanId 243
 #define IPFIX_postDot1qVlanId 254
 
+#define IPFIX_dot1qCustomerVlanId 245
+#define IPFIX_postDot1qCustomerVlanId 255
+
+#define IPFIX_ingressPhysicalInterface 252
+#define IPFIX_egressPhysicalInterface 253
+
 // sub template IDs
 #define IPFIX_newconnections 278
 #define IPFIX_subTemplateList 292

src/netflow/netflow_v9.c

@@ -170,10 +170,14 @@ static const struct v9TranslationMap_s {
     {NF_F_fragmentFlags, SIZEfragmentFlags, NumberCopy, EXflowMiscID, OFFfragmentFlags, STACK_NONE, "IP fragment flags"},
     {NF9_IN_SRC_MAC, SIZEinSrcMac, NumberCopy, EXmacAddrID, OFFinSrcMac, STACK_NONE, "in src MAC addr"},
     {NF9_OUT_DST_MAC, SIZEoutDstMac, NumberCopy, EXmacAddrID, OFFoutDstMac, STACK_NONE, "out dst MAC addr"},
-    {NF9_SRC_VLAN, SIZEsrcVlan, NumberCopy, EXvLanID, OFFsrcVlan, STACK_NONE, "src VLAN ID"},
-    {NF9_DST_VLAN, SIZEdstVlan, NumberCopy, EXvLanID, OFFdstVlan, STACK_NONE, "dst VLAN ID"},
-    {NF_F_dot1qVlanId, SIZEsrcVlan, NumberCopy, EXvLanID, OFFsrcVlan, STACK_NONE, "src VLAN ID"},
-    {NF_F_postDot1qVlanId, SIZEdstVlan, NumberCopy, EXvLanID, OFFdstVlan, STACK_NONE, "dst VLAN ID"},
+    {NF9_SRC_VLAN, SIZEvlanID, NumberCopy, EXvLanID, OFFvlanID, STACK_NONE, "src VLAN ID"},
+    {NF9_DST_VLAN, SIZEvlanID, NumberCopy, EXvLanID, OFFvlanID, STACK_NONE, "dst VLAN ID"},
+    {NF_F_dot1qVlanId, SIZEvlanID, NumberCopy, EXdot1qID, OFFvlanID, STACK_NONE, "dot1q VLAN ID"},
+    {NF_F_postDot1qVlanId, SIZEvlanID, NumberCopy, EXdot1qID, OFFvlanID, STACK_NONE, "dot1q post VLAN ID"},
+    {NF_F_dot1qCustomerVlanId, SIZEcustomerVlanId, NumberCopy, EXdot1qID, OFFcustomerVlanId, STACK_NONE, "dot1q customer VLAN ID"},
+    {NF_F_postDot1qCustomerVlanId, SIZEpostCustomerVlanId, NumberCopy, EXdot1qID, OFFpostCustomerVlanId, STACK_NONE, "dot1q post customer VLAN ID"},
+    {NF_F_ingressPhysicalInterface, SIZEphysIngress, NumberCopy, EXphysicalInterfaceID, OFFphysIngress, STACK_NONE, "ingress physical interface ID"},
+    {NF_F_egressPhysicalInterface, SIZEphysEgress, NumberCopy, EXphysicalInterfaceID, OFFphysEgress, STACK_NONE, "egress physical interface ID"},
     {NF9_DIRECTION, SIZEdir, NumberCopy, EXflowMiscID, OFFdir, STACK_NONE, "flow direction"},
     {NF9_V6_NEXT_HOP, SIZENextHopV6IP, NumberCopy, EXipNextHopV6ID, OFFNextHopV6IP, STACK_NONE, "IPv6 next hop IP"},
     {NF9_BPG_V6_NEXT_HOP, SIZEbgp6NextIP, NumberCopy, EXbgpNextHopV6ID, OFFbgp6NextIP, STACK_NONE, "IPv6 bgp next hop IP"},

src/netflow/netflow_v9.h

@@ -229,6 +229,12 @@ typedef struct common_header_s {
 #define NF_F_dot1qVlanId 243
 #define NF_F_postDot1qVlanId 254
 
+#define NF_F_dot1qCustomerVlanId 245
+#define NF_F_postDot1qCustomerVlanId 255
+
+#define NF_F_ingressPhysicalInterface 252
+#define NF_F_egressPhysicalInterface 253
+
 // CISCO ASA NSEL/NEL extension - Network Security Event Logging
 #define NF_F_CONN_ID 148
 #define NF_F_FLOW_CREATE_TIME_MSEC 152

src/nfdump/nflowcache.c

@@ -141,8 +141,8 @@ static struct aggregationElement_s {
                         {"mpls8", {EXmplsLabelID, OFFmplsLabel8, SIZEmplsLabel8, 0}, 0, NOPREPROCESS, 0, 0, "%mpls8"},
                         {"mpls9", {EXmplsLabelID, OFFmplsLabel9, SIZEmplsLabel9, 0}, 0, NOPREPROCESS, 0, 0, "%mpls9"},
                         {"mpls10", {EXmplsLabelID, OFFmplsLabel10, SIZEmplsLabel10, 0}, 0, NOPREPROCESS, 0, 0, "%mpls10"},
-                        {"srcvlan", {EXvLanID, OFFsrcVlan, SIZEsrcVlan, 0}, 0, NOPREPROCESS, 0, 0, "%svln"},
-                        {"dstvlan", {EXvLanID, OFFdstVlan, SIZEdstVlan, 0}, 0, NOPREPROCESS, 0, 0, "%dvln"},
+                        {"srcvlan", {EXvLanID, OFFvlanID, SIZEvlanID, 0}, 0, NOPREPROCESS, 0, 0, "%svln"},
+                        {"dstvlan", {EXvLanID, OFFpostVlanID, SIZEpostVlanID, 0}, 0, NOPREPROCESS, 0, 0, "%dvln"},
                         {"odid", {EXobservationID, OFFdomainID, SIZEdomainID, 0}, 0, NOPREPROCESS, 0, 0, "%odid"},
                         {"opid", {EXobservationID, OFFpointID, SIZEpointID, 0}, 0, NOPREPROCESS, 0, 0, "%opid"},
                         {"srcgeo", {EXlocal, OFFgeoSrcIP, SizeGEOloc, 0}, 0, SRC_GEO, 0, 0, "%sc"},

src/nfdump/nfstat.c

@@ -147,10 +147,10 @@ struct StatParameter_s {
     {"dstmask", "Dst Mask", {EXflowMiscID, OFFdstMask, SIZEdstMask, 0}, IS_NUMBER, NOPROC},
     {"mask", "Mask", {EXflowMiscID, OFFsrcMask, SIZEsrcMask, 0}, IS_NUMBER, NOPROC},
     {"mask", NULL, {EXflowMiscID, OFFdstMask, SIZEdstMask, 0}, IS_NUMBER, NOPROC},
-    {"srcvlan", "Src Vlan", {EXvLanID, OFFsrcVlan, SIZEsrcVlan, 0}, IS_NUMBER, NOPROC},
-    {"dstvlan", "Dst Vlan", {EXvLanID, OFFdstVlan, SIZEdstVlan, 0}, IS_NUMBER, NOPROC},
-    {"vlan", "Vlan", {EXvLanID, OFFsrcVlan, SIZEsrcVlan, 0}, IS_NUMBER, NOPROC},
-    {"vlan", NULL, {EXvLanID, OFFdstVlan, SIZEdstVlan, 0}, IS_NUMBER, NOPROC},
+    {"srcvlan", "Src Vlan", {EXvLanID, OFFvlanID, SIZEvlanID, 0}, IS_NUMBER, NOPROC},
+    {"dstvlan", "Dst Vlan", {EXvLanID, OFFpostVlanID, SIZEpostVlanID, 0}, IS_NUMBER, NOPROC},
+    {"vlan", "Vlan", {EXvLanID, OFFvlanID, SIZEvlanID, 0}, IS_NUMBER, NOPROC},
+    {"vlan", NULL, {EXvLanID, OFFpostVlanID, SIZEpostVlanID, 0}, IS_NUMBER, NOPROC},
     {"insrcmac", "In Src Mac", {EXmacAddrID, OFFinSrcMac, SIZEinSrcMac, 0}, IS_MACADDR, NOPROC},
     {"outdstmac", "Out Dst Mac", {EXmacAddrID, OFFoutDstMac, SIZEoutDstMac, 0}, IS_MACADDR, NOPROC},
     {"indstmac", "In Dst Mac", {EXmacAddrID, OFFinDstMac, SIZEinDstMac, 0}, IS_MACADDR, NOPROC},

src/nfpcapd/flowdump.c

@@ -137,7 +137,7 @@ static int StorePcapFlow(flowParam_t *flowParam, struct FlowNode *Node) {
             if (Node->vlanID) {
                 UpdateRecordSize(EXvLanSize);
                 PushExtension(recordHeader, EXvLan, vlan);
-                vlan->dstVlan = Node->vlanID;
+                vlan->srcVlan = Node->vlanID;
             }
 
             if (Node->srcMac) {

src/nfreplay/send_v9.c

@@ -357,6 +357,21 @@ static outTemplate_t *GetOutputTemplate(recordHandle_t *recordHandle) {
                 count++;
                 data_length += 4;
                 break;
+            case EXdot1qID:
+                flowset->field[count].type = htons(NF_F_dot1qVlanId);
+                flowset->field[count].length = htons(2);
+                count++;
+                flowset->field[count].type = htons(NF_F_postDot1qVlanId);
+                flowset->field[count].length = htons(2);
+                count++;
+                flowset->field[count].type = htons(NF_F_dot1qCustomerVlanId);
+                flowset->field[count].length = htons(2);
+                count++;
+                flowset->field[count].type = htons(NF_F_postDot1qCustomerVlanId);
+                flowset->field[count].length = htons(2);
+                count++;
+                data_length += 8;
+                break;
             case EXasRoutingID:
                 flowset->field[count].type = htons(NF9_SRC_AS);
                 flowset->field[count].length = htons(4);
@@ -571,6 +586,17 @@ static void Append_Record(send_peer_t *peer, recordHandle_t *recordHandle) {
                 Put_val16(htons(vLan->dstVlan), peer->buff_ptr);
                 peer->buff_ptr += 2;
             } break;
+            case EXdot1qID: {
+                EXdot1q_t *dot1q = (EXdot1q_t *)elementPtr;
+                Put_val16(htons(dot1q->vlanID), peer->buff_ptr);
+                peer->buff_ptr += 2;
+                Put_val16(htons(dot1q->postVlanID), peer->buff_ptr);
+                peer->buff_ptr += 2;
+                Put_val16(htons(dot1q->customerVlanId), peer->buff_ptr);
+                peer->buff_ptr += 2;
+                Put_val16(htons(dot1q->postCustomerVlanId), peer->buff_ptr);
+                peer->buff_ptr += 2;
+            } break;
             case EXasRoutingID: {
                 EXasRouting_t *asRouting = (EXasRouting_t *)elementPtr;
                 Put_val32(htonl(asRouting->srcAS), peer->buff_ptr);

src/nfreplay/send_v9.h

@@ -98,6 +98,14 @@
 #define NF_F_BGP_ADJ_NEXT_AS 128
 #define NF_F_BGP_ADJ_PREV_AS 129
 
+#define NF_F_dot1qVlanId 243
+#define NF_F_postDot1qVlanId 254
+#define NF_F_dot1qCustomerVlanId 245
+#define NF_F_postDot1qCustomerVlanId 255
+
+#define NF_F_ingressPhysicalInterface 252
+#define NF_F_egressPhysicalInterface 253
+
 int Init_v9_output(send_peer_t *peer);
 
 int Close_v9_output(send_peer_t *peer);