calmh / ipfix Goto Github PK

Statistics Option Template
yaf will export information about its process periodically using IPFIX Options Template Record. This record gives information about the status of the flow and fragment table, as well as decoding information. This can be turned off using the --no-stats option. The following Information Elements will be exported:

systemInitTimeMilliseconds IE 161, 8 octets, unsigned
The time in milliseconds of the last (re-)initialization of yaf.

exportedFlowRecordTotalCount IE 42, 8 octets, unsigned
Total amount of exported flows from yaf start time.

packetTotalCount IE 86, 8 octets, unsigned
Total amount of packets processed by yaf from yaf start time.

droppedPacketTotalCount IE 135, 8 octets, unsigned
Total amount of dropped packets according to statistics given by libpcap, libdag, or the Napatech or Netronome APIs.

ignoredPacketTotalCount IE 164, 8 octets, unsigned
Total amount of packets ignored by the yaf packet decoder, such as unsupported packet types and incomplete headers, from yaf start time.

notSentPacketTotalCount IE 167, 8 octets, unsigned
Total amount of packets rejected by yaf because they were received out of sequence.

expiredFragmentCount CERT (PEN 6871) IE 100, 4 octets, unsigned
Total amount of fragments that have been expired since yaf start time.

assembledFragmentCount CERT (PEN 6871) IE 101, 4 octets, unsigned
Total number of packets that been assembled from a series of fragments since yaf start time.

flowTableFlushEventCount CERT (PEN 6871) IE 104, 4 octets, unsigned
Total number of times the yaf flow table has been flushed since yaf start time.

flowTablePeakCount CERT (PEN 6871) IE 105, 4 octets, unsigned
The maximum number of flows in the yaf flow table at any one time since yaf start time.

exporterIPv4Address IE 130, 4 octets, unsigned
The IPv4 Address of the yaf flow sensor.

exportingProcessId IE 144, 4 octets, unsigned
Set the ID of the yaf flow sensor by giving a value to --observation-domain. The default is 0.

meanFlowRate CERT (PEN 6871) IE 102, 4 octets, unsigned
The mean flow rate of the yaf flow sensor since yaf start time, rounded to the nearest integer.

meanPacketRate CERT (PEN 6871) IE 103, 4 octets, unsigned
The mean packet rate of the yaf flow sensor since yaf start time, rounded to the nearest integer.

cannot use pc (type net.PacketConn) as type io.Reader in argument to s.ParseReader:
        net.PacketConn does not implement io.Reader (missing Read method)

package ipfix_test

import (
    "encoding/hex"
    "testing"
    "github.com/calmh/ipfix"
)

func TestParsingTemplateAndDataRecords(t *testing.T) {
    packet, _ := hex.DecodeString("000a00405685b3700000000000bc614e000200140100000300080004000c0004000200040100001cc0a800c9c0a80001000000ebc0a800cac0a800010000002a")
    p := ipfix.NewSession()

    msg, err := p.ParseBuffer(packet)
    if err != nil {
        t.Fatal("ParseBuffer failed", err)
    }

    if len(msg.DataRecords) != 1 {
        t.Error("Incorrect number of data records", len(msg.DataRecords))
    }
    if len(msg.TemplateRecords) != 1 {
        t.Error("Incorrect number of template records", len(msg.TemplateRecords))
    }
}