[Nfdump-discuss] IP_PROTOCOL_VERSION field in Netflow v9

[InterNetX - C. S. <car...@in...>]

Hello,

i saw, that nfcapd/nfdump is missing the implementation for IP_PROTOCOL_VERSION (60) field
for netflow version 9.

This is really bad because we can't decide which IP address to show in  nfdump output.

I'm using nprobe to send the netflow data with the following template:
"%IPV6_SRC_ADDR %IPV6_DST_ADDR %IPV4_SRC_ADDR %IPV4_DST_ADDR %LAST_SWITCHED %FIRST_SWITCHED
%IN_BYTES %OUT_BYTES %IN_PKTS %OUT_PKTS %L4_SRC_PORT %L4_DST_PORT %PROTOCOL %TCP_FLAGS
%IP_PROTOCOL_VERSION %INPUT_SRC_TOS %SRC_AS %DST_AS %IPV6_SRC_MASK %IPV6_DST_MASK %SRC_MASK %DST_MASK"

nfdump output, for e.g. ICMP6, only displays 0.0.0.0 as IP addresses instead of the real IPv6
adresses. The decission which IP SRC/DST address to display could be done by using the
IP_PROTOCOL_VERSION field.

Can you please implement this field for that purpose ?

Regards
-- 
Carsten Schöne
Leiter Rechenzentrum

InterNetX GmbH
Maximilianstr. 6
93047 Regensburg

Tel.   +49 941 59559-480
Fax   +49 941 59579-051

www.internetx.com
www.facebook.com/InterNetX
www.twitter.com/InterNetX

Geschäftsführer/CEO: Thomas Mörz
Amtsgericht Regensburg, HRB 7142