Comments (3)
akshah
commented on August 26, 2024
Hey @dbardbar , can you please link the documentation/rfc that describe the parsing of these 32bits
from vflow.
dbardbar
commented on August 26, 2024
@akshah - following our conversation - references for encoding:
For the expanded format - AFAIK this is not covered in any RFC, but is explained in the the sflow version 5 standard - https://sflow.org/sflow_version_5.txt
- SourceID encoding in expanded format as 32/32 bit - see page 31 (sflow_data_source_expanded)
- Interface encoding in expanded format as 32/32 bit - see page 31 (interface_expanded)
For the compact format, this is covered in RFC 3176 - https://www.rfc-editor.org/rfc/rfc3176
-
SourceID encoding as 8/24 bit composite field - see page 20 (struct flow_sample) and page 24 (struct counters_sample).
-
Output interface encoding as 2/30 bit composite field - see page 20 (search for "unsigned int output")
-
Input interface encoding as 2/30 bit composite field, but actually the top 2 bits are always 0 - that's not in the RFC, but is explained in the sflow5 standard (https://sflow.org/sflow_version_5.txt) , page 27, at the bottom, where it says "Note: Formats 1 & 2"
from vflow.
dbardbar
commented on August 26, 2024
Also, attaching sflow pcap in expanded and compact format. Use wireshark to see how it parses the fields, especially look at the hex output, and see that it shows which bytes were used to obtain each element, once you click it.
pcaps.zip
from vflow.
Related Issues (20)
- Errors in trying to use this project as a library HOT 6
- Vflow support of Kafka Partition key
- memcache.go has possible hash collisions, leading to wrong values saved/retrieved from cache
- vflow_ipfix_udp_packets doesn't increase on stress traffic
- Abandoned project? HOT 16
- sflow packets with padding after sample is not parsed correctly
- sflow packets with sample packets of non-UDP/TCP/ICMP are dropped HOT 1
- nf9/ipfix fields of type String are copied to the JSON output as-is, without handling special charachters HOT 1
- Parsing of sflow SourceID from sample record is wrong
- ipfix/nf9 unknown elements cause whole data to be dropped HOT 1
- kafka: client has run out of available brokers to talk to (Is your cluster reachable?)
- UDP InErrors observed in sflow listener under load tesing HOT 1
- [kafka.segmentio] not creating topics
- [kafka] timestamp for all messages is always 01/01/1970, 06:59:59
- installation memo HOT 2
- Vflow does'nt recieve Netflow packets HOT 1
- Can't connecting to nsqd HOT 1
- realtime consume data from kafka to clickhouse
- update go.mod
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vflow.