commit 63abf52ec640a019f8c45c1208f0dfb585641781
Padding: add offset!=length check to reduce safety check calls
Adds another check when parsing a set. The check "offset !=
self.header.length" allows to skip the padding checks if the offset is
the same as the length, not calling rest_is_padding_zeroes and wasting
CPU time.
commit 8d1cf9cac12c45c0af70591b646d898ba5c923fc
Finish IPFIX padding handling
Tested implementation of IPFIX set padding handling. Uses TK-Khaw's
proposed no_padding_last_offset calculation, extended as modulo
calculation to match multiple data set records.
Tests were conducted by capturing live traffic on a test machine with
tcpdump, then this capture file was read in by softflowd 1.1.0, with the
collector.py as the export target. The exported IPFIX (v10) packets were
then using both no padding and padding, so that tests could be
validated.
Closes#34
Signed-off-by: Dominik Pataky <software+pynetflow@dpataky.eu>
commit 51ce4eaa268e4bda5be89e1d430477d12fc8a72c
Fix and optimize padding calculation for IPFIX sets.
Refs #34
commit 9d3c4135385ca9714b7631a0c5af46feb891a9fb
Author: Khaw Teng Kang <tk.khaw@attrelogix.com>
Date: Tue Jul 5 16:29:12 2022 +0800
Reverted changes to template_record, data_length is now computed using field length in template.
Signed-off-by: Khaw Teng Kang <tk.khaw@attrelogix.com>
commit 3c4f8e62892876d4a2d42288843890b97244df55
IPFIX: handle padding (zero bytes) in sets
Adds a check to each IPFIX set ID branch, checking if the rest of the
bytes in this set is padding/zeroes.
Refs #34
Signed-off-by: Dominik Pataky <software+pynetflow@dpataky.eu>
There's no 3.9.3, only 3.9.2, which is also the correct Debian version.
3.11.1 is available in pyenv 2.3.8, but 2.3.7 is currently in use by the
Github action. So 3.11 is used, which uses the latest patch version
Previously, option templates and their data records were not correctly
recognized. This is fixed now. Collectors can now use the
V9ExportPacket.options field to get a list of V9OptionsDataRecord, with
scopes and data fields.
Templates are mixed in the templates dict. They will have both data
templates and option templates. Let's hope exporters do not mix them
(re-use the same IDs for both template types).
During development, the search for the correct template was refactored.
The templates are not pased into the V9DataFlowSet any more. Only the
one single matching template is passed into V9DataFlowSet and
V9OptionsDataFlowset, as should be.
Refs #30
This is a hacky workaround to handle V9 options templates, without
implementing the full corresponding spec. This solves missing templates
which raise a V9TemplateNotRecognized exception, even though an exporter
might do everything correctly.
Refs #29
Refs #30
The parse_packet function is one of the main functions for usage of this
library in other scripts. It works, but was under-documented until now.
Especially the 'templates' parameter might lead to confusions for new
users who have not yet worked with templates. This commit should make
things clearer.
Refs #28
Signals INT and TERM were not correctly handled in the 'while True' loop
of the yielding listener function. Now, the loop breaks as expected,
terminating the listener thread and the application.
This commit replaces multiple occurences of new features which were not
yet implemented with Python 3.5.3, which is the reference backwards
compatibility version for this package. The version is based on the
current Python version in Debian Stretch (oldstable). According to
pkgs.org, all other distros use 3.6+, so 3.5.3 is the lower boundary.
Changes:
* Add maxsize argument to functools.lru_cache decorator
* Replace f"" with .format()
* Replace variable type hints "var: type = val" with "# type:" comments
* Replace pstats.SortKey enum with strings in performance tests
Additionally, various styling fixes were applied.
The version compatibility was tested with tox, pyenv and Python 3.5.3,
but there is no tox.ini yet which automates this test.
Bump patch version number to 0.10.3
Update author's email address.
Resolves#27
Templates may be withdrawn as per RFC7011. Receiving a template with an
existing template_id and a field_count of 0 now triggers deletion of
this template.
Parts of the IPFIXFieldTypes class were extracted into the new
IPFIXDataTypes class, to increase readability and stability.
The IPFIXDataRecord class and its field parser is now more in tune with
the specifications, handling signed and unsigned, as well as float,
boolean and UTF8 strings etc.
Corresponding tests were extended with softflowd packets (level
"ethernet") and value checks (e.g. MAC address).
Resolves#25
