ng_netflow patch for AS filling
Alexander V. Chernikov
melifaro at FreeBSD.org
Tue Mar 26 10:47:38 UTC 2013
On 26.03.2013 14:14, Stas Timokhin wrote:
> Hello !
Hello.
>
>
>
> Patch for injecting information network->as_number from extrernal
> sources (RIPE database, for example) into kernel and filling src and dst
> AS-number in Netflow v5 datagrams.
>
>
>
> http://www.stasyan.com/devel/ng_netflow/patch_ngnetflow_asnum.txt
It is better to attach patches in ML to make it easier for others to
comment :)
+ o1=(htonl(rec->src_addr)>>24)&0xFF;
+ o2=(htonl(rec->src_addr)>>16)&0xFF;
+ o3=(htonl(rec->src_addr)>>8)&0xFF;
+ o4=(htonl(rec->src_addr))&0xFF;
+ a1=GetAsnumber(aaa,o1,o2,o3,o4);
Why do you need o* here?
Why not using in_addr in GetAsnumber()?
Why you are using 255 as multiplier ?
MALLOC(asn[255*i1+i2].ptr_low,struct ascelllow*, sizeof(struct
ascelllow),M_NETFLOW_HASH,M_NOWAIT);
^^ malloc() with M_WAITOK can be used here.
+ u_int8_t masklen;
+ u_int16_t asnum;
+};
You should support at least loading 32-bit ASNs (and convert them to
23456 for v5 export).
+ case NGM_NETFLOW_DELETENETFROMAS:
+ {
+ break;
+ }
You should probably support deleting prefixes :)
+struct ascellhigh {
+ struct ascelllow* ptr_low;
+};
Do we need another layer here?
While v5 export supports IPv4 and 2-byte ASNs only it is probably much
better to include IPv6 support at least in NGM_ messages ( like
ng_ksocket do ).
>
>
>
> Example of converted RIPE-database for it:
>
> http://www.stasyan.com/devel/ng_netflow/ripe_201303.ng
>
>
>
> This patch made for FreeBSD 10.x-current for state at 26.02.2013.
>
>
>
>
>
--
WBR, Alexander
More information about the freebsd-net
mailing list