Skip to content

Commit

Permalink
Added src_mac and dst_mac to NetflowCommonFlowSet to help identif…
Browse files Browse the repository at this point in the history 
…y devices on V9, IPFix. (#87)

* Added `src_mac` and `dst_mac` to NetflowCommonFlowSet to help identify devices on V9, IPFix

---------

Co-authored-by: mikemiles-dev <michaelmileusnich@Michaels-MacBook-Air-2.local>
  • Loading branch information
@mikemiles-dev
mikemiles-dev and mikemiles-dev authored Sep 23, 2024
1 parent 224fa99 commit 963a14d
Show file tree
Hide file tree
Showing 7 changed files with 73 additions and 1 deletion.
2 changes: 1 addition & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[package]
name = "netflow_parser"
description = "Parser for Netflow Cisco V5, V7, V9, IPFIX"
version = "0.4.6"
version = "0.4.7"
edition = "2021"
author = "michael.mileusnich@gmail.com"
license = "MIT OR Apache-2.0"
Expand Down
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ struct NetflowCommonFlowSet {
protocol_type: Option<ProtocolTypes>,
first_seen: Option<u32>,
last_seen: Option<u32>,
src_mac: Option<String>,
dst_mac: Option<String>,
}
```

Expand Down
3 changes: 3 additions & 0 deletions RELEASES.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# 0.4.7
* Added `src_mac` and `dst_mac` to NetflowCommonFlowSet to help identify devices on V9, IPFix.

# 0.4.6
* Added `NetflowParser` function `parse_bytes_as_netflow_common_flowsets`. Will allow the caller
to gather all flowsets from all `NetflowPacket` into a single `Vec` of `NetflowCommonFlowSet`.
Expand Down
1 change: 1 addition & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

| Version | Supported |
| ------- | ------------------ |
| 0.4.7 | :white_check_mark: |
| 0.4.6 | :white_check_mark: |
| 0.4.5 | :white_check_mark: |
| 0.4.4 | :white_check_mark: |
Expand Down
2 changes: 2 additions & 0 deletions src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@
//! protocol_type: Option<ProtocolTypes>,
//! first_seen: Option<u32>,
//! last_seen: Option<u32>,
//! src_mac: Option<String>,
//! dst_mac: Option<String>,
//! }
//! ```
//!
Expand Down
52 changes: 52 additions & 0 deletions src/netflow_common.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,10 @@ pub struct NetflowCommonFlowSet {
pub first_seen: Option<u32>,
/// Duration of the flow last
pub last_seen: Option<u32>,
/// Source MAC address
pub src_mac: Option<String>,
/// Destination MAC address
pub dst_mac: Option<String>,
}

impl From<&V5> for NetflowCommon {
Expand All @@ -75,6 +79,8 @@ impl From<&V5> for NetflowCommon {
protocol_type: Some(set.protocol_type),
first_seen: Some(set.first),
last_seen: Some(set.last),
src_mac: None,
dst_mac: None,
})
.collect(),
}
Expand All @@ -99,6 +105,8 @@ impl From<&V7> for NetflowCommon {
protocol_type: Some(set.protocol_type),
first_seen: Some(set.first),
last_seen: Some(set.last),
src_mac: None,
dst_mac: None,
})
.collect(),
}
Expand Down Expand Up @@ -144,6 +152,12 @@ impl From<&V9> for NetflowCommon {
last_seen: value_map
.get(&V9Field::LastSwitched)
.and_then(|v| v.try_into().ok()),
src_mac: value_map
.get(&V9Field::InSrcMac)
.and_then(|v| v.try_into().ok()),
dst_mac: value_map
.get(&V9Field::InDstMac)
.and_then(|v| v.try_into().ok()),
});
}
}
Expand Down Expand Up @@ -199,6 +213,12 @@ impl From<&IPFix> for NetflowCommon {
last_seen: value_map
.get(&IPFixField::FlowEndSysUpTime)
.and_then(|v| v.try_into().ok()),
src_mac: value_map
.get(&IPFixField::SourceMacaddress)
.and_then(|v| v.try_into().ok()),
dst_mac: value_map
.get(&IPFixField::DestinationMacaddress)
.and_then(|v| v.try_into().ok()),
});
}
}
Expand Down Expand Up @@ -412,6 +432,20 @@ mod common_tests {
FieldValue::DataNumber(DataNumber::U32(200)),
),
),
(
7,
(
V9Field::InSrcMac,
FieldValue::MacAddr("00:00:00:00:00:01".to_string()),
),
),
(
8,
(
V9Field::InDstMac,
FieldValue::MacAddr("00:00:00:00:00:02".to_string()),
),
),
])],
}),
},
Expand Down Expand Up @@ -440,6 +474,8 @@ mod common_tests {
);
assert_eq!(flowset.first_seen.unwrap(), 100);
assert_eq!(flowset.last_seen.unwrap(), 200);
assert_eq!(flowset.src_mac.as_ref().unwrap(), "00:00:00:00:00:01");
assert_eq!(flowset.dst_mac.as_ref().unwrap(), "00:00:00:00:00:02");
}

#[test]
Expand Down Expand Up @@ -513,6 +549,20 @@ mod common_tests {
FieldValue::DataNumber(DataNumber::U32(200)),
),
),
(
7,
(
IPFixField::SourceMacaddress,
FieldValue::MacAddr("00:00:00:00:00:01".to_string()),
),
),
(
8,
(
IPFixField::DestinationMacaddress,
FieldValue::MacAddr("00:00:00:00:00:02".to_string()),
),
),
])],
}),
},
Expand Down Expand Up @@ -541,5 +591,7 @@ mod common_tests {
);
assert_eq!(flowset.first_seen.unwrap(), 100);
assert_eq!(flowset.last_seen.unwrap(), 200);
assert_eq!(flowset.src_mac.as_ref().unwrap(), "00:00:00:00:00:01");
assert_eq!(flowset.dst_mac.as_ref().unwrap(), "00:00:00:00:00:02");
}
}
12 changes: 12 additions & 0 deletions src/variable_versions/data_number.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,18 @@ pub enum FieldValueError {
InvalidDataType,
}

impl TryFrom<&FieldValue> for String {
type Error = FieldValueError;

fn try_from(value: &FieldValue) -> Result<Self, Self::Error> {
match value {
FieldValue::String(s) => Ok(s.clone()),
FieldValue::MacAddr(s) => Ok(s.to_string()),
_ => Err(FieldValueError::InvalidDataType),
}
}
}

impl TryFrom<&FieldValue> for IpAddr {
type Error = FieldValueError;

Expand Down

0 comments on commit 963a14d

Please sign in to comment.