031 readme changes (#63)

mikemiles-dev · mikemiles-dev · web-flow · commit 1909b0e64581 · 2024-05-27T16:15:25.000-05:00
* Fixed readme changes

* Cargo bumo

---------

Co-authored-by: mikemiles-dev &lt;michaelmileusnich@Michaels-MacBook-Air-2.local&gt;
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "netflow_parser"
 description = "Parser for Netflow Cisco V5, V7, V9, IPFIX"
-version = "0.3.1"
+version = "0.3.2"
 edition = "2021"
 author = "michael.mileusnich@gmail.com"
 license = "MIT OR Apache-2.0"
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ println!("{}", json!(NetflowParser::default().parse_bytes(&v5_packet)).to_string
 ## Output:
 
 ```json
-[{"V5":{"body":{"d_octets":66051,"d_pkts":101124105,"dst_addr":"4.5.6.7","dst_as":515,"dst_mask":5,"dst_port":1029,"first":67438087,"input":515,"last":134807553,"next_hop":"8.9.0.1","output":1029,"pad1":6,"pad2":1543,"protocol":"EGP","src_addr":"0.1.2.3","src_as":1,"src_mask":4,"src_port":515,"tcp_flags":7,"tos":9},"header":{"count":512,"engine_id":7,"engine_type":6,"flow_sequence":33752069,"sampling_interval":2057,"sys_up_time":50332672,"unix_nsecs":134807553,"unix_secs":83887623,"unix_time":{"nanos_since_epoch":134807553,"secs_since_epoch":83887623},"version":5}}}]
+[{"V5":{"header":{"count":1,"engine_id":7,"engine_type":6,"flow_sequence":33752069,"sampling_interval":2057,"sys_up_time":{"nanos":672000000,"secs":50332},"unix_nsecs":134807553,"unix_secs":83887623,"version":5},"sets":[{"d_octets":66051,"d_pkts":101124105,"dst_addr":"4.5.6.7","dst_as":515,"dst_mask":5,"dst_port":1029,"first":{"nanos":87000000,"secs":67438},"input":515,"last":{"nanos":553000000,"secs":134807},"next_hop":"8.9.0.1","output":1029,"pad1":6,"pad2":1543,"protocol_number":8,"protocol_type":"Egp","src_addr":"0.1.2.3","src_as":1,"src_mask":4,"src_port":515,"tcp_flags":7,"tos":9}]}}]
 ```
 
 ## Filtering for a specific version
@@ -63,8 +63,8 @@ To access templates flowset of a processed V9/IPFix flowset you can find the `fl
 
 ## Features
 
-* unix_timestamp - Current count since 0000 UTC 1970 as Duration.
-* parse_unknown_fields - By default fields not listed in the netflow_parser library will not be parsed and an error is thrown for the packet.  When set to true the field will be parsed as a vector of bytes.
+* unix_timestamp - When enabled a field `unix_time` is provided that uses the flow unix time as a count since 0000 UTC 1970 as Duration.
+* parse_unknown_fields - When enabled fields not listed in this library will attempt to be parsed as a Vec of bytes and the field_number listed.  When disabled an error is thrown when attempting to parse those fields.  Enabled by default.
 
 ## Examples
 
diff --git a/RELEASES.md b/RELEASES.md
@@ -1,3 +1,6 @@
+# 0.3.2
+ * Readme changes
+
 # 0.3.1
   * Added 0 length check when parsing template lengths.
 
diff --git a/src/lib.rs b/src/lib.rs
@@ -61,8 +61,8 @@
 //!
 //! ## Features
 //!
-//! * unix_timestamp - Current count since 0000 UTC 1970 as Duration.
-//! * parse_unknown_fields - By default fields not listed in the netflow_parser library will not be parsed and an error is thrown for the packet.  When set to true the field will be parsed as a vector of bytes.
+//! * unix_timestamp - When enabled a field `unix_time` is provided that uses the flow unix time as a count since 0000 UTC 1970 as Duration.
+//! * parse_unknown_fields - When enabled fields not listed in this library will attempt to be parsed as a Vec of bytes and the field_number listed.  When disabled an error is thrown when attempting to parse those fields.  Enabled by default.
 //!
 //! ## Examples
 //! Some examples has been included mainly for those who want to use this parser to read from a Socket and parse netflow.  In those cases with V9/IPFix it is best to create a new parser for each router.  There are both single threaded and multi-threaded examples in the examples directory.
@@ -150,7 +150,7 @@ impl NetflowParser {
     /// ## Output:
     ///
     /// ```json
-    /// [{"V5":{"body":{"d_octets":66051,"d_pkts":101124105,"dst_addr":"4.5.6.7","dst_as":515,"dst_mask":5,"dst_port":1029,"first":67438087,"input":515,"last":134807553,"next_hop":"8.9.0.1","output":1029,"pad1":6,"pad2":1543,"protocol":"EGP","src_addr":"0.1.2.3","src_as":1,"src_mask":4,"src_port":515,"tcp_flags":7,"tos":9},"header":{"count":512,"engine_id":7,"engine_type":6,"flow_sequence":33752069,"sampling_interval":2057,"sys_up_time":50332672,"unix_nsecs":134807553,"unix_secs":83887623,"unix_time":{"nanos_since_epoch":134807553,"secs_since_epoch":83887623},"version":5}}}]
+    /// [{"V5":{"header":{"count":1,"engine_id":7,"engine_type":6,"flow_sequence":33752069,"sampling_interval":2057,"sys_up_time":{"nanos":672000000,"secs":50332},"unix_nsecs":134807553,"unix_secs":83887623,"version":5},"sets":[{"d_octets":66051,"d_pkts":101124105,"dst_addr":"4.5.6.7","dst_as":515,"dst_mask":5,"dst_port":1029,"first":{"nanos":87000000,"secs":67438},"input":515,"last":{"nanos":553000000,"secs":134807},"next_hop":"8.9.0.1","output":1029,"pad1":6,"pad2":1543,"protocol_number":8,"protocol_type":"Egp","src_addr":"0.1.2.3","src_as":1,"src_mask":4,"src_port":515,"tcp_flags":7,"tos":9}]}}]
     /// ```
     ///
     #[inline]
diff --git a/src/variable_versions/v9.rs b/src/variable_versions/v9.rs
@@ -265,6 +265,34 @@ pub struct Data {
     pub data_fields: Vec<BTreeMap<V9Field, FieldValue>>,
 }
 
+#[derive(Debug, PartialEq, Clone, Serialize, Nom)]
+#[nom(ExtraArgs(field: &TemplateField))]
+pub struct OptionDataField {
+    #[nom(Value(field.field_type))]
+    pub field_type: V9Field,
+    #[nom(Map = "|i: &[u8]| i.to_vec()", Take = "field.field_length")]
+    pub field_value: Vec<u8>,
+}
+
+impl Template {
+    fn get_total_size(&self) -> u16 {
+        self.fields.iter().fold(0, |acc, i| acc + i.field_length)
+    }
+}
+
+impl FlowSet {
+    fn is_unparsed(&self) -> bool {
+        self.body.templates.is_none()
+            && self.body.options_templates.is_none()
+            && self.body.data.is_none()
+            && self.body.options_data.is_none()
+    }
+
+    fn is_empty(&self) -> bool {
+        self.header.length == 0
+    }
+}
+
 // Custom parse set body function to take only length provided by set header.
 fn parse_set_body<'a>(
     i: &'a [u8],
@@ -312,34 +340,6 @@ fn parse_flowsets<'a>(
     Ok((remaining, flowsets))
 }
 
-#[derive(Debug, PartialEq, Clone, Serialize, Nom)]
-#[nom(ExtraArgs(field: &TemplateField))]
-pub struct OptionDataField {
-    #[nom(Value(field.field_type))]
-    pub field_type: V9Field,
-    #[nom(Map = "|i: &[u8]| i.to_vec()", Take = "field.field_length")]
-    pub field_value: Vec<u8>,
-}
-
-impl Template {
-    fn get_total_size(&self) -> u16 {
-        self.fields.iter().fold(0, |acc, i| acc + i.field_length)
-    }
-}
-
-impl FlowSet {
-    fn is_unparsed(&self) -> bool {
-        self.body.templates.is_none()
-            && self.body.options_templates.is_none()
-            && self.body.data.is_none()
-            && self.body.options_data.is_none()
-    }
-
-    fn is_empty(&self) -> bool {
-        self.header.length == 0
-    }
-}
-
 fn parse_options_template_vec(i: &[u8]) -> IResult<&[u8], Vec<OptionsTemplate>> {
     let mut fields = vec![];
     let mut remaining = i;

-Original file line number
+Diff line change
@@ @@ -1,3 +1,6 @@ @@
 +# 0.3.2
 + * Readme changes
++
 # 0.3.1
   * Added 0 length check when parsing template lengths.