Added src_mac and dst_mac to NetflowCommonFlowSet to help identify devices on V9, IPFix. (#87)

mikemiles-dev · mikemiles-dev · web-flow · commit 963a14d90f86 · 2024-09-22T23:15:51.000-05:00
* Added `src_mac` and `dst_mac` to NetflowCommonFlowSet to help identify devices on V9, IPFix

---------

Co-authored-by: mikemiles-dev &lt;michaelmileusnich@Michaels-MacBook-Air-2.local&gt;
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "netflow_parser"
 description = "Parser for Netflow Cisco V5, V7, V9, IPFIX"
-version = "0.4.6"
+version = "0.4.7"
 edition = "2021"
 author = "michael.mileusnich@gmail.com"
 license = "MIT OR Apache-2.0"
diff --git a/README.md b/README.md
@@ -76,6 +76,8 @@ struct NetflowCommonFlowSet {
     protocol_type: Option<ProtocolTypes>,
     first_seen: Option<u32>,
     last_seen: Option<u32>,
+    src_mac: Option<String>,
+    dst_mac: Option<String>,
 }
 ```
 
diff --git a/RELEASES.md b/RELEASES.md
@@ -1,3 +1,6 @@
+# 0.4.7
+* Added `src_mac` and `dst_mac` to NetflowCommonFlowSet to help identify devices on V9, IPFix.
+
 # 0.4.6
 * Added `NetflowParser` function `parse_bytes_as_netflow_common_flowsets`.  Will allow the caller
   to gather all flowsets from all `NetflowPacket` into a single `Vec` of `NetflowCommonFlowSet`.
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,6 +4,7 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 0.4.7   | :white_check_mark: |
 | 0.4.6   | :white_check_mark: |
 | 0.4.5   | :white_check_mark: |
 | 0.4.4   | :white_check_mark: |
diff --git a/src/lib.rs b/src/lib.rs
@@ -76,6 +76,8 @@
 //!     protocol_type: Option<ProtocolTypes>,
 //!     first_seen: Option<u32>,
 //!     last_seen: Option<u32>,
+//!     src_mac: Option<String>,
+//!     dst_mac: Option<String>,
 //! }
 //! ```
 //!
diff --git a/src/netflow_common.rs b/src/netflow_common.rs
@@ -55,6 +55,10 @@ pub struct NetflowCommonFlowSet {
     pub first_seen: Option<u32>,
     /// Duration of the flow last
     pub last_seen: Option<u32>,
+    /// Source MAC address
+    pub src_mac: Option<String>,
+    /// Destination MAC address
+    pub dst_mac: Option<String>,
 }
 
 impl From<&V5> for NetflowCommon {
@@ -75,6 +79,8 @@ impl From<&V5> for NetflowCommon {
                     protocol_type: Some(set.protocol_type),
                     first_seen: Some(set.first),
                     last_seen: Some(set.last),
+                    src_mac: None,
+                    dst_mac: None,
                 })
                 .collect(),
         }
@@ -99,6 +105,8 @@ impl From<&V7> for NetflowCommon {
                     protocol_type: Some(set.protocol_type),
                     first_seen: Some(set.first),
                     last_seen: Some(set.last),
+                    src_mac: None,
+                    dst_mac: None,
                 })
                 .collect(),
         }
@@ -144,6 +152,12 @@ impl From<&V9> for NetflowCommon {
                         last_seen: value_map
                             .get(&V9Field::LastSwitched)
                             .and_then(|v| v.try_into().ok()),
+                        src_mac: value_map
+                            .get(&V9Field::InSrcMac)
+                            .and_then(|v| v.try_into().ok()),
+                        dst_mac: value_map
+                            .get(&V9Field::InDstMac)
+                            .and_then(|v| v.try_into().ok()),
                     });
                 }
             }
@@ -199,6 +213,12 @@ impl From<&IPFix> for NetflowCommon {
                         last_seen: value_map
                             .get(&IPFixField::FlowEndSysUpTime)
                             .and_then(|v| v.try_into().ok()),
+                        src_mac: value_map
+                            .get(&IPFixField::SourceMacaddress)
+                            .and_then(|v| v.try_into().ok()),
+                        dst_mac: value_map
+                            .get(&IPFixField::DestinationMacaddress)
+                            .and_then(|v| v.try_into().ok()),
                     });
                 }
             }
@@ -412,6 +432,20 @@ mod common_tests {
                                     FieldValue::DataNumber(DataNumber::U32(200)),
                                 ),
                             ),
+                            (
+                                7,
+                                (
+                                    V9Field::InSrcMac,
+                                    FieldValue::MacAddr("00:00:00:00:00:01".to_string()),
+                                ),
+                            ),
+                            (
+                                8,
+                                (
+                                    V9Field::InDstMac,
+                                    FieldValue::MacAddr("00:00:00:00:00:02".to_string()),
+                                ),
+                            ),
                         ])],
                     }),
                 },
@@ -440,6 +474,8 @@ mod common_tests {
         );
         assert_eq!(flowset.first_seen.unwrap(), 100);
         assert_eq!(flowset.last_seen.unwrap(), 200);
+        assert_eq!(flowset.src_mac.as_ref().unwrap(), "00:00:00:00:00:01");
+        assert_eq!(flowset.dst_mac.as_ref().unwrap(), "00:00:00:00:00:02");
     }
 
     #[test]
@@ -513,6 +549,20 @@ mod common_tests {
                                     FieldValue::DataNumber(DataNumber::U32(200)),
                                 ),
                             ),
+                            (
+                                7,
+                                (
+                                    IPFixField::SourceMacaddress,
+                                    FieldValue::MacAddr("00:00:00:00:00:01".to_string()),
+                                ),
+                            ),
+                            (
+                                8,
+                                (
+                                    IPFixField::DestinationMacaddress,
+                                    FieldValue::MacAddr("00:00:00:00:00:02".to_string()),
+                                ),
+                            ),
                         ])],
                     }),
                 },
@@ -541,5 +591,7 @@ mod common_tests {
         );
         assert_eq!(flowset.first_seen.unwrap(), 100);
         assert_eq!(flowset.last_seen.unwrap(), 200);
+        assert_eq!(flowset.src_mac.as_ref().unwrap(), "00:00:00:00:00:01");
+        assert_eq!(flowset.dst_mac.as_ref().unwrap(), "00:00:00:00:00:02");
     }
 }
diff --git a/src/variable_versions/data_number.rs b/src/variable_versions/data_number.rs
@@ -281,6 +281,18 @@ pub enum FieldValueError {
     InvalidDataType,
 }
 
+impl TryFrom<&FieldValue> for String {
+    type Error = FieldValueError;
+
+    fn try_from(value: &FieldValue) -> Result<Self, Self::Error> {
+        match value {
+            FieldValue::String(s) => Ok(s.clone()),
+            FieldValue::MacAddr(s) => Ok(s.to_string()),
+            _ => Err(FieldValueError::InvalidDataType),
+        }
+    }
+}
+
 impl TryFrom<&FieldValue> for IpAddr {
     type Error = FieldValueError;
 

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,8 @@ struct NetflowCommonFlowSet {`
`76`	`76`	`protocol_type: Option<ProtocolTypes>,`
`77`	`77`	`first_seen: Option<u32>,`
`78`	`78`	`last_seen: Option<u32>,`
	`79`	`+ src_mac: Option<String>,`
	`80`	`+ dst_mac: Option<String>,`
`79`	`81`	`}`
`80`	`82`	```
`81`	`83`