lib/Data/ParseBinary/Data/Netflow.pm


            
              1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
—
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
              package Data::ParseBinary::Data::Netflow;
use strict;
use warnings;
use Data::ParseBinary;
our $netflow_v5_parser = Struct("nfv5_header",
        Const(UBInt16("version"), 5),
        UBInt16("count"),
        UBInt32("sys_uptime"),
        UBInt32("unix_secs"),
        UBInt32("unix_nsecs"),
        UBInt32("flow_seq"),
        UBInt8("engine_type"),
        UBInt8("engine_id"),
        Padding(2),
        Array(sub { $_->ctx->{count} },
                Struct("nfv5_record",
                        Data::ParseBinary::lib::DataNetflow::IPAddr->create(
                                UBInt32("src_addr")
                        ),
                        Data::ParseBinary::lib::DataNetflow::IPAddr->create(
                                UBInt32("dst_addr")
                        ),
                        Data::ParseBinary::lib::DataNetflow::IPAddr->create(
                        UBInt32("next_hop")
                        ),
                        UBInt16("i_ifx"),
                        UBInt16("o_ifx"),
                        UBInt32("packets"),
                        UBInt32("octets"),
                        UBInt32("first"),
                        UBInt32("last"),
                        UBInt16("s_port"),
                        UBInt16("d_port"),
                        Padding(1),
                        UBInt8("flags"),
                        UBInt8("prot"),
                        UBInt8("tos"),
                        UBInt16("src_as"),
                        UBInt16("dst_as"),
                        UBInt8("src_mask"),
                        UBInt8("dst_mask"),
                        UBInt16("unused2")),
        ),
);
require Exporter;
our @ISA = qw(Exporter);
our @EXPORT = qw($netflow_v5_parser);
package Data::ParseBinary::lib::DataNetflow::IPAddr;
use Socket qw(inet_ntoa inet_aton);
our @ISA;
BEGIN { @ISA = qw{Data::ParseBinary::Adapter}; }
sub _decode {
        my ($self, $value) = @_;
        return inet_ntoa(pack('N',$value));
}
sub _encode {
        my ($self, $value) = @_;
        return sprintf("%d", unpack('N',inet_aton($value)));
}
1;
=head1 NAME
Data::ParseBinary::Data::Netflow - Parsing Netflow PDU binary structures
=head1 SYNOPSIS
    use Data::ParseBinary::Data::Netflow qw($netflow_v5_parser);
    $data = $netflow_v5_parser->parse(CreateStreamReader(File => $fh));
    # If file contain multiple flows, parse them till EOF
    while () {
        last if eof($fh);
        $data = $netflow_v5_parser->parse(CreateStreamReader(File => $fh));
    }   
=head1 CAVEAT
As for this moment version 5 format is supported only.
Read files only in network byte order (BE).
This is a part of the Data::ParseBinary package, and is just one ready-made parser.
please go to the main page for additional usage info.
=cut

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)