[netsa-tools-discuss] SiLK: Extending rwRec stucture from extended template

[B Galliart]

When I enable SILK_IPFIX_PRINT_TEMPLATES, it shows that my IPFIX exporter
is providing bgpSourceAsNumber and bgpDestinationAsNumber but it appears
these values are then discarded.

Anyone have any tips, advice or guide of what needs to be done to extend
SiLK to support these?
>From what I can tell, I will need to extend the rwRec structure to include
these?  Based on how I read the code, at the very least, it looks like I
need to modify libflowsource/skipfix.c and libsilk/rwrec.[ch].  Then, it
seems, I need to update the utilities that I want to act on the new rwRec
methods.  But before I get entrenched in doing all of that, I want to make
sure I wasn't missing a simpler solution.


I also had a feature request: Could the libfixbuf API be updated to provide
options to suppress specific error messages without having to recompile the
library?  For example, if I expect to get an external template from UDP at
least once every 60 seconds then I would like to be able to call an API
function which tells libfixbuf to not generate "Missing external template"
warnings for the first 120 seconds of each new session.  It would also be
nice to have the flexibility to suppress "IPFIX Message out of sequence"
message without recompiling the library.  Possibly with an API function
which provides a callback function for error message handling?  If the
callback is never provided, the library continues to operate as it does
today but otherwise the callback gets to decide how to handle the
warnings.  Ultimately, I would like to be able to leverage the CERT
provided RPM repo without have to modify the spec file and recompile each
time there is an update.


By the way, thanks for the great IPFIX library and utility suite!
-------------- next part --------------
HTML attachment scrubbed and removed