From 127ca2b9f00e6217e015cc9ccc9289e5b1c7f19f Mon Sep 17 00:00:00 2001 From: GitOldGrumpy Date: Fri, 2 Sep 2022 16:51:49 +0100 Subject: [PATCH] Add support for bidirectional Flow. RFC5103. --- netflow/ipfix.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/netflow/ipfix.py b/netflow/ipfix.py index a0cb6e0..9ac052b 100644 --- a/netflow/ipfix.py +++ b/netflow/ipfix.py @@ -766,7 +766,7 @@ def __init__(self, data, template: List[Union[TemplateField, TemplateFieldEnterp pack = struct.unpack(unpacker, data[0:offset]) # Iterate through template again, but taking the unpacked values this time - for index, ((field_datatype, field_type_id), value) in enumerate(zip(discovered_fields, pack)): + for index, ((field_datatype, field_type_id), value, field) in enumerate(zip(discovered_fields, pack, template)): if type(value) is bytes: # Check if value is raw bytes, so no conversion happened in struct.unpack if field_datatype in ["string"]: @@ -782,7 +782,8 @@ def __init__(self, data, template: List[Union[TemplateField, TemplateFieldEnterp value = int.from_bytes(value, "big") # If not bytes, struct.unpack already did necessary conversions (int, float...), # value can be used as-is. - self.fields.add((field_type_id, value)) + self.fields.add((field_type_id, value, True if type(field) is TemplateFieldEnterprise and + field.enterprise_number == 29305 else False)) self._length = offset self.__dict__.update(self.data) @@ -793,7 +794,7 @@ def get_length(self): @property def data(self): return { - IPFIXFieldTypes.by_id(key)[1]: value for (key, value) in self.fields + IPFIXFieldTypes.by_id(key)[1] + ("_" if biflow else ""): value for (key, value, biflow) in self.fields } def __repr__(self):