Unfortunately I can't help you regarding your question about postNAT(Destination|Source)IPv4Address.
Build on ubuntu 16.04 shows me same warnings. Please add an issue on github: https://github.com/phaag/nfdump/issues > On 16 March 2017 at 09:29 Alexander Khokhlov <hohlo...@gmail.com> wrote: > > > when compile i got this warnings? is it normal? > > ipfix.c: In function ‘Process_ipfix_templates’: > ipfix.c:884:10: warning: variable ‘id’ set but not used > [-Wunused-but-set-variable] > uint32_t id, count; > ^ > ipfix.c: In function ‘Process_ipfix_template_withdraw’: > ipfix.c:1068:16: warning: variable ‘count’ set but not used > [-Wunused-but-set-variable] > uint32_t id, count; > ^ > ipfix.c: In function ‘Process_ipfix_option_templates’: > ipfix.c:1146:16: warning: variable ‘length’ set but not used > [-Wunused-but-set-variable] > uint16_t id, length; > ^ > ipfix.c:1145:12: warning: variable ‘enterprise_value’ set but not used > [-Wunused-but-set-variable] > uint32_t enterprise_value; > ^ > ipfix.c:1179:16: warning: variable ‘length’ set but not used > [-Wunused-but-set-variable] > uint16_t id, length; > ^ > ipfix.c:1178:12: warning: variable ‘enterprise_value’ set but not used > [-Wunused-but-set-variable] > uint32_t enterprise_value; > ^ > ipfix.c:1101:69: warning: variable ‘found_std_sampling’ set but not used > [-Wunused-but-set-variable] > uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, > found_std_sampling; > ^ > ipfix.c:1101:39: warning: variable ‘offset_std_sampler_algorithm’ set but > not used [-Wunused-but-set-variable] > uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, > found_std_sampling; > ^ > ipfix.c:1101:10: warning: variable ‘offset_std_sampler_interval’ set but > not used [-Wunused-but-set-variable] > uint16_t offset_std_sampler_interval, offset_std_sampler_algorithm, > found_std_sampling; > ^ > ipfix.c:1100:75: warning: variable ‘found_sampler’ set but not used > [-Wunused-but-set-variable] > uint16_t offset_sampler_id, offset_sampler_mode, offset_sampler_interval, > found_sampler; > ^ > ipfix.c:1100:50: warning: variable ‘offset_sampler_interval’ set but not > used [-Wunused-but-set-variable] > uint16_t offset_sampler_id, offset_sampler_mode, offset_sampler_interval, > found_sampler; > ^ > ipfix.c:1100:29: warning: variable ‘offset_sampler_mode’ set but not used > [-Wunused-but-set-variable] > uint16_t offset_sampler_id, offset_sampler_mode, offset_sampler_interval, > found_sampler; > ^ > ipfix.c:1100:10: warning: variable ‘offset_sampler_id’ set but not used > [-Wunused-but-set-variable] > uint16_t offset_sampler_id, offset_sampler_mode, offset_sampler_interval, > found_sampler; > ^ > ipfix.c:1099:54: warning: variable ‘sampler_id_length’ set but not used > [-Wunused-but-set-variable] > uint16_t id, field_count, scope_field_count, offset, sampler_id_length; > ^ > ipfix.c:1099:46: warning: variable ‘offset’ set but not used > [-Wunused-but-set-variable] > uint16_t id, field_count, scope_field_count, offset, sampler_id_length; > ^ > ipfix.c:1099:10: warning: variable ‘id’ set but not used > [-Wunused-but-set-variable] > uint16_t id, field_count, scope_field_count, offset, sampler_id_length; > ^ > ipfix.c: In function ‘Process_IPFIX’: > ipfix.c:1623:24: warning: variable ‘ObservationDomain’ set but not used > [-Wunused-but-set-variable] > uint32_t ExportTime, ObservationDomain, Sequence, flowset_length; > ^ > ipfix.c:1623:12: warning: variable ‘ExportTime’ set but not used > [-Wunused-but-set-variable] > uint32_t ExportTime, ObservationDomain, Sequence, flowset_length; > > 2017-03-15 16:56 GMT+03:00 Alexander Khokhlov <hohlo...@gmail.com>: > > > Hello! > > > > I have a task to save IP_SRC_ADDR, IP_DST_ADDR, postNATSourceIPv4Address > > and postNATDestinationIPv4Address. These fields are present in tcpdump. In > > the output of nfdump these NAT addresses are missing. Please help to > > solve this problem. > > > > > > > > nfcapd: Version: 1.6.15 > > > > nfcapd -e -z -w -t 60 -l /netflow/test -b 10.0.0.118 -p 9995 -E -T all -B > > 200000 > > > > Process_ipfix: [0] Add template 258 > > > > > > > > After start of nfcapd errors appear > > > > > > > > Process_ipfix: [0] option template length error: size left 20 too small > > for 5 scopes length and 1 options length > > > > > > > > Flow Record: > > > > Flags = 0x06 FLOW, Unsampled > > > > export sysid = 2 > > > > size = 68 > > > > first = 0 [1970-01-01 03:00:00] > > > > last = 0 [1970-01-01 03:00:00] > > > > msec_first = 0 > > > > msec_last = 0 > > > > src addr = 10.0.176.236 > > > > dst addr = 54.194.31.135 > > > > src port = 56428 > > > > dst port = 80 > > > > fwd status = 0 > > > > tcp flags = 0x00 ...... > > > > proto = 6 TCP > > > > (src)tos = 0 > > > > (in)packets = 0 > > > > (in)bytes = 0 > > > > ip router = X.X.X.X > > > > received at = 1489584299366 [2017-03-15 16:24:59.366] > > > > > > > > tcpdump output > > > > > > > > Set 1 [id=2] (Data Template): 258 > > > > FlowSet Id: Data Template (V10 [IPFIX]) (2) > > > > FlowSet Length: 52 > > > > Template (Id = 258, Count = 11) > > > > Template Id: 258 > > > > Field Count: 11 > > > > Field (1/11): observationTimeMilliseconds > > > > Field (2/11): IP_SRC_ADDR > > > > Field (3/11): IP_DST_ADDR > > > > Field (4/11): postNATSourceIPv4Address > > > > Field (5/11): postNATDestinationIPv4Address > > > > Field (6/11): L4_SRC_PORT > > > > Field (7/11): L4_DST_PORT > > > > Field (8/11): postNAPTSourceTransportPort > > > > Field (9/11): postNAPTDestinationTransportPort > > > > Field (10/11): PROTOCOL > > > > Field (11/11): natEvent > > > > > > > > Flow 1 > > > > Observation Time Milliseconds: Mar 6, 2017 15:50:01.892000000 RTZ 2 > > (зима) > > > > SrcAddr: 10.0.166.44 > > > > DstAddr: 104.157.28.150 > > > > Post NAT Source IPv4 Address: X.X.X.X > > > > Post NAT Destination IPv4 Address: 104.157.28.150 > > > > SrcPort: 17043 > > > > DstPort: 22675 > > > > Post NAPT Source Transport Port: 17043 > > > > Post NAPT Destination Transport Port: 22675 > > > > Protocol: UDP (17) > > > > Nat Event: 2 > > > > > > > > nfdump -r nfcapd.201703151624 -o "fmt:%nsa:%nsp => %nda:%ndp" -c 10 > > > > X-late Src IP XsPort X-late Dst IP XdPort > > > > 0.0.0.0: 0 => 0.0.0.0: 0 > > > > 0.0.0.0: 0 => 0.0.0.0: 0 > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! > http://sdm.link/slashdot_______________________________________________ > Nfdump-discuss mailing list > Nfdump-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfdump-discuss ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
