* fix, pre_tag_map: ntohs() and ntohl() missing in vlan, post_cvlan and

  mpls_pw_id handlers. Thanks to Rene Stoutjesdijk for his support.
* Updated docs.

examples/pretag.map.example

@@ -58,8 +58,10 @@
 !                       in sfacctd this is compared against the AgentId field
 !                       of received sFlow samples. Expected argument are an IP
 !			address or prefix (ie. XXX.XXX.XXX.XXX/NN) 
-! 'in'  		MATCH: Input interface 
-! 'out' 		MATCH: Output interface 
+! 'in'  		MATCH: Input interface. In NFv9/IPFIX this is compared
+!			against IE #10 and, if not existing, against IE #252.  
+! 'out' 		MATCH: Output interface. In NFv9/IPFIX this is compared
+!			against IE #14 and, if not existing, against IE #253. 
 ! 'engine_type'		MATCH: in NFv5 this is compared against the 'engine_type'
 !			header field. In NFv9 it's compared against the 3rd octet
 !			of the 'source_id' header field. Provides uniqueness with
@@ -71,11 +73,13 @@
 !			device.
 ! 'flowset_id'		MATCH: In NFv9/IPFIX this is compared against the flowset
 !			ID field of the flowset header.
-! 'nexthop'		MATCH: IPv4/IPv6 address of the next-hop router
+! 'nexthop'		MATCH: IPv4/IPv6 address of the next-hop router. In NFv9/
+!			IPFIX this is compared against IE #15.
 ! 'bgp_nexthop'		MATCH: IPv4/IPv6 address of the next-hop BGP router. In
 !			MPLS-enabled networks this can be also matched against top
 !			label address where available (ie. egress NetFlow v9/IPFIX
-!			exports).
+!			exports). In NFv9/IPFIX this is compared against IE #18
+!			for IPv4 and IE #62 for IPv6.
 ! 'filter'		MATCH: incoming packets are mateched against the supplied
 !			filter expression (expected in libpcap syntax); the filter
 !			needs to be enclosed in quotes ('). 
@@ -137,10 +141,11 @@
 !                       IE #57, in sFlow against destination MAC address field
 !			part of the Extended Switch object.
 ! 'vlan'		MATCH: In NetFlow v9 and IPFIX this is compared against
-!			IE #58, in sFlow against in/out VLAN ID fields part of
-!			the Extended Switch object.
-! 'cvlan'               MATCH: In NetFlow v9 and IPFIX this is compared against
-!                       IE #245.
+!			IE #58 and, if not existing, against IE #242, in sFlow
+!			against in/out VLAN ID fields part of the Extended Switch
+!			object.
+! 'post_cvlan'          MATCH: In NetFlow v9 and IPFIX this is compared against
+!                       IE #255.
 ! 'label'		SET: Mark the rule with label's value. Labels don't need
 !			to be unique: when jumping, the first matching label wins.
 !			Label value 'next' is reserved for internal use and

src/nfacctd.h

@@ -538,13 +538,13 @@ struct data_hdr_v9 {
 /* ... */
 #define NF9_DOT1QVLANID			243
 #define NF9_DOT1QPRIORITY		244
-#define NF9_DOT1QCVLANID		245
 /* ... */
 #define NF9_PSEUDOWIREID		249
 /* ... */
 #define NF9_INPUT_PHYSINT		252
 #define NF9_OUTPUT_PHYSINT		253
 /* ... */
+#define NF9_POST_DOT1QCVLANID		255
 #define NF9_ETHERTYPE			256
 /* ... */
 #define NF9_OBSERVATION_TIME_SEC	322

src/pmacct-build.h

@@ -1 +1 @@
-#define PMACCT_BUILD	"20150129-00"
+#define PMACCT_BUILD	"20150130-00"

src/pretag-data.h

@@ -49,7 +49,7 @@ const struct _map_dictionary_line tag_map_dictionary[] = {
   {"src_mac", PT_map_src_mac_handler},
   {"dst_mac", PT_map_dst_mac_handler},
   {"vlan", PT_map_vlan_id_handler},
-  {"cvlan", PT_map_cvlan_id_handler},
+  {"post_cvlan", PT_map_post_cvlan_id_handler},
   {"set_tag", PT_map_id_handler},
   {"set_tag2", PT_map_id2_handler},
   {"set_label", PT_map_label_handler},
@@ -76,7 +76,7 @@ const struct _map_index_dictionary_line tag_map_index_entries_dictionary[] = {
   {PRETAG_SRC_MAC, PT_map_index_entries_src_mac_handler},
   {PRETAG_DST_MAC, PT_map_index_entries_dst_mac_handler},
   {PRETAG_VLAN_ID, PT_map_index_entries_vlan_id_handler},
-  {PRETAG_CVLAN_ID, PT_map_index_entries_cvlan_id_handler},
+  {PRETAG_CVLAN_ID, PT_map_index_entries_post_cvlan_id_handler},
   {0, NULL}
 };
 
@@ -95,7 +95,7 @@ const struct _map_index_dictionary_line tag_map_index_fdata_dictionary[] = {
   {PRETAG_SRC_MAC, PT_map_index_fdata_src_mac_handler},
   {PRETAG_DST_MAC, PT_map_index_fdata_dst_mac_handler},
   {PRETAG_VLAN_ID, PT_map_index_fdata_vlan_id_handler},
-  {PRETAG_CVLAN_ID, PT_map_index_fdata_cvlan_id_handler},
+  {PRETAG_CVLAN_ID, PT_map_index_fdata_post_cvlan_id_handler},
   {0, NULL}
 };
 

src/pretag.h

@@ -166,7 +166,7 @@ struct id_entry {
   pt_etheraddr_t src_mac;
   pt_etheraddr_t dst_mac;
   pt_uint16_t vlan_id;
-  pt_uint16_t cvlan_id;
+  pt_uint16_t post_cvlan_id;
   s_uint8_t set_tos;
   s_uint16_t lookup_bgp_port;
   char *src_comms[16]; /* XXX: MAX_BGP_COMM_PATTERNS = 16 */

src/pretag_handlers.c

@@ -1076,27 +1076,27 @@ int PT_map_vlan_id_handler(char *filename, struct id_entry *e, char *value, stru
   return FALSE;
 }
 
-int PT_map_cvlan_id_handler(char *filename, struct id_entry *e, char *value, struct plugin_requests *req, int acct_type)
+int PT_map_post_cvlan_id_handler(char *filename, struct id_entry *e, char *value, struct plugin_requests *req, int acct_type)
 {
   int tmp, x = 0;
 
-  e->cvlan_id.neg = pt_check_neg(&value, &((struct id_table *) req->key_value_table)->flags);
+  e->post_cvlan_id.neg = pt_check_neg(&value, &((struct id_table *) req->key_value_table)->flags);
 
   tmp = atoi(value);
   if (tmp < 0 || tmp > 4096) {
-    Log(LOG_ERR, "ERROR ( %s ): 'cvlan' need to be in the following range: 0 > value > 4096. ", filename);
+    Log(LOG_ERR, "ERROR ( %s ): 'post_cvlan' need to be in the following range: 0 > value > 4096. ", filename);
     return TRUE;
   }
-  e->cvlan_id.n = tmp;
+  e->post_cvlan_id.n = tmp;
 
   for (x = 0; e->func[x]; x++) {
     if (e->func_type[x] == PRETAG_CVLAN_ID) {
-      Log(LOG_ERR, "ERROR ( %s ): Multiple 'cvlan' clauses part of the same statement. ", filename);
+      Log(LOG_ERR, "ERROR ( %s ): Multiple 'post_cvlan' clauses part of the same statement. ", filename);
       return TRUE;
     }
   }
 
-  if (config.acct_type == ACCT_NF) e->func[x] = pretag_cvlan_id_handler;
+  if (config.acct_type == ACCT_NF) e->func[x] = pretag_post_cvlan_id_handler;
   /* else if (config.acct_type == ACCT_SF) e->func[x] = SF_pretag_vlan_id_handler; */
   if (e->func[x]) e->func_type[x] = PRETAG_CVLAN_ID;
 
@@ -1940,15 +1940,17 @@ int pretag_mpls_pw_id_handler(struct packet_ptrs *pptrs, void *unused, void *e)
   struct id_entry *entry = e;
   struct struct_header_v8 *hdr = (struct struct_header_v8 *) pptrs->f_header;
   struct template_cache_entry *tpl = (struct template_cache_entry *) pptrs->f_tpl;
+  u_int32_t tmp32 = 0, mpls_pw_id = 0;;
 
   switch (hdr->version) {
   case 10:
   case 9:
     if (tpl->tpl[NF9_PSEUDOWIREID].len) {
-      if (!memcmp(&entry->mpls_pw_id.n, pptrs->f_data+tpl->tpl[NF9_PSEUDOWIREID].off, 4))
-        return (FALSE | entry->mpls_pw_id.neg);
-      else return (TRUE ^ entry->mpls_pw_id.neg);
-    }
+      memcpy(&tmp32, pptrs->f_data+tpl->tpl[NF9_PSEUDOWIREID].off, 4);
+      mpls_pw_id = ntohl(tmp32);
+    } 
+    if (entry->mpls_pw_id.n == mpls_pw_id) return (FALSE | entry->mpls_pw_id.neg);
+    else return (TRUE ^ entry->mpls_pw_id.neg);
   default:
     return TRUE; /* this field does not exist: condition is always true */
   }
@@ -1997,39 +1999,41 @@ int pretag_vlan_id_handler(struct packet_ptrs *pptrs, void *unused, void *e)
   struct id_entry *entry = e;
   struct struct_header_v8 *hdr = (struct struct_header_v8 *) pptrs->f_header;
   struct template_cache_entry *tpl = (struct template_cache_entry *) pptrs->f_tpl;
-  u_int16_t vlan_id = 0;
+  u_int16_t tmp16 = 0, vlan_id = 0;
 
   switch (hdr->version) {
   case 10:
   case 9:
     if (tpl->tpl[NF9_IN_VLAN].len) {
-      memcpy(&vlan_id, pptrs->f_data+tpl->tpl[NF9_IN_VLAN].off, MIN(tpl->tpl[NF9_IN_VLAN].len, 2));
+      memcpy(&tmp16, pptrs->f_data+tpl->tpl[NF9_IN_VLAN].off, MIN(tpl->tpl[NF9_IN_VLAN].len, 2));
     }
     else if (tpl->tpl[NF9_DOT1QVLANID].len) {
-      memcpy(&vlan_id, pptrs->f_data+tpl->tpl[NF9_DOT1QVLANID].off, MIN(tpl->tpl[NF9_DOT1QVLANID].len, 2));
+      memcpy(&tmp16, pptrs->f_data+tpl->tpl[NF9_DOT1QVLANID].off, MIN(tpl->tpl[NF9_DOT1QVLANID].len, 2));
     }
+    vlan_id = ntohs(tmp16);
     if (entry->vlan_id.n == vlan_id) return (FALSE | entry->vlan_id.neg);
     else return (TRUE ^ entry->vlan_id.neg);
   default:
     return TRUE; /* this field does not exist: condition is always true */
   }
 }
 
-int pretag_cvlan_id_handler(struct packet_ptrs *pptrs, void *unused, void *e)
+int pretag_post_cvlan_id_handler(struct packet_ptrs *pptrs, void *unused, void *e)
 {
   struct id_entry *entry = e;
   struct struct_header_v8 *hdr = (struct struct_header_v8 *) pptrs->f_header;
   struct template_cache_entry *tpl = (struct template_cache_entry *) pptrs->f_tpl;
-  u_int16_t cvlan_id = 0;
+  u_int16_t tmp16 = 0, post_cvlan_id = 0;
 
   switch (hdr->version) {
   case 10:
   case 9:
-    if (tpl->tpl[NF9_DOT1QCVLANID].len) {
-      memcpy(&cvlan_id, pptrs->f_data+tpl->tpl[NF9_DOT1QCVLANID].off, MIN(tpl->tpl[NF9_DOT1QCVLANID].len, 2));
+    if (tpl->tpl[NF9_POST_DOT1QCVLANID].len) {
+      memcpy(&tmp16, pptrs->f_data+tpl->tpl[NF9_POST_DOT1QCVLANID].off, MIN(tpl->tpl[NF9_POST_DOT1QCVLANID].len, 2));
     }
-    if (entry->cvlan_id.n == cvlan_id) return (FALSE | entry->cvlan_id.neg);
-    else return (TRUE ^ entry->cvlan_id.neg);
+    post_cvlan_id = ntohs(tmp16);
+    if (entry->post_cvlan_id.n == post_cvlan_id) return (FALSE | entry->post_cvlan_id.neg);
+    else return (TRUE ^ entry->post_cvlan_id.neg);
   default:
     return TRUE; /* this field does not exist: condition is always true */
   }
@@ -2817,13 +2821,13 @@ int PT_map_index_entries_vlan_id_handler(struct id_entry *e, void *src)
   return FALSE;
 }
 
-int PT_map_index_entries_cvlan_id_handler(struct id_entry *e, void *src)
+int PT_map_index_entries_post_cvlan_id_handler(struct id_entry *e, void *src)
 {
   struct id_entry *src_e = (struct id_entry *) src;
 
   if (!e || !src_e) return TRUE;
 
-  memcpy(&e->cvlan_id, &src_e->cvlan_id, sizeof(pt_uint16_t));
+  memcpy(&e->post_cvlan_id, &src_e->post_cvlan_id, sizeof(pt_uint16_t));
 
   return FALSE;
 }
@@ -3268,13 +3272,15 @@ int PT_map_index_fdata_mpls_pw_id_handler(struct id_entry *e, void *src)
   struct struct_header_v8 *hdr = (struct struct_header_v8 *) pptrs->f_header;
   struct template_cache_entry *tpl = (struct template_cache_entry *) pptrs->f_tpl;
   SFSample *sample = (SFSample *) pptrs->f_data;
+  u_int32_t tmp32 = 0;
 
   if (config.acct_type == ACCT_NF) {
     switch (hdr->version) {
     case 10:
     case 9:
       if (tpl->tpl[NF9_PSEUDOWIREID].len) {
-        memcpy(&e->mpls_pw_id.n, pptrs->f_data+tpl->tpl[NF9_PSEUDOWIREID].off, 4);
+        memcpy(&tmp32, pptrs->f_data+tpl->tpl[NF9_PSEUDOWIREID].off, 4);
+	e->mpls_pw_id.n = ntohl(tmp32);
       }
     }
   }
@@ -3364,17 +3370,19 @@ int PT_map_index_fdata_vlan_id_handler(struct id_entry *e, void *src)
   struct struct_header_v8 *hdr = (struct struct_header_v8 *) pptrs->f_header;
   struct template_cache_entry *tpl = (struct template_cache_entry *) pptrs->f_tpl;
   SFSample *sample = (SFSample *) pptrs->f_data;
+  u_int16_t tmp16 = 0;
 
   if (config.acct_type == ACCT_NF) {
     switch (hdr->version) {
     case 10:
     case 9:
       if (tpl->tpl[NF9_IN_VLAN].len) {
-        memcpy(&e->vlan_id.n, pptrs->f_data+tpl->tpl[NF9_IN_VLAN].off, MIN(tpl->tpl[NF9_IN_VLAN].len, 2));
+        memcpy(&tmp16, pptrs->f_data+tpl->tpl[NF9_IN_VLAN].off, MIN(tpl->tpl[NF9_IN_VLAN].len, 2));
       }
       else if (tpl->tpl[NF9_DOT1QVLANID].len) {
-        memcpy(&e->vlan_id.n, pptrs->f_data+tpl->tpl[NF9_DOT1QVLANID].off, MIN(tpl->tpl[NF9_DOT1QVLANID].len, 2));
+        memcpy(&tmp16, pptrs->f_data+tpl->tpl[NF9_DOT1QVLANID].off, MIN(tpl->tpl[NF9_DOT1QVLANID].len, 2));
       }
+      e->vlan_id.n = ntohs(tmp16);
     }
   }
   else if (config.acct_type == ACCT_SF) {
@@ -3386,18 +3394,20 @@ int PT_map_index_fdata_vlan_id_handler(struct id_entry *e, void *src)
   return FALSE;
 }
 
-int PT_map_index_fdata_cvlan_id_handler(struct id_entry *e, void *src)
+int PT_map_index_fdata_post_cvlan_id_handler(struct id_entry *e, void *src)
 {
   struct packet_ptrs *pptrs = (struct packet_ptrs *) src;
   struct struct_header_v8 *hdr = (struct struct_header_v8 *) pptrs->f_header;
   struct template_cache_entry *tpl = (struct template_cache_entry *) pptrs->f_tpl;
+  u_int16_t tmp16 = 0;
 
   if (config.acct_type == ACCT_NF) {
     switch (hdr->version) {
     case 10:
     case 9:
-      if (tpl->tpl[NF9_DOT1QCVLANID].len) {
-        memcpy(&e->cvlan_id.n, pptrs->f_data+tpl->tpl[NF9_DOT1QCVLANID].off, MIN(tpl->tpl[NF9_DOT1QCVLANID].len, 2));
+      if (tpl->tpl[NF9_POST_DOT1QCVLANID].len) {
+        memcpy(&tmp16, pptrs->f_data+tpl->tpl[NF9_POST_DOT1QCVLANID].off, MIN(tpl->tpl[NF9_POST_DOT1QCVLANID].len, 2));
+	e->post_cvlan_id.n = ntohs(tmp16);
       }
     }
   }

src/pretag_handlers.h

@@ -56,7 +56,7 @@ EXT int PT_map_mpls_pw_id_handler(char *, struct id_entry *, char *, struct plug
 EXT int PT_map_src_mac_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
 EXT int PT_map_dst_mac_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
 EXT int PT_map_vlan_id_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
-EXT int PT_map_cvlan_id_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
+EXT int PT_map_post_cvlan_id_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
 EXT int PT_map_set_tos_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
 EXT int PT_map_entry_label_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
 EXT int PT_map_jeq_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
@@ -79,7 +79,7 @@ EXT int PT_map_index_entries_mpls_label_bottom_handler(struct id_entry *, void *
 EXT int PT_map_index_entries_src_mac_handler(struct id_entry *, void *); 
 EXT int PT_map_index_entries_dst_mac_handler(struct id_entry *, void *); 
 EXT int PT_map_index_entries_vlan_id_handler(struct id_entry *, void *); 
-EXT int PT_map_index_entries_cvlan_id_handler(struct id_entry *, void *); 
+EXT int PT_map_index_entries_post_cvlan_id_handler(struct id_entry *, void *); 
 EXT int PT_map_index_fdata_ip_handler(struct id_entry *, void *); 
 EXT int PT_map_index_fdata_input_handler(struct id_entry *, void *); 
 EXT int PT_map_index_fdata_output_handler(struct id_entry *, void *); 
@@ -94,7 +94,7 @@ EXT int PT_map_index_fdata_mpls_label_bottom_handler(struct id_entry *, void *);
 EXT int PT_map_index_fdata_src_mac_handler(struct id_entry *, void *); 
 EXT int PT_map_index_fdata_dst_mac_handler(struct id_entry *, void *); 
 EXT int PT_map_index_fdata_vlan_id_handler(struct id_entry *, void *);
-EXT int PT_map_index_fdata_cvlan_id_handler(struct id_entry *, void *);
+EXT int PT_map_index_fdata_post_cvlan_id_handler(struct id_entry *, void *);
 
 /* BPAS_*: bgp_peer_as_src map specific handlers */
 EXT int BPAS_map_bgp_nexthop_handler(char *, struct id_entry *, char *, struct plugin_requests *, int);
@@ -146,7 +146,7 @@ EXT int pretag_mpls_pw_id_handler(struct packet_ptrs *, void *, void *);
 EXT int pretag_src_mac_handler(struct packet_ptrs *, void *, void *);
 EXT int pretag_dst_mac_handler(struct packet_ptrs *, void *, void *);
 EXT int pretag_vlan_id_handler(struct packet_ptrs *, void *, void *);
-EXT int pretag_cvlan_id_handler(struct packet_ptrs *, void *, void *);
+EXT int pretag_post_cvlan_id_handler(struct packet_ptrs *, void *, void *);
 EXT int pretag_set_tos_handler(struct packet_ptrs *, void *, void *);
 
 EXT int SF_pretag_input_handler(struct packet_ptrs *, void *, void *);