📄 flow-tag.html.in
字号:
<HTML><HEAD><TITLE>flow-tag</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.73"></HEAD><BODYCLASS="REFENTRY"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><H1><ANAME="AEN1"><SPANCLASS="APPLICATION">flow-tag</SPAN></A></H1><DIVCLASS="REFNAMEDIV"><ANAME="AEN6"></A><H2>Name</H2><SPANCLASS="APPLICATION">flow-tag</SPAN> -- Apply tags to flow files.</DIV><DIVCLASS="REFSYNOPSISDIV"><ANAME="AEN10"></A><H2>Synopsis</H2><P><BCLASS="COMMAND">flow-tag</B> [-hk] [-b<TTCLASS="REPLACEABLE"><I> big</I></TT>|<TTCLASS="REPLACEABLE"><I>little</I></TT>] [-C<TTCLASS="REPLACEABLE"><I> comment</I></TT>] [-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT>] [-t<TTCLASS="REPLACEABLE"><I> tag_fname</I></TT>] [-T<TTCLASS="REPLACEABLE"><I> active_def</I></TT>...]</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN25"></A><H2>DESCRIPTION</H2><P>The <BCLASS="COMMAND">flow-tag</B> utility is used to add or modifysource and destination tags in flow records. Tags are 32 bit identifiers derived from rules and fields in a flow record. Tagscan be used to group flows with common prefixes, autonomous systems,next hops, exporter id and/or input/output interface.<BCLASS="COMMAND">flow-stat</B> can be used with tagged flows to producegroup based reports. For example, all outbound traffic for a customerwhere the customer is defined by a list of IP prefixes.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN30"></A><H2>OPTIONS</H2><P></P><DIVCLASS="VARIABLELIST"><DL><DT>-b<TTCLASS="REPLACEABLE"><I> big</I></TT>|<TTCLASS="REPLACEABLE"><I>little</I></TT></DT><DD><P>Byte order of output.</P></DD><DT>-C<TTCLASS="REPLACEABLE"><I> Comment</I></TT></DT><DD><P>Add a comment.</P></DD><DT>-d<TTCLASS="REPLACEABLE"><I> debug_level</I></TT></DT><DD><P>Enable debugging.</P></DD><DT>-h</DT><DD><P>Display help.</P></DD><DT>-k</DT><DD><P>Keep time from input.</P></DD><DT>-t<TTCLASS="REPLACEABLE"><I> tag_fname</I></TT></DT><DD><P>Load tags from <TTCLASS="FILENAME">tag_name</TT>. Defaults to <TTCLASS="FILENAME">@localstatedir@/cfg/tag</TT></P></DD><DT>-T<TTCLASS="REPLACEABLE"><I> active_def</I></TT>|</DT><DD><P>Use <TTCLASS="REPLACEABLE"><I>active_def</I></TT> as the active tag definition(s).</P></DD></DL></DIV><P></P><P>The configuration file is a collection of actions and definitions. Anaction is triggered by a definition and a definition is invoked onlyif listed with the <TTCLASS="REPLACEABLE"><I>-T</I></TT> flag. Lines beginingwith # are treated as comments and ignored. </P><P><PRECLASS="SCREEN">tag-action command Description/Example----------------------------------------------------------------------tag-action Begin tag-action section tag-action footype Configure the type of action, one of src-prefix, dst-prefix, prefix, src-as, dst-as, as, next-hop, tcp-src-port, tcp-dst-port, tcp-port, udp-src-port, udp-dst-port, udp-port, tos, any. type src-prefixmatch Match criteria. The match condition depends on the type. Following the match condition is one of set-dst, set-src, or-dst, or-src to set or logically or a value to the source or destination tag. match 128.146/16 set-dst 0x010001Multiple actions may match and set tags on the same flow. Note that listingmany actions will cause tags to be applied in O(actions) time. The actionstry to run in O(1) time. For example if 10 prefixes are listed in asingle action it will take about the same CPU as if 100 prefixes areused. Listing 100 actions will require 100 times the CPU as 1 action.tag-action types Description----------------------------------------------------------------------src-prefix Source Prefixdst-prefix Destination Prefixprefix Source or Destination Prefixsrc-as Source ASdst-as Destination ASas Source or Destination ASnext-hop IP Next Hoptcp-src-port TCP Source Porttcp-dst-port TCP Destination Porttcp-port TCP Source or Destination Portudp-src-port UDP Source Portudp-dst-port UDP Destination Portudp-port UDP Source or Destination Porttos Type of Serviceany Match any flows.tag-action matches Description----------------------------------------------------------------------set-dst Set the destination tag, replacing any previous tag.set-src Set the source tag, replacing any previous tag.or-dst Logically or this value to the existing destination tagor-src Logically or this value to the existing source tag </PRE></P><P>A definition lists a set of actions which are evaluated if the filtercriteria is met. Each definition is built with terms. A term hasits action(s) evaluated if the filter is passed.<PRECLASS="SCREEN">definition command Description/Example-----------------------------------------------------------------------tag-definition Begin tag-defintion secrion tag-definition barterm Begin a list of actions to be evaluated that match the filter rule. terminput-filter List of input ifIndexes the flow must match. input-filter 1,2,3,4output-filter List of output ifIndexes the flow must match. output-filter 1,2,3,4exporter IP address of exporter the flow must match. exporter 1.2.3.4action Name of action to evaluate. Actions are evaluated in the order they appear in a definition. action foo </PRE></P><P></P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN78"></A><H2>EXAMPLES</H2><DIVCLASS="INFORMALEXAMPLE"><ANAME="AEN80"></A><P></P><P>The meaning of a tag is user defined. The following example uses 16 bits of a tag as a customer ID and 4 bits as a customer type.<BCLASS="COMMAND">flow-xlate</B> can be used to apply a mask to thesefields.<PRECLASS="PROGRAMLISTING"># file: gigapop-tags# tag format# # 0 7 15 23 31# 0000 0000 0000 0000 0000 0000 0000 0000 (32 bits)# RRRRRRRRRRRRRR TTTT NNNNNNNNNNNNNNNNNNN# | | | Site name# | | Site type# | Reserved### SITE_NAME_MASK = 0x0000FFFF # SITE_TYPE_MASK = 0x00FF0000## ID Name#---------------------------------# 0x0001 OSU# 0x0002 CWRU# 0x0003 BGSU # ... etc# 0x0019 MULTICAST## ID Type #------------------------# 0x01 Participant# 0x02 SEGP# 0x03 Sponsored-Participant# 0x04 Gigapop# 0x05 MULTICASTtag-action OHIO-GIGAPOP_DST type dst-prefix# OSU match 128.146/16 set-dst 0x010001 match 164.107/16 set-dst 0x010001 match 140.254/16 set-dst 0x010001 match 192.153.26/24 set-dst 0x010001# CWRU match 129.22/16 set-dst 0x010002 match 192.5.110/24 set-dst 0x010002# BGSU match 129.1/16 set-dst 0x010003# ...etc# MULTICAST match 224/4 set-dst 0x050019tag-action OHIO-GIGAPOP_SRC type src-prefix# OSU match 128.146/16 set-src 0x010001 match 164.107/16 set-src 0x010001 match 140.254/16 set-src 0x010001 match 192.153.26/24 set-src 0x010001# CWRU match 129.22/16 set-src 0x010002 match 192.5.110/24 set-src 0x010002# BGSU match 129.1/16 set-src 0x010003# ...etctag-action OTHER_DST type dst-prefix match 0/0 set-dst 0x0 tag-action OTHER_SRC type src-prefix match 0/0 set-src 0x0tag-definition OHIO-GIGAPOP term# Abilene interface input-filter 25# clear tag first -- it defaults to 0, so this may not be necessary. action OTHER_DST action OHIO-GIGAPOP_DST term# Abilene interface output-filter 25# clear tag first -- it defaults to 0, so this may not be necessary. action OTHER_SRC action OHIO-GIGAPOP_SRC </PRE></P><P>First populate <TTCLASS="FILENAME">@localstatedir@/sym/tag</TT> for <BCLASS="COMMAND">flow-stat</B> to use as symbols.<PRECLASS="PROGRAMLISTING">0x0001 OSU0x0002 CWRU0x0003 BGSU0x0019 MULTICAST0x010000 PART0x020000 SEGP0x030000 SPART0x040000 GIGAPOP0x050000 MULTICAST</PRE></P><P>To generate a report for outgoing traffic to Abilene based on customer ID:<PRECLASS="PROGRAMLISTING">flow-cat <TTCLASS="FILENAME">flows</TT> | flow-filter -I25 | flow-tag -t gigapop-tags -TOHIO-GIGAPOP | flow-xlate -t0x0000FFFF | flow-stat -n -f30 -S2</PRE><PRECLASS="SCREEN"># --- ---- ---- Report Information --- --- ---## Fields: Total# Symbols: Enabled# Sorting: Descending Field 2# Name: Source Tag## Args: ../flow-stat -n -f30 -S2 ### Src Tag flows octets packets#OSU 4942230 181326237007 302476793CWRU 874883 54358312807 70589318BGSU 1008797 7600209852 22060870</PRE></P><P>To generate a report for inbound traffic from Abilene based on customer type:<PRECLASS="PROGRAMLISTING">flow-cat <TTCLASS="FILENAME">flows</TT> | flow-filter -i25 | flow-tag -t gigapop-tags -TOHIO-GIGAPOP | flow-xlate -T0xFF0000 | flow-stat -n -f31 -S2</PRE><PRECLASS="SCREEN"># --- ---- ---- Report Information --- --- ---## Fields: Total# Symbols: Enabled# Sorting: Descending Field 2# Name: Destination Tag## Args: ../flow-stat -n -f31 -S2 ### Dst Tag flows octets packets#PART 15923156 663289954569 981163979SEGP 4995795 135525076170 196534917MULTICAST 45171 49866825003 137798118GIGAPOP 942209 26422533266 23199961SPART 73998 5170323905 7597985</PRE></P><P></P></DIV></DIV><DIVCLASS="REFSECT1"><ANAME="AEN96"></A><H2>BUGS</H2><P>None known.</P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN99"></A><H2>AUTHOR</H2><P>Mark Fullmer<TTCLASS="EMAIL"><<AHREF="mailto:maf@splintered.net">maf@splintered.net</A>></TT></P></DIV><DIVCLASS="REFSECT1"><ANAME="AEN106"></A><H2>SEE ALSO</H2><P><SPANCLASS="APPLICATION">flow-tools</SPAN>(1)</P></DIV></BODY></HTML>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -