Hello Bao,
In some switch/router architectures it is not possible to obtain the
raw packet headers efficiently, and only a subset of the protocols
fields are available. In that case the structures for IPV4, IPV6 and
ETHERNET can be used instead. However, where there is a choice it is
better to export the raw header.
The specification document at http://sflow.org/sflow_version_5.txt
includes the following paragraph:
A flow_sample must contain packet header information. The
prefered format for reporting packet header information is
the sampled_header. However, if the packet header is not
available to the sampling process then one or more of
sampled_ethernet, sampled_ipv4, sampled_ipv6 may be used.
As far as I know, the only implementation that uses these structures at
the moment is our own probe software - we use it when converting Cisco
NetFlow or Riverstone LFAP to sFlow. I hope someone else will jump in
and correct me if they know of another implementation, but in any
case, I recommend that you design your receiver to accept these
structures in case they appear in the future.
regards,
neil
On Mar 1, 2005, at 8:21 AM, Bao wrote:
> Hello everyone
>
> I'm just trying to make a program to analyze our network's
> traffic using sFlow. I read that the packet_data_type could get 3
> different values : HEADER (1), IPV4 (2), IPV6(3). Could anyone explain
> me in which cases we could have IPV4 ?
> I'm doing different tests on our network and the packet_data value is
> always 1 (HEADER).
>
> here is the flow sample structure :
>
> struct flow_sample {
> unsigned int sequence_number;
> unsigned int source_id;
> [...]
> packet_data_type packet_data;
> }
>
> Regards
>
> --
> Bao
> OVANET S.A.R.L -*- http://www.ovanet.com
>
>
---- Neil McKee InMon Corp. http://www.inmon.comReceived on Tue Mar 1 10:07:15 2005
This archive was generated by hypermail 2.1.8 : 03/01/05 PST