/ 
Net-sFlow-0.03X
River stage zero No dependents
/ Net::sFlow

NAME

Net::sFlow - decode sFlow datagrams.

SYNOPSIS

use Net::sFlow;
use IO::Socket::INET;

my $sock = IO::Socket::INET->new( LocalPort => '6343',
                                  Proto     => 'udp')
                             or die "Can't bind : $@\n";

while ($sock->recv($packet,1548)) {
  &processPacket($packet);
}
die "Socket recv: $!";

sub processPacket {

  my $sFlowPacket = shift;

  my ($sFlowDatagramRef, $sFlowSamplesRef, $errorsRef) = Net::sFlow::decode($sFlowPacket);

  # print errors
    foreach my $error (@{$errorsRef}) {
    warn "$error";
  }

  # print sflow data
  print "===Datagram===\n";
  print "sFlow version: $sFlowDatagramRef->{sFlowVersion}\n";
  print "datagram sequence number: $sFlowDatagramRef->{datagramSequenceNumber}\n";

  foreach my $sFlowSample (@{$printSamplesRef}) {
    print "\n";
    print "---Sample---\n";
    print "sample sequence number: $sFlowSample->{sampleSequenceNumber}\n";
  }

}

DESCRIPTION

The sFlow module provides a mechanism to parse and decode sFlow datagrams. It supports sFlow version 2/4 (RFC 3176 - http://www.ietf.org/rfc/rfc3176.txt) and sFlow version 5 (Memo - http://sflow.org/sflow_version_5.txt).

The module's functionality is provided by a single (exportable) function, decode().

FUNCTIONS

decode( UDP_PAYLOAD )

($datagram, $samples, $error) = Net::sFlow::decode($udp_data);

Returns a HASH reference containing the datagram data, an ARRAY reference with the sample data (each array element contains a HASH reference for one sample) and in case of an error a reference to an ARRAY containing the error messages.

Return Values

    A HASH reference containing information about the sFlow datagram, with the following keys:

    sFlowVersion
AgentIpVersion
AgentIp
datagramSequenceNumber
agentUptime
samplesInPacket

    In the case of sFlow v5, there is an additional key:

    subAgentId

    $samples

    Reference to a list of HASH references, each one representing one sample. Depending on the type, the hash contains the following additional keys:

    In case of sFlow <= 4:

    sampleType
sampleSequenceNumber
sourceIdType
sourceIdIndex

    If it's a sFlow <= 4 flowsample you will get the following additional keys:

    samplingRate
samplePool
drops
inputInterface
outputInterface
packetDataType
extendedDataInSample

    If it's a sFlow <= 4 countersample you will get these additional keys:

    counterSamplingInterval
countersVersion

    In case of sFlow >= 5 you will first get enterprise, format and length information:

    sampleTypeEnterprise
sampleTypeFormat
sampleLength

    In case of a flowsample (enterprise == 0 and format == 1):

    sampleSequenceNumber
sourceIdType
sourceIdIndex
samplingRate
samplePool
drops
inputInterface
outputInterface
flowRecordsCount

    If it's an expanded flowsample (enterprise == 0 and format == 3) you will get these additional keys instead of inputInterface and outputInterface:

    inputInterfaceFormat
inputInterfaceValue
outputInterfaceFormat
outputInterfaceValue

    In case of a countersample (enterprise == 0 and format == 2) or an expanded countersample (enterprise == 0 and format == 4):

    sampleSequenceNumber
sourceIdType
sourceIdIndex
counterRecordsCount
counterDataLength

    Depending on what kind of samples the hardware is taking you will get the following additional keys:

    Header data:

    HEADERDATA
HeaderProtocol
HeaderFrameLength 
HeaderStrippedLength
HeaderSizeByte
HeaderSizeBit

HeaderEtherSrcMac
HeaderEtherDestMac
HeaderVer
HeaderDatalen

    Ethernet frame data:

    ETHERNETFRAMEDATA
EtherMacPacketlength
EtherSrcMac
EtherDestMac
EtherPackettype

    IPv4 data:

    IPv4DATA
IPv4Packetlength
IPv4NextHeaderProtocol
IPv4srcIp
IPv4destIp
IPv4srcPort
IPv4destPort
IPv4tcpFlags
IPv4tos

    IPv6 data:

    IPv6DATA
IPv6Packetlength
IPv6NextHeaderProto
IPv6srcIp
IPv6destIp
IPv6srcPort
IPv6destPort
IPv6tcpFlags
IPv6Priority

    Switch data:

    SWITCHDATA
SwitchSrcVlan
SwitchSrcPriority
SwitchDestVlan
SwitchDestPriority

    Router data:

    ROUTERDATA
RouterIpVersionNextHopRouter
RouterIpAddressNextHopRouter
RouterSrcMask
RouterDestMask

    Gateway data:

    GATEWAYDATA
GatewayIpVersionNextHopRouter (only in case of sFlow v5)
GatewayIpAddressNextHopRouter (only in case of sFlow v5)
GatewayAsRouter
GatewayAsSource
GatewayAsSourcePeer
GatewayDestAsPathsCount

GatewayDestAsPaths (arrayreference)
  each enty contains a hashreference:
    asPathSegmentType
    lengthAsList
    AsPath (arrayreference, asNumbers as entries)

GatewayLengthCommunitiesList (added in sFlow v4)
GatewayCommunities (arrayreference, added in sFlow v4)
  each enty contains a community (added in sFlow v4)

localPref

    User data:

    USERDATA
UserSrcCharset (only in case of sFlow v5)
UserLengthSrcString
UserSrcString
UserDestCharset (only in case of sFlow v5)
UserLengthDestString
UserDestString

    Url data (added in sFlow v3):

    URLDATA
UrlDirection
UrlLength
Url
UrlHostLength (only in case of sFlow v5)
UrlHost (only in case of sFlow v5)

    The following keys can be only available in sFlow v5:

    Mpls data:

    MPLSDATA
MplsIpVersionNextHopRouter
MplsIpAddressNextHopRouter
MplsInLabelStackCount
MplsInLabelStack (arrayreference containing MplsInLabels)
MplsOutLabelStackCount
MplsOutLabelStack (arrayreference containing MplsOutLabels)

    Nat data:

    NATDATA
NatIpVersionSrcAddress
NatSrcAddress
NatIpVersionDestAddress
NatDestAddress

    Mpls tunnel:

    MPLSTUNNEL
MplsTunnelLength
MplsTunnelName
MplsTunnelId
MplsTunnelCosValue

    Mpls vc:

    MPLSVC
MplsVcInstanceNameLength
MplsVcInstanceName
MplsVcId
MplsVcLabelCosValue

    Mpls fec:

    MPLSFEC
MplsFtnDescrLength
MplsFtnDescr
MplsFtnMask

    Mpls lpv fec:

    MPLSLPVFEC
MplsFecAddrPrefixLength

    Vlan tunnel:

    VLANTUNNEL
VlanTunnelLayerStackCount
VlanTunnelLayerStack (arrayreference containing VlanTunnelLayer entries)

    The following keys are also available in sFlow < 5:

    Counter generic:

    COUNTERGENERIC
ifIndex
ifType
ifSpeed
ifDirection
ifAdminStatus
ifOperStatus
idInOctets
ifInUcastPkts
ifInMulticastPkts
ifInBroadcastPkts
idInDiscards
ifInErrors
ifInUnknownProtos
ifOutOctets
ifOutUcastPkts
ifOutMulticastPkts
ifOutBroadcastPkts
ifOutDiscards
ifOutErrors
ifPromiscuousMode

    Counter ethernet:

    COUNTERETHERNET
dot3StatsAlignmentErrors
dot3StatsFCSErrors
dot3StatsSingleCollisionFrames
dot3StatsMultipleCollisionFrames
dot3StatsSQETestErrors
dot3StatsDeferredTransmissions
dot3StatsLateCollisions
dot3StatsExcessiveCollisions
dot3StatsInternalMacTransmitErrors
dot3StatsCarrierSenseErrors
dot3StatsFrameTooLongs
dot3StatsInternalMacReceiveErrors
dot3StatsSymbolErrors

    Counter tokenring:

    COUNTERTOKENRING
dot5StatsLineErrors
dot5StatsBurstErrors
dot5StatsACErrors
dot5StatsAbortTransErrors
dot5StatsInternalErrors
dot5StatsLostFrameErrors
dot5StatsReceiveCongestions
dot5StatsFrameCopiedErrors
dot5StatsTokenErrors
dot5StatsSoftErrors
dot5StatsHardErrors
dot5StatsSignalLoss
dot5StatsTransmitBeacons
dot5StatsRecoverys
dot5StatsLobeWires
dot5StatsRemoves
dot5StatsSingles
dot5StatsFreqErrors

    Counter vg:

    COUNTERVG
dot12InHighPriorityFrames
dot12InHighPriorityOctets
dot12InNormPriorityFrames
dot12InNormPriorityOctets
dot12InIPMErrors
dot12InOversizeFrameErrors
dot12InDataErrors
dot12InNullAddressedFrames
dot12OutHighPriorityFrames
dot12OutHighPriorityOctets
dot12TransitionIntoTrainings
dot12HCInHighPriorityOctets
dot12HCInNormPriorityOctets
dot12HCOutHighPriorityOctets

    Counter vlan:

    COUNTERVLAN
vlan_id
octets
ucastPkts
multicastPkts
broadcastPkts
discards

    Counter processor (only in sFlow v5):

    COUNTERPROCESSOR
cpu5s
cpu1m
cpu5m
memoryTotal
memoryFree

    $error

    Reference to a list of error messages.

CAVEATS

The decode function will blindly attempt to decode the data you provide. There are some tests for the appropriate values at various places (where it is feasible to test - like enterprises, formats, versionnumbers, etc.), but in general the GIGO principle still stands: Garbage In / Garbage Out.

SEE ALSO

sFlow v4 http://www.ietf.org/rfc/rfc3176.txt

Format Diagram v4: http://jasinska.de/sFlow/sFlowV4FormatDiagram/

sFlow v5 http://sflow.org/sflow_version_5.txt

Format Diagram v5: http://jasinska.de/sFlow/sFlowV5FormatDiagram/

Math::BigInt http://search.cpan.org/~tels/Math-BigInt-1.77/lib/Math/BigInt.pm

AUTHOR

Elisa Jasinska <elisa.jasinska@ams-ix.net>

CONTACT

Please send comments or bug reports to <sflow@ams-ix.net>

COPYRIGHT

Copyright (c) 2006 AMS-IX B.V.

This package is free software and is provided "as is" without express or implied warranty. It may be used, redistributed and/or modified under the terms of the Perl Artistic License (see http://www.perl.com/perl/misc/Artistic.html)

1 POD Error

The following errors were encountered while parsing the POD:

Around line 2176:

=over should be: '=over' or '=over positive_number'

You can't have =items (as at line 2195) unless the first thing after the =over is an =item