Reworked Netflow plugin to new parser arguments

pavel-odintsov · Jan 27, 2025 · 157e3fd · 157e3fd
1 parent e7f611f
commit 157e3fd
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/src/netflow_plugin/ipfix_collector.cpp b/src/netflow_plugin/ipfix_collector.cpp
@@ -1390,9 +1390,14 @@ bool ipfix_record_to_flow(uint32_t record_type, uint32_t record_length, const ui
                     payload_shift = data + sizeof(uint8_t) + sizeof(uint16_t);
                 }
 
+                parser_options_t parser_options{};
+
+                parser_options.unpack_gre = false;
+                parser_options.read_packet_length_from_ip_header = true;
+
                 auto result = parse_raw_packet_to_simple_packet_full_ng(payload_shift, flow_meta.variable_field_length,
                                                                         flow_meta.variable_field_length,
-                                                                        flow_meta.nested_packet, false, true);
+                                                                        flow_meta.nested_packet, parser_options);
 
                 if (result != network_data_stuctures::parser_code_t::success) {
                     // Cannot decode data

diff --git a/src/netflow_plugin/netflow_v9_collector.cpp b/src/netflow_plugin/netflow_v9_collector.cpp
@@ -816,8 +816,6 @@ bool netflow9_record_to_flow(uint32_t record_type,
     case NETFLOW9_LAYER2_PACKET_SECTION_DATA: {
         netflow_v9_lite_headers++;
 
-        bool read_packet_length_from_ip_header = true;
-
         // It's our safe fallback
         uint64_t full_packet_length = record_length;
 
@@ -826,11 +824,13 @@ bool netflow9_record_to_flow(uint32_t record_type,
             full_packet_length = flow_meta.data_link_frame_size;
         }
 
-        bool extract_tunnel_traffic = false;
+        parser_options_t parser_options{};
+
+        parser_options.unpack_gre = false;
+        parser_options.read_packet_length_from_ip_header = true;
 
         auto result = parse_raw_packet_to_simple_packet_full_ng((u_char*)(data), full_packet_length, record_length,
-            flow_meta.nested_packet, extract_tunnel_traffic,
-            read_packet_length_from_ip_header);
+            flow_meta.nested_packet, parser_options);
 
         if (result != network_data_stuctures::parser_code_t::success) {
             // Cannot decode data