michalac
commented
2 years ago Hello,
had same problem. It's because when every UDP packet arrives, there is new instance of CollectorDictHandler created with new ipfix.message.MessageBuffer. If packet contains template, MessageBuffer learns it. But after next UDP packet arrives, there is new MessageBuffer created with empty template list. MessageBuffer then can't parse packet and returns no data from namedict_iterator().
Solution is to use same MessageBuffer instance for every UDP packet. Something like:
class CollectorDictHandler(socketserver.DatagramRequestHandler):
# class static variable
msgBuff = ipfix.message.MessageBuffer()
def handle(self):
print("=" * 80)
CollectorDictHandler.msgBuff.from_bytes(self.rfile.read())
for rec in CollectorDictHandler.msgBuff.namedict_iterator():
print('-' * 80)
for key in rec:
print("%s: %s" % (key, rec[key]))
If multiple clients (with differrent templates), there must be single MessageBuffer for each client.
collector_test.py seems to be old, and uses TCP. I needed to do almost exactly the same thing it was trying to demo, but using UDP.
This is what I got:
The device exporting the flows is a Mikrotik. The code above runs, but r.namedict_iterator() never returns any records, so all I get is '====...' across my screen every time it receives a packet, but no actual data.
From what I understand, ipfix.reader is smart enough to read templates from the stream, and use them when trying to decode incoming data. Is this correct?
Am I doing something else wrong?