Fields unix_secs and unix_nsecs are private in v5 header. Seems there is no way to get timestmap data without serialization. They are public in v7.
#[derive(Debug, PartialEq, Eq, Clone, Copy, Serialize, Nom)]
pub struct Header {
/// NetFlow export format version number
pub version: u16,
/// Number of flows exported in this packet (1-30)
pub count: u16,
/// Current time in milliseconds since the export device booted
#[nom(Map = "|i| Duration::from_millis(i.into())", Parse = "be_u32")]
pub sys_up_time: Duration,
/// Current count of seconds since 0000 UTC 1970
#[nom(Map = "|i| Duration::from_secs(i.into())", Parse = "be_u32")]
unix_secs: Duration,
/// Residual nanoseconds since 0000 UTC 1970
#[nom(Map = "|i| Duration::from_nanos(i.into())", Parse = "be_u32")]
unix_nsecs: Duration,
/// Sequence counter of total flows seen
pub flow_sequence: u32,
/// Type of flow-switching engine
pub engine_type: u8,
/// Slot number of the flow-switching engine
pub engine_id: u8,
/// First two bits hold the sampling mode; remaining 14 bits hold value of sampling interval
pub sampling_interval: u16,
}
mikemiles-dev
commented
8 months ago
Hi,
Fields unix_secs and unix_nsecs are private in v5 header. Seems there is no way to get timestmap data without serialization. They are public in v7.