CESNET
Change IPFIX Json headers
I am receiving flows in following format. Is it possible to change header names. Want to get rid of "@type": "ipfix.entry" and first entries like iana: , ipfix: Basically want to remove the PEN entry appended to every header.
{ "@type": "ipfix.entry", "iana:ingressInterface": 31, "iana:egressInterface": 0, "iana:flowStartMilliseconds": 1728563205563, "iana:flowEndMilliseconds": 1728563261529, "iana:packetDeltaCount": 1, "iana:octetDeltaCount": 79, "iana:flowId": 144629, "iana:ingressVRFID": 0, "iana:egressVRFID": 0, "iana:VRFname": "Default", "iana:sourceIPv4Address": "110.1291.51.214", "iana:destinationIPv4Address": "116.217.10.1", "iana:sourceTransportPort": 62076, "iana:destinationTransportPort": 53, "iana:applicationName": "Dns", "iana:ipClassOfService": 0, "iana:protocolIdentifier": "UDP", "iana:destinationIPv4Prefix": "0.0.0.0", "iana:destinationIPv4PrefixLength": 0, "iana:sourceIPv4Prefix": "101.159.0.1", "iana:sourceIPv4PrefixLength": 23, "ipfix:exportTime": 1728963261, "ipfix:seqNumber": 544786152, "ipfix:odid": 0, "ipfix:msgLength": 1312, "ipfix:srcAddr": "251.67.0.9", "ipfix:templateId": 514 }
-- Thanks Neo
You need to modify the code in the libfds repository (https://github.com/CESNET/libfds/) in the json.c file located at libfds/src/converters as below:
Comment out the code portion
/* // Add a string identifier const size_t scope_size = strlen(def->scope->name); const size_t elem_size = strlen(def->name);
size_t size = scope_size + elem_size + 5; // 2x '"' + 2x ':' + '\0'
int ret_code = buffer_reserve(buffer, buffer_used(buffer) + size);
if (ret_code != FDS_OK) {
return ret_code;
}
*(buffer->write_begin++) = '"';
memcpy(buffer->write_begin, def->scope->name, scope_size);
buffer->write_begin += scope_size;
*(buffer->write_begin++) = ':';
memcpy(buffer->write_begin, def->name, elem_size);
buffer->write_begin += elem_size;
*(buffer->write_begin++) = '"';
*(buffer->write_begin++) = ':';
*/
//Replace with this
// Add a string identifier (MODIFIED - without scope prefix) const size_t elem_size = strlen(def->name);
// Only need space for: 2x '"' + ':' + element name + '\0' size_t size = elem_size + 4; // 2x '"' + ':' + '\0' int ret_code = buffer_reserve(buffer, buffer_used(buffer) + size); if (ret_code != FDS_OK) { return ret_code; }
*(buffer->write_begin++) = '"'; // Removed: memcpy(buffer->write_begin, def->scope->name, scope_size); // Removed: buffer->write_begin += scope_size; // Removed: *(buffer->write_begin++) = ':';
// Only copy the element name (no scope prefix) memcpy(buffer->write_begin, def->name, elem_size); buffer->write_begin += elem_size;
*(buffer->write_begin++) = '"'; *(buffer->write_begin++) = ':';
Then recompile libfds with
$ mkdir build $ cd build $ cmake .. -DCMAKE_INSTALL_PREFIX=/usr $ make $ make install
