56
56
\fBflow-xlate\fP \(em Apply translations to selected fields of a flow\&.
59
\fBflow-xlate\fP [-hkn] [-b\fI big\fP|\fIlittle\fP] [-C\fI comment\fP] [-d\fI debug_level\fP] [-V\fI flow_version\fP] [-x\fI xlate_fname\fP] [-X\fI xlate_definition\fP] [-z\fI z_level\fP]
59
\fBflow-xlate\fP [-hkn] [-b\fI big\fP|\fIlittle\fP] [-C\fI comment\fP] [-d\fI debug_level\fP] [-v\fI variable binding\fP] [-V\fI flow_version\fP] [-x\fI xlate_fname\fP] [-X\fI xlate_definition\fP] [-z\fI z_level\fP]
62
62
The \fBflow-xlate\fP utility is used to apply translations
63
to flows\&. Translations are composed of actions and a definition to
64
invoke action(s)\&. The definitions are in the form of terms, each term
65
can have a filter and multiple actions\&.
63
to flows\&. Translations are defined in a configuration file and are
64
composed of actions and a definition to invoke action(s)\&. The definitions
65
are in the form of terms, each term can have a filter and multiple actions\&.
67
Words in the configuration file of the form @VAR or @{VAR:default} will be
68
expanded at run-time by setting variable names with the -v option\&.
67
70
Translation actions begin with the xlate-action keyword followed by
68
71
a symbolic name\&. Each action has a type defined below\&.
73
76
a filter to conditionally invoke an action\&.
76
Action type Description/Example
79
Action type/sub-commands Description/Example
77
80
------------------------------------------------------------------------
78
ip-source-address-to-network Remove host bits based on mask\&.
80
ip-destination-address-to-network Remove host bits based on mask\&.
82
ip-source-address-to-class-network Remove host bits to match class\&.
84
ip-destination-address-to-class-network
85
Remove host bits to match class\&.
81
ip-source-address-to-network Zero host bits based on mask\&.
82
ip-destination-address-to-network Zero host bits based on mask\&.
86
ip-source-address-to-class-network Zero source host bits to
88
ip-destination-address-to-class-network Zero dst host bits to
93
ip-source-address-anonymize Anonymize source address\&.
94
ip-destination-address-anonymize Anonymize destination address\&.
95
ip-address-anonymize Anonymize src/dst address\&.
98
algorithm Algorithm\&. cryptopan-aes128 is
99
currently supported\&.
100
algorithm cryptopan-aes128
102
key Key\&. Key is 128 bits in hex\&.
103
key 0123456789ABCDEFG
105
key-file File to load key from\&. Key is
107
key-file /mfstmp/secret-key
109
key-file-refresh How often to check the key file\&.
110
Interval is in minutes, the
111
optional second argument is
112
hour:min:sec to specify the
113
first refresh\&. This example
114
will load a new key every day
87
119
ip-address-privacy-mask Apply a mask to the source and
88
120
destination address to remove
90
mask 0xFFFFFF00 0xFFFFFF00
92
scale Scale packets and bytes
123
ip-port-privacy-mask Apply a mask to the source and
124
destination port to remove
95
127
tag-mask Apply mask to the source and
96
128
destination tag\&.
97
mask 0xFFFFFF00 0xFFFFFFFF
130
mask Source and Destination mask
134
scale Scale packets and bytes\&.
136
scale Scale to apply\&.
99
139
replace-source-as0 Replace source AS 0
102
140
replace-destination-as0 Replace destination AS 0
142
as AS replacement value\&.
106
146
.IP "-b\fI big\fP|\fIlittle\fP" 10
207
250
\fBflow-cat \fBflows\fP | flow-xlate -xxlate\&.cfg -Xabilene_privacy | flow-print\fP
254
Symbols - \fB@localstatedir@/sym/*\fP\&.
255
Filter - \fB@localstatedir@/cfg/filter\&.cfg\fP\&.
256
Xlate - \fB@localstatedir@/cfg/xlate\&.cfg\fP\&.
210
259
The scale option can overflow the 32 bit flow counters\&. This could be