fixbuf
libfixbuf: What is New with fixbuf 3.0This page highlights the new features and incompatible changes in fixbuf 3.0.0. See the changelog for the complete set of changes.
ipfix2json
fixbuf 3.0.0 includes a new tool, ipfix2json, which reads an IPFIX stream and produces JSON.
The tool produces JSON for both the templates and the data records by default. Use the –data switch to exclude the templates.
The values for octetArray elements are printed in Base64 encoding by default. For some data, using –octet-format=string may provide more readable output.
For YAF-specific data, most users will find the JSON output from super_mediator to be superior. For example, super_mediator prints TCP flags using the typical letters ("FSRPAU") while ipfix2json prints the integer value.
ipfixDump
The output from ipfixDump is completely different in this release, being both more compact and more readable.
New options have been added which provide new information and better control of the output.
API
There are many new features and incompatible changes to the API.
Template Field
The biggest change is that elements in an fbTemplate_t are represented by the fbTemplateField_t object instead of the fbInfoElement_t.
Template Iterator
A new fbTemplateIter_t object and related functions make it easier to iterate over the fbTemplateField_ts in a fbTemplate_t.
Info Element
The name of an fbInfoElement_t is now directly accessible. Other members were removed since the structure is not used with a fbTemplate_t.
Record
A convenience object fbRecord_t and related functions (e.g., fBufNextRecord()) have been added. This object holds data buffer for a data record and a pointer to its template.
Functions exist to search a fbRecord_t for a particular element:
There are also functions to search a fbRecord_t and its subrecords for a particular fbTemplateField_t or use of a particular fbTemplate_t ID.
Accessor Macros
Macros to access the members of most structures (e.g., fbInfoElement_t, fbBasicList_t, fbSubTemplateList_t) have been added.
Template Info
A new fbTemplateInfo_t object holds metadata about a fbTemplate_t. This object replaces the name and description parameters that used to be passed to fbSessionAddTemplateWithMetadata(). That function has been removed, and fbSessionAddTemplate() now accepts the fbTemplateInfo_t, which may be NULL.
Spread
Spread toolkit support has been removed.
Incompatible Function Changes
The following functions from fixbuf 2.x have either had their parameter list changed or been removed.
If the second column is empty, only the parameter list has changed by requiring additional parameters.
If the param column is empty, the function has been renamed but is otherwise identical.
When no columns are empty, the function has been removed and the second column provides similar functionality but with different parameters.
The table does not include functions related to the spread toolkit.
