1515import ipaddress
1616import struct
1717
18- __all__ = ["V9DataFlowSet" , "V9DataRecord" , "V9ExportPacket" , "V9Header" , "V9TemplateField" ,
18+ __all__ = ["V9DataFlowSet" , "V9DataRecord" , "V9ExportPacket" , "V9Header" , "V9TemplateField" , "V9OptionsTemplateFlowSet"
1919 "V9TemplateFlowSet" , "V9TemplateNotRecognized" , "V9TemplateRecord" ]
2020
2121V9_FIELD_TYPES = {
@@ -263,6 +263,17 @@ def __repr__(self):
263263 ' ' .join ([V9_FIELD_TYPES [field .field_type ] for field in self .fields ]))
264264
265265
266+ class V9OptionsTemplateFlowSet :
267+ """An options template flowset. Always uses flowset ID 1.
268+ TODO: not handled at the moment, only stub implementation
269+ """
270+ def __init__ (self , data ):
271+ pack = struct .unpack ('!HHH' , data [:6 ])
272+ self .flowset_id = pack [0 ]
273+ self .length = pack [1 ]
274+ self .template_id = pack [2 ]
275+
276+
266277class V9TemplateFlowSet :
267278 """A template flowset, which holds an id that is used by data flowsets to
268279 reference back to the template. The template then has fields which hold
@@ -340,6 +351,7 @@ def __init__(self, data, templates):
340351 skipped_flowsets_offsets = []
341352 while offset != len (data ):
342353 flowset_id = struct .unpack ('!H' , data [offset :offset + 2 ])[0 ]
354+
343355 if flowset_id == 0 : # TemplateFlowSet always have id 0
344356 tfs = V9TemplateFlowSet (data [offset :])
345357
@@ -353,6 +365,13 @@ def __init__(self, data, templates):
353365 # Update the templates with the provided templates, even if they are the same
354366 self ._templates .update (tfs .templates )
355367 offset += tfs .length
368+
369+ elif flowset_id == 1 : # Option templates always use ID 1
370+ # TODO: Options templates are ignored, to prevent template ID collision
371+ # (if a collision can occur is not yet tested)
372+ otfs = V9OptionsTemplateFlowSet (data [offset :])
373+ offset += otfs .length
374+
356375 else :
357376 try :
358377 dfs = V9DataFlowSet (data [offset :], self ._templates )
0 commit comments