[netflow-tools] softflowd netflow V9 export bug
Neil
nd at u4eatech.com
Tue Apr 11 22:14:50 EST 2006
Hi,
>
> I've been looking at softflowd. I was looking at the netflowV9 export
> , I was decoding it as CFLOW using ethereal. I noticed that ethereal
> with telling me that it was expecting more flowsets than there
> actually were. I looked int netflow9.c file and found that the code
> is incrementing the flowset count for every flow that is being sent.
> So if, for example, you are sending a packet with a template flow set
> and a data flow set the count should only be 2, not the number of
> flows sent in the data flowset. This only applies to V9 of netflow.
> The bug is pretty simple to fix.
>
> nf9->flows
>
> should only be incremented when a template flowset or data flowset is
> added to the packet.
>
> Hope this helps.
>
> Cheers,
>
> Neil.
>
More information about the netflow-tools
mailing list