<div dir="ltr"><div>I've updated the patch [1] (it was completely broken), there's no change in functionality but it should build now.<br><br>If you have any issues please let me know on list.<br><br>[1] <a href="http://zioncluster.ca/netflow/asa-9-patch-1.diff">http://zioncluster.ca/netflow/asa-9-patch-1.diff</a><br><br>Thanks,<br><br></div>-JohnF<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 21, 2014 at 9:38 PM, John Marrett <span dir="ltr"><<a href="mailto:johnf@zioncluster.ca" target="_blank">johnf@zioncluster.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I'm somewhat pleased to announce the first version of my patch for ASA 9 support [1] . Unfortunately it is far from complete. In fact, it's only marginally usable.<br><br>The initial problems were caused by the ASA 9 templates massively exceeded the value of DEFAULT_MAX_TEMPLATES, I have increased it to 1024 and it can now process the full template load.<br>
<br></div><div>I think there is some confusion between DEFAULT_MAX_TEMPLATES templates, which appears to be intended to be a counter of the number of templates, however seems to actually be the maximum number of fields. There is also a value for DEFAULT_MAX_TEMPLATE_LEN which appears to be intended to be a counter of the number of template fields, possibly per template. The first template from the ASA in version 9 contains a large number of fields it can't be processed and it starts aborting immediately reporting the "forced deletion of template 0x0100 from peer" error.<br>
</div><div><br></div><div>Unfortunately this is where the first ASA 9 patch begins and also ends. It will report all flows as 0 packet, 0 bytes. My next update should implement processing of update fields as Craig has proposed. It will work based on only processing update events [1] and by handling the two new ASA packet counters.<br>
</div><div><br></div><div>Hopefully more to come this weekend.<br></div><div><br></div><div>[1] <a href="http://zioncluster.ca/netflow/asa-9-patch-1.diff" target="_blank">http://zioncluster.ca/netflow/asa-9-patch-1.diff</a><br>[2] <a href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/system/netflow/netflow.html#wp1028202" target="_blank">http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/system/netflow/netflow.html#wp1028202</a><br>
<br>-JohnF<br></div></div>
</blockquote></div><br></div>