[Bug 1896] New: wrong count value in the version 9 header

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun May 1 20:06:14 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1896

           Summary: wrong count value in the version 9 header
           Product: softflowd
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: softflowd
        AssignedTo: djm at mindrot.org
        ReportedBy: alexey at kishkin.name


According to rfc, header of netflow v9 packet must contain number of
flowsets in the packet. Kind of 


Bytes    Contents    Description
0-1    version    NetFlow export format version number
2-3    count    Number of flow sets exported in this packet, both
template and data (1-30).
4-7    sys_uptime    Current time in milliseconds since the export
device booted.

etc etc

But softflowd generates packets with number of data records in the
count field, instead of number of flowsets.

For example - this is a dump of softflowd generated version 9 packet:



<<0,9,           %version
  0,14,          %count
  0,6,2,132,     %sysuptime
  77,188,129,117,%unixseconds
  0,0,0,61,      %sequence
  0,0,0,0,       %sourceid
  4,0,                    %flowsetid = data
  1,184,                  %len  = 440

  % 1
  192,168,1,2,      % one data record - 31 byte
  217,73,200,220,
  0,1,36,79,
  0,1,40,187,
  0,0,2,223,
  0,0,0,6,
  218,85,
  0,80,
  6,
  27,
  4,

  %2
  217,73,200,220,192,168,1,2,0,1,36,79,0,1,40,187,
  0,0,2,110,0,0,0,5,0,80,218,85,6,27,4,

  %3
  192,168,1,2,  192,168,1,250,  0,1,36,203,   
  0,1,41,36,     0,0,0,62,     0,0,0,1,
  138,156,  0,53,  17,  0,  4,

  %4
  192,168,1,250, 192,168,1,2, 0,1,36,203, 0,1,41,36, 0,0,0,96,
  0,0,0,1, 0,53, 138,156, 17,  0,  4, 

  %5
  81,222,128,22,  192,168,1,2, 0,1,37,182,
  0,1,42,43,  0,0,2,218,  0,0,0,5,
  0,80, 204,241,  6, 27, 4,

  %6
  192,168,1,2, 81,222,128,22, 0,1,37,182, 
  0,1,42,43,   0,0,3,24,  0,0,0,5,
  204,241,  0,80, 6, 27, 4,

  %7
  94,100,188,103,   192,168,1,2,   0,1,37,231,
  0,1,42,152,  0,0,5,205, 0,0,0,5,
  0,80,  152,24, 6, 27, 4,

  %8
  192,168,1,2,94,100,
  188,103,0,1,37,231,0,1,42,152,0,0,4,241,0,0,0,6,
  152,24,0,80,6,27,4,

  %9
  192,168,1,2,192,168,1,250,0,1,
  38,48,0,1,41,36,0,0,0,62,0,0,0,1,191,215,0,53,17,
  0,4,

  %10
  192,168,1,250,192,168,1,2,0,1,38,48,0,1,41,
  36,0,0,0,110,0,0,0,1,0,53,191,215,17,0,4,

  %11
  192,168,1,2,192,168,1,250,0,1,38,61,0,1,39,196,0,0,0,58,
  0,0,0,1,160,164,0,53,17,0,4,

  %12
  192,168,1,250,192,168,1,2,0,1,38,61,0,1,39,
  196,0,0,0,74,0,0,0,1,0, 53,160,164,17,0,4,

   %13
  94,100,184,44,192,168,1,2,0,1,
  38,80,0,1,42,164,0,0,4,111,0,0,0,5,0,80,164,238,
  6,27,4,

  %14
  192,168,1,2,94,100,184,44,0,1,38,80,0,1,
  42,164,0,0,2,153,0,0,0,5,164,238,0,80,6,27,4,

  94,100>>


It obviously contains only one data flowset, and 14 records. So, I
believe counter field in the header must be 1 instead of 14.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list