[Bug 1896] New: wrong count value in the version 9 header
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun May 1 20:06:14 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1896
Summary: wrong count value in the version 9 header
Product: softflowd
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: softflowd
AssignedTo: djm at mindrot.org
ReportedBy: alexey at kishkin.name
According to rfc, header of netflow v9 packet must contain number of
flowsets in the packet. Kind of
Bytes Contents Description
0-1 version NetFlow export format version number
2-3 count Number of flow sets exported in this packet, both
template and data (1-30).
4-7 sys_uptime Current time in milliseconds since the export
device booted.
etc etc
But softflowd generates packets with number of data records in the
count field, instead of number of flowsets.
For example - this is a dump of softflowd generated version 9 packet:
<<0,9, %version
0,14, %count
0,6,2,132, %sysuptime
77,188,129,117,%unixseconds
0,0,0,61, %sequence
0,0,0,0, %sourceid
4,0, %flowsetid = data
1,184, %len = 440
% 1
192,168,1,2, % one data record - 31 byte
217,73,200,220,
0,1,36,79,
0,1,40,187,
0,0,2,223,
0,0,0,6,
218,85,
0,80,
6,
27,
4,
%2
217,73,200,220,192,168,1,2,0,1,36,79,0,1,40,187,
0,0,2,110,0,0,0,5,0,80,218,85,6,27,4,
%3
192,168,1,2, 192,168,1,250, 0,1,36,203,
0,1,41,36, 0,0,0,62, 0,0,0,1,
138,156, 0,53, 17, 0, 4,
%4
192,168,1,250, 192,168,1,2, 0,1,36,203, 0,1,41,36, 0,0,0,96,
0,0,0,1, 0,53, 138,156, 17, 0, 4,
%5
81,222,128,22, 192,168,1,2, 0,1,37,182,
0,1,42,43, 0,0,2,218, 0,0,0,5,
0,80, 204,241, 6, 27, 4,
%6
192,168,1,2, 81,222,128,22, 0,1,37,182,
0,1,42,43, 0,0,3,24, 0,0,0,5,
204,241, 0,80, 6, 27, 4,
%7
94,100,188,103, 192,168,1,2, 0,1,37,231,
0,1,42,152, 0,0,5,205, 0,0,0,5,
0,80, 152,24, 6, 27, 4,
%8
192,168,1,2,94,100,
188,103,0,1,37,231,0,1,42,152,0,0,4,241,0,0,0,6,
152,24,0,80,6,27,4,
%9
192,168,1,2,192,168,1,250,0,1,
38,48,0,1,41,36,0,0,0,62,0,0,0,1,191,215,0,53,17,
0,4,
%10
192,168,1,250,192,168,1,2,0,1,38,48,0,1,41,
36,0,0,0,110,0,0,0,1,0,53,191,215,17,0,4,
%11
192,168,1,2,192,168,1,250,0,1,38,61,0,1,39,196,0,0,0,58,
0,0,0,1,160,164,0,53,17,0,4,
%12
192,168,1,250,192,168,1,2,0,1,38,61,0,1,39,
196,0,0,0,74,0,0,0,1,0, 53,160,164,17,0,4,
%13
94,100,184,44,192,168,1,2,0,1,
38,80,0,1,42,164,0,0,4,111,0,0,0,5,0,80,164,238,
6,27,4,
%14
192,168,1,2,94,100,184,44,0,1,38,80,0,1,
42,164,0,0,2,153,0,0,0,5,164,238,0,80,6,27,4,
94,100>>
It obviously contains only one data flowset, and 14 records. So, I
believe counter field in the header must be 1 instead of 14.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list