[netflow-tools] [PATCH] softflowd: Fix broken v9 flow creation for IPv6

Hitoshi Irino irino at sfc.wide.ad.jp
Mon Oct 10 19:41:57 EST 2011 

Hello Christoph,

I committed (hg commit & push) this patch to google code on September 21th.

thanks,
Hitoshi Irino

(2011年02月08日 06:20), Christoph Biedl wrote:
> Hello,
> 
> Full story: To create flow information for IPv6 connections, too, I
> had to switch to v9 flow creation. And soon saw error messages in
> nfcapd which captures the flow datagrams like in:
> 
> nfcapd[31773]: Process_v9: Corrupt data flowset? Pad bytes: 6
> 
> Reading the files created by nfcapd using nfdump resulted in a lot of
> garbage; and wireshark didn't show sound information, either.
> 
> Explanation (after a longer search):
> 
> In netflowd9.c:82 the number of records in the flow template is
> defined as 11. The actual number of records is 13 (l.148-151 for
> v4_template, l.180-183 for v6_template). So it's basically good luck
> no exception is triggered when filling the template with these two
> extra records (just two octects) as this either just affects padding
> or the following variables without doing real harm.
> 
> A second reason for garbled data was caused by a copy'n'waste error in
> lines 169-172.
> 
> Both were introduced in
> 
> changeset:   198:13176bb927c3
> user:        djm
> date:        Thu Oct 01 07:06:08 2009 +0000
> summary:     - (djm) Support manual specification of an interface index to be used
> 
> Fix: See patch below. Works for me.
> 
> Cheers,
> 
>      Christoph
> 
> PS: On a side note, certain v9 flow datagrams seem to drive a squeezy
> wireshark into a segmentation fault, I'm too tired to dig into this
> right now.
> 
> 
> --- a/netflow9.c
> +++ b/netflow9.c
> @@ -79,7 +79,7 @@ struct NF9_DATA_FLOWSET_HEADER {
>   #define NF9_IP_PROTOCOL_VERSION		60
> 
>   /* Stuff pertaining to the templates that softflowd uses */
> -#define NF9_SOFTFLOWD_TEMPLATE_NRECORDS	11
> +#define NF9_SOFTFLOWD_TEMPLATE_NRECORDS	13
>   struct NF9_SOFTFLOWD_TEMPLATE {
>   	struct NF9_TEMPLATE_FLOWSET_HEADER h;
>   	struct NF9_TEMPLATE_FLOWSET_RECORD r[NF9_SOFTFLOWD_TEMPLATE_NRECORDS];
> @@ -167,10 +167,10 @@ nf9_init_template(void)
>   	v6_template.r[4].length = htons(4);
>   	v6_template.r[5].type = htons(NF9_IN_PACKETS);
>   	v6_template.r[5].length = htons(4);
> -	v4_template.r[6].type = htons(NF9_IF_INDEX_IN);
> -	v4_template.r[6].length = htons(4);
> -	v4_template.r[7].type = htons(NF9_IF_INDEX_OUT);
> -	v4_template.r[7].length = htons(4);
> +	v6_template.r[6].type = htons(NF9_IF_INDEX_IN);
> +	v6_template.r[6].length = htons(4);
> +	v6_template.r[7].type = htons(NF9_IF_INDEX_OUT);
> +	v6_template.r[7].length = htons(4);
>   	v6_template.r[8].type = htons(NF9_L4_SRC_PORT);
>   	v6_template.r[8].length = htons(2);
>   	v6_template.r[9].type = htons(NF9_L4_DST_PORT);
> 
> 
> 
> 
> _______________________________________________
> netflow-tools mailing list
> netflow-tools at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/netflow-tools

More information about the netflow-tools mailing list