Bug 1896

Summary: wrong count value in the version 9 header
Product: softflowd Reporter: Alex Kishkin <alexey>
Component: softflowdAssignee: Damien Miller <djm>
Status: CLOSED INVALID    
Severity: major CC: 8509985
Priority: P2    
Version: -current   
Hardware: All   
OS: All   

Description Alex Kishkin 2011-05-01 20:06:14 AEST 
According to rfc, header of netflow v9 packet must contain number of flowsets in the packet. Kind of 


Bytes	Contents	Description
0-1	version	NetFlow export format version number
2-3	count	Number of flow sets exported in this packet, both template and data (1-30).
4-7	sys_uptime	Current time in milliseconds since the export device booted.

etc etc

But softflowd generates packets with number of data records in the count field, instead of number of flowsets.

For example - this is a dump of softflowd generated version 9 packet:



<<0,9,           %version
  0,14,          %count
  0,6,2,132,     %sysuptime
  77,188,129,117,%unixseconds
  0,0,0,61,      %sequence
  0,0,0,0,       %sourceid
  4,0,                    %flowsetid = data
  1,184,                  %len  = 440

  % 1
  192,168,1,2,      % one data record - 31 byte
  217,73,200,220,
  0,1,36,79,
  0,1,40,187,
  0,0,2,223,
  0,0,0,6,
  218,85,
  0,80,
  6,
  27,
  4,
  
  %2
  217,73,200,220,192,168,1,2,0,1,36,79,0,1,40,187,
  0,0,2,110,0,0,0,5,0,80,218,85,6,27,4,

  %3
  192,168,1,2,  192,168,1,250,  0,1,36,203,   
  0,1,41,36,     0,0,0,62,     0,0,0,1,
  138,156,  0,53,  17,  0,  4,

  %4
  192,168,1,250, 192,168,1,2, 0,1,36,203, 0,1,41,36, 0,0,0,96,
  0,0,0,1, 0,53, 138,156, 17,  0,  4, 

  %5
  81,222,128,22,  192,168,1,2, 0,1,37,182,
  0,1,42,43,  0,0,2,218,  0,0,0,5,
  0,80, 204,241,  6, 27, 4,

  %6
  192,168,1,2, 81,222,128,22, 0,1,37,182, 
  0,1,42,43,   0,0,3,24,  0,0,0,5,
  204,241,  0,80, 6, 27, 4,

  %7
  94,100,188,103,   192,168,1,2,   0,1,37,231,
  0,1,42,152,  0,0,5,205, 0,0,0,5,
  0,80,  152,24, 6, 27, 4,

  %8
  192,168,1,2,94,100,
  188,103,0,1,37,231,0,1,42,152,0,0,4,241,0,0,0,6,
  152,24,0,80,6,27,4,

  %9
  192,168,1,2,192,168,1,250,0,1,
  38,48,0,1,41,36,0,0,0,62,0,0,0,1,191,215,0,53,17,
  0,4,

  %10
  192,168,1,250,192,168,1,2,0,1,38,48,0,1,41,
  36,0,0,0,110,0,0,0,1,0,53,191,215,17,0,4,

  %11
  192,168,1,2,192,168,1,250,0,1,38,61,0,1,39,196,0,0,0,58,
  0,0,0,1,160,164,0,53,17,0,4,

  %12
  192,168,1,250,192,168,1,2,0,1,38,61,0,1,39,
  196,0,0,0,74,0,0,0,1,0, 53,160,164,17,0,4,

   %13
  94,100,184,44,192,168,1,2,0,1,
  38,80,0,1,42,164,0,0,4,111,0,0,0,5,0,80,164,238,
  6,27,4,

  %14
  192,168,1,2,94,100,184,44,0,1,38,80,0,1,
  42,164,0,0,2,153,0,0,0,5,164,238,0,80,6,27,4,
  
  94,100>>


It obviously contains only one data flowset, and 14 records. So, I believe counter field in the header must be 1 instead of 14.
Comment 1 Damien Miller 2019-01-23 20:05:11 AEDT 
softflowd is not longer in this bugtracker
Comment 2 Damien Miller 2019-01-23 20:05:59 AEDT 
softflowd is not longer in this bugtracker
Comment 3 Damien Miller 2022-02-25 13:55:22 AEDT 
closing bugs resolved before the openssh-8.9 release