Bug 1959

Summary: Incorrect Sequence Numbers for NetFlow v9 export.
Product: softflowd Reporter: ecoff
Component: softflowdAssignee: Damien Miller <djm>
Status: CLOSED INVALID    
Severity: major    
Priority: P2    
Version: -current   
Hardware: All   
OS: All   
URL: http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9_ps6601_Products_White_Paper.html

Description ecoff 2011-12-14 06:14:22 AEDT 
According to the NetFlow v9 RFC, the sequence number in the NetFlow v9 header is the:

"Incremental sequence counter of all Export Packets sent from the current Observation Domain by the Exporter.  This value MUST be cumulative, and SHOULD be used by the Collector to identify whether any Export Packets have been missed."

This is a change from the NetFlow Version 5 and Version 8 headers, where this number represented "total flows."

softflowd is incrementing sequence numbers the NetFlow v5 way.  It should increment the sequence number by 1 for each packet sent.
Comment 1 ecoff 2011-12-14 06:16:16 AEDT 
nfcapd reports incorrect sequence numbers when compiled with the DEVEL flag:

[0] Sequence error: last seq: 0, seq 10 dist 10

[0] Sequence error: last seq: 10, seq 23 dist 13
Comment 2 Damien Miller 2019-01-23 20:06:00 AEDT 
softflowd is not longer in this bugtracker
Comment 3 Damien Miller 2022-02-25 13:56:09 AEDT 
closing bugs resolved before openssh-8.9