1896 – wrong count value in the version 9 header

Bug 1896 - wrong count value in the version 9 header

Summary: wrong count value in the version 9 header

Status:	CLOSED INVALID

Alias:	None

Product:	softflowd
Classification:	Unclassified
Component:	softflowd (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P2 major
Assignee:	Damien Miller

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-05-01 20:06 AEST by Alex Kishkin
Modified:	2022-02-25 13:55 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Kishkin 2011-05-01 20:06:14 AEST

According to rfc, header of netflow v9 packet must contain number of flowsets in the packet. Kind of 


Bytes	Contents	Description
0-1	version	NetFlow export format version number
2-3	count	Number of flow sets exported in this packet, both template and data (1-30).
4-7	sys_uptime	Current time in milliseconds since the export device booted.

etc etc

But softflowd generates packets with number of data records in the count field, instead of number of flowsets.

For example - this is a dump of softflowd generated version 9 packet:



<<0,9,           %version
  0,14,          %count
  0,6,2,132,     %sysuptime
  77,188,129,117,%unixseconds
  0,0,0,61,      %sequence
  0,0,0,0,       %sourceid
  4,0,                    %flowsetid = data
  1,184,                  %len  = 440

  % 1
  192,168,1,2,      % one data record - 31 byte
  217,73,200,220,
  0,1,36,79,
  0,1,40,187,
  0,0,2,223,
  0,0,0,6,
  218,85,
  0,80,
  6,
  27,
  4,
  
  %2
  217,73,200,220,192,168,1,2,0,1,36,79,0,1,40,187,
  0,0,2,110,0,0,0,5,0,80,218,85,6,27,4,

  %3
  192,168,1,2,  192,168,1,250,  0,1,36,203,   
  0,1,41,36,     0,0,0,62,     0,0,0,1,
  138,156,  0,53,  17,  0,  4,

  %4
  192,168,1,250, 192,168,1,2, 0,1,36,203, 0,1,41,36, 0,0,0,96,
  0,0,0,1, 0,53, 138,156, 17,  0,  4, 

  %5
  81,222,128,22,  192,168,1,2, 0,1,37,182,
  0,1,42,43,  0,0,2,218,  0,0,0,5,
  0,80, 204,241,  6, 27, 4,

  %6
  192,168,1,2, 81,222,128,22, 0,1,37,182, 
  0,1,42,43,   0,0,3,24,  0,0,0,5,
  204,241,  0,80, 6, 27, 4,

  %7
  94,100,188,103,   192,168,1,2,   0,1,37,231,
  0,1,42,152,  0,0,5,205, 0,0,0,5,
  0,80,  152,24, 6, 27, 4,

  %8
  192,168,1,2,94,100,
  188,103,0,1,37,231,0,1,42,152,0,0,4,241,0,0,0,6,
  152,24,0,80,6,27,4,

  %9
  192,168,1,2,192,168,1,250,0,1,
  38,48,0,1,41,36,0,0,0,62,0,0,0,1,191,215,0,53,17,
  0,4,

  %10
  192,168,1,250,192,168,1,2,0,1,38,48,0,1,41,
  36,0,0,0,110,0,0,0,1,0,53,191,215,17,0,4,

  %11
  192,168,1,2,192,168,1,250,0,1,38,61,0,1,39,196,0,0,0,58,
  0,0,0,1,160,164,0,53,17,0,4,

  %12
  192,168,1,250,192,168,1,2,0,1,38,61,0,1,39,
  196,0,0,0,74,0,0,0,1,0, 53,160,164,17,0,4,

   %13
  94,100,184,44,192,168,1,2,0,1,
  38,80,0,1,42,164,0,0,4,111,0,0,0,5,0,80,164,238,
  6,27,4,

  %14
  192,168,1,2,94,100,184,44,0,1,38,80,0,1,
  42,164,0,0,2,153,0,0,0,5,164,238,0,80,6,27,4,
  
  94,100>>


It obviously contains only one data flowset, and 14 records. So, I believe counter field in the header must be 1 instead of 14.

Comment 1 Damien Miller 2019-01-23 20:05:11 AEDT

softflowd is not longer in this bugtracker

Comment 2 Damien Miller 2019-01-23 20:05:59 AEDT

softflowd is not longer in this bugtracker

Comment 3 Damien Miller 2022-02-25 13:55:22 AEDT

closing bugs resolved before the openssh-8.9 release