Bug 1959 - Incorrect Sequence Numbers for NetFlow v9 export.
Summary: Incorrect Sequence Numbers for NetFlow v9 export.
Status: CLOSED INVALID
Alias: None
Product: softflowd
Classification: Unclassified
Component: softflowd (show other bugs)
Version: -current
Hardware: All All
: P2 major
Assignee: Damien Miller
URL: http://www.cisco.com/en/US/technologi...
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-14 06:14 AEDT by ecoff
Modified: 2022-02-25 13:56 AEDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ecoff 2011-12-14 06:14:22 AEDT 
According to the NetFlow v9 RFC, the sequence number in the NetFlow v9 header is the:

"Incremental sequence counter of all Export Packets sent from the current Observation Domain by the Exporter.  This value MUST be cumulative, and SHOULD be used by the Collector to identify whether any Export Packets have been missed."

This is a change from the NetFlow Version 5 and Version 8 headers, where this number represented "total flows."

softflowd is incrementing sequence numbers the NetFlow v5 way.  It should increment the sequence number by 1 for each packet sent.
Comment 1 ecoff 2011-12-14 06:16:16 AEDT 
nfcapd reports incorrect sequence numbers when compiled with the DEVEL flag:

[0] Sequence error: last seq: 0, seq 10 dist 10

[0] Sequence error: last seq: 10, seq 23 dist 13
Comment 2 Damien Miller 2019-01-23 20:06:00 AEDT 
softflowd is not longer in this bugtracker
Comment 3 Damien Miller 2022-02-25 13:56:09 AEDT 
closing bugs resolved before openssh-8.9