From owner-freebsd-bugs@FreeBSD.ORG  Tue Apr 25 02:40:19 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2C92E16A43C
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 25 Apr 2006 02:40:19 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 36A0E43D55
	for <freebsd-bugs@hub.freebsd.org>;
	Tue, 25 Apr 2006 02:40:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3P2eGHQ001622
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 25 Apr 2006 02:40:16 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3P2eGVu001621;
	Tue, 25 Apr 2006 02:40:16 GMT (envelope-from gnats)
Resent-Date: Tue, 25 Apr 2006 02:40:16 GMT
Resent-Message-Id: <200604250240.k3P2eGVu001621@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	David Duchscher <daved@tamu.edu>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 72DE216A400
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 25 Apr 2006 02:33:12 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3F37743D46
	for <freebsd-gnats-submit@FreeBSD.org>;
	Tue, 25 Apr 2006 02:33:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k3P2XB6k020877
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 25 Apr 2006 02:33:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k3P2XBTM020876;
	Tue, 25 Apr 2006 02:33:11 GMT (envelope-from nobody)
Message-Id: <200604250233.k3P2XBTM020876@www.freebsd.org>
Date: Tue, 25 Apr 2006 02:33:11 GMT
From: David Duchscher <daved@tamu.edu>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-2.3
Cc: 
Subject: kern/96296: netgraph netflow module sends random data header fields.
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Apr 2006 02:40:19 -0000


>Number:         96296
>Category:       kern
>Synopsis:       netgraph netflow module sends random data header fields.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 25 02:40:15 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     David Duchscher
>Release:        FreeBSD 6.1-RC
>Organization:
Texas A&M University
>Environment:
FreeBSD dns1.net.tamu.edu 6.1-RC FreeBSD 6.1-RC #1: Mon Apr 24 20:52:10 CDT 2006     root@dns1.net.tamu.edu:/data/usr/obj/data/usr/src/sys/CUSTOM  i386

>Description:
The netgraph netflow module does not fill in the engine type, engine id, or pad fields in the netflow version 5 packet header.  This means that random data is sent in these fields.  It also seems that that padding has meaning now to some netflow clients.  Ethereal shows it as Sampling Mode and Sampling Rate.  This random data may cause some tools to report numbers that wrong.  In my case, flow-tools showed flows being loss when none really were.
>How-To-Repeat:
Set up netgraph netflow to localhost and capture the flow with flow-tools.  Use flow-header to see that lost flows are reported.
>Fix:
Doesn't seem to be a good to send random data in packet fields so here is a patch that zeroes the engine type, engine id, and padding.

--- /sys/netgraph/netflow/netflow.c.orig        Sat Jan 21 04:09:18 2006
+++ /sys/netgraph/netflow/netflow.c     Mon Apr 24 21:29:53 2006
@@ -621,6 +621,9 @@
        getnanotime(&ts);
        header->unix_secs  = htonl(ts.tv_sec);
        header->unix_nsecs = htonl(ts.tv_nsec);
+       header->engine_type = 0;
+       header->engine_id = 0;
+       header->pad = 0;
        header->flow_seq = htonl(atomic_fetchadd_32(&priv->flow_seq,
            header->count));
        header->count = htons(header->count);

>Release-Note:
>Audit-Trail:
>Unformatted: