Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Apr 2006 02:33:11 GMT
From:      David Duchscher <daved@tamu.edu>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/96296: netgraph netflow module sends random data header fields.
Message-ID:  <200604250233.k3P2XBTM020876@www.freebsd.org>
Resent-Message-ID: <200604250240.k3P2eGVu001621@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         96296
>Category:       kern
>Synopsis:       netgraph netflow module sends random data header fields.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 25 02:40:15 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     David Duchscher
>Release:        FreeBSD 6.1-RC
>Organization:
Texas A&M University
>Environment:
FreeBSD dns1.net.tamu.edu 6.1-RC FreeBSD 6.1-RC #1: Mon Apr 24 20:52:10 CDT 2006     root@dns1.net.tamu.edu:/data/usr/obj/data/usr/src/sys/CUSTOM  i386

>Description:
The netgraph netflow module does not fill in the engine type, engine id, or pad fields in the netflow version 5 packet header.  This means that random data is sent in these fields.  It also seems that that padding has meaning now to some netflow clients.  Ethereal shows it as Sampling Mode and Sampling Rate.  This random data may cause some tools to report numbers that wrong.  In my case, flow-tools showed flows being loss when none really were.
>How-To-Repeat:
Set up netgraph netflow to localhost and capture the flow with flow-tools.  Use flow-header to see that lost flows are reported.
>Fix:
Doesn't seem to be a good to send random data in packet fields so here is a patch that zeroes the engine type, engine id, and padding.

--- /sys/netgraph/netflow/netflow.c.orig        Sat Jan 21 04:09:18 2006
+++ /sys/netgraph/netflow/netflow.c     Mon Apr 24 21:29:53 2006
@@ -621,6 +621,9 @@
        getnanotime(&ts);
        header->unix_secs  = htonl(ts.tv_sec);
        header->unix_nsecs = htonl(ts.tv_nsec);
+       header->engine_type = 0;
+       header->engine_id = 0;
+       header->pad = 0;
        header->flow_seq = htonl(atomic_fetchadd_32(&priv->flow_seq,
            header->count));
        header->count = htons(header->count);

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604250233.k3P2XBTM020876>