Skip Menu |

This queue is for tickets about the Net-Flow CPAN distribution.

Report information
The Basics
Id: 55838
Status: resolved
Priority: 0/
Queue: Net-Flow
People
Owner: Nobody in particular
Requestors: acferen [...] yahoo.com
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: 0.04
Fixed in: (no value)

History Show all quoted text
  Tue Mar 23 09:47:12 2010 acferen [...] yahoo.com - Ticket created
Subject: Net::Flow::encode drops flows if encoding more than $MaxSize bytes
The attached script (a minor modification of the script in the documentation) should send 6 packets. These 6 packets should have a total of 256 flows (~45 each). Each flow should have an IP address in the range 10.1.15.0 - 10.1.15.255. One three packets are sent. packet 1 has IPs 10.1.15.0 - 10.1.15.43 # missing 44 - 88 packet 2 has IPs 10.1.15.89 - 10.1.15.133 # missing 134 - 178 packet 3 has IPs 10.1.15.179 - 10.1.15.223 # missing 224 - 255 module information $ perl -MNet::Flow -e 'print $Net::Flow::VERSION,$/' 0.04 I haven't tested older versions, but I'm pretty sure this bug isn't .04 specific.
Subject: netflow.pl
use strict; use Net::Flow qw(decode encode) ; use IO::Socket::INET ; use Socket; my $receive_port = 9995; my $send_port = 9996; my $ErrorsArrayRef; my $packet; my $TemplateRef; my $MyTemplateRef={ 'SetId' =>0, 'TemplateId' =>300, 'Template'=>[ { 'Length' => 4, 'Id' => 8 }, # SRC_ADDR { 'Length' => 4, 'Id' => 12 }, # DST_ADDR { 'Length' => 4, 'Id' => 2 }, # PKTS { 'Length' => 4, 'Id' => 1 }, # BYTES { 'Length' => 2, 'Id' => 7 }, # SRC_PORT { 'Length' => 2, 'Id' => 11 }, # DST_PORT { 'Length' => 1, 'Id' => 4 }, # PROT { 'Length' => 1, 'Id' => 5 }, # TOS { 'Length' => 4, 'Id' => 34 }, # SAMPLING_INT { 'Length' => 4, 'Id' => 35 }, # SAMPLING_ALG ], } ; my @MyTemplates = ( $MyTemplateRef ) ; my $EncodeHeaderHashRef = { 'SourceId' => 0, 'VersionNum' => 9, 'SequenceNum' => 0, } ; my $s_sock = IO::Socket::INET->new( PeerAddr => '127.0.0.1', PeerPort => $send_port, Proto => 'udp' ) ; my @flows; for (0..255){ #incorperate $_ into a few flows so we can see which flows get encoded. push @flows, { SetId=>300, 8=>inet_aton('10.1.15.'.$_), 12=>inet_aton('10.1.15.2'), 2=>pack('N',10+$_), 1=>pack('N',800+$_), 7=>pack('n',80), 11=>pack('n',4242), 4=>pack('C',6), 5=>pack('C',0), 34=>pack('N',1), 35=>pack('N',2), }; } for (1..1) { for my $FlowArrayRef ( [ @flows ] ) { my $PktsArrayRef = undef ; $EncodeHeaderHashRef->{SysUpTime} = $^T-time; $EncodeHeaderHashRef->{UnixSecs} = time; ( $EncodeHeaderHashRef, $PktsArrayRef, $ErrorsArrayRef) = Net::Flow::encode( $EncodeHeaderHashRef, \@MyTemplates, $FlowArrayRef, 1400, ); grep{ print "$_\n" }@{$ErrorsArrayRef} if( @{$ErrorsArrayRef} ) ; foreach my $Ref (@{$PktsArrayRef}){ $s_sock->send($$Ref) ; } } }
  Wed Apr 07 22:09:22 2010 dan [...] jumbuk.com - Correspondence added
From: dan [...] jumbuk.com
On Tue Mar 23 09:47:12 2010, acferen@yahoo.com wrote: Show quoted text
> The attached script (a minor modification of the script in the > documentation) should send 6 packets. These 6 packets should have a > total of 256 flows (~45 each). Each flow should have an IP address in > the range 10.1.15.0 - 10.1.15.255. > > One three packets are sent. > > packet 1 has IPs 10.1.15.0 - 10.1.15.43 > # missing 44 - 88 > packet 2 has IPs 10.1.15.89 - 10.1.15.133 > # missing 134 - 178 > packet 3 has IPs 10.1.15.179 - 10.1.15.223 > # missing 224 - 255
Hi, I can reproduce. Every second UDP packet gets dropped when sending to localhost on some systems unless there is a process listening on the appropriate port. Test by: - sending a single large packet by raising size of $MaxSize or - listening to port on local machine or - send packets to another host. This does not appear to be a Net::Flow issue. Dan dan@jumbuk.com Show quoted text
> module information > > $ perl -MNet::Flow -e 'print $Net::Flow::VERSION,$/' > 0.04 > > I haven't tested older versions, but I'm pretty sure this bug isn't
.04 Show quoted text
> specific.
  Wed Apr 07 22:09:23 2010 The RT System itself - Status changed from 'new' to 'open'
  Thu Feb 07 10:31:38 2013 ACFEREN [...] cpan.org - Correspondence added
Confirmed Dan's observation that this is not a Net::Flow issue. running nc -u -l 9996 >&- in a terminal on the localhost to listen resolves the issue and all packets are sent successfully. If no one is listening it doesn't really matter if packets are not sent.
  Thu Feb 07 10:31:39 2013 ACFEREN [...] cpan.org - Status changed from 'open' to 'resolved'