Skip Menu |

This queue is for tickets about the Net-Flow CPAN distribution.

Report information
The Basics
Id: 56300
Status: resolved
Priority: 0/
Queue: Net-Flow
People
Owner: Nobody in particular
Requestors: acferen [...] yahoo.com
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 0.04
Fixed in: (no value)

History Show all quoted text
  Mon Apr 05 13:56:30 2010 acferen [...] yahoo.com - Ticket created
Subject: Sequence Numbers wrong for IPFIX
For IPFIX over UDP the sequence number should be "the total number of IPFIX Data Records sent for the UDP Transport Session prior to the receipt of this IPFIX Message, modulo 2^32." --RFC 5101 section 10.3.2 The current implementation uses the total number of data records "inclusive" of the current IPFIX message. It also looks like sequence numbers are skipped, but I suspect this is a result of Bug #55838.
Subject: netflow.pl
use strict; use Net::Flow qw(decode encode) ; use IO::Socket::INET ; use Socket; use Data::Dumper; my $receive_port = 9995; my $send_port = 9996; my $ErrorsArrayRef; my $packet; my $TemplateRef; sub flow_ver() {10} # 9 or 10 sub SetId() { flow_ver() == 9 ? 0 : 2 } my $MyTemplateRef={ SetId => SetId, TemplateId =>300, Template => [ { Length => 4, Id => 8 }, # SRC_ADDR { Length => 4, Id => 12 }, # DST_ADDR { Length => 4, Id => 2 }, # PKTS { Length => 4, Id => 1 }, # BYTES { Length => 2, Id => 7 }, # SRC_PORT { Length => 2, Id => 11 }, # DST_PORT { Length => 1, Id => 4 }, # PROT { Length => 1, Id => 5 }, # TOS { Length => 4, Id => 34 }, # SAMPLING_INT { Length => 4, Id => 35 }, # SAMPLING_ALG ], } ; my @MyTemplates = ( $MyTemplateRef ) ; warn Dumper(\@MyTemplates), "\n"; my $EncodeHeaderHashRef = { SourceId => 0, VersionNum => flow_ver, SequenceNum => 0, ObservationDomainId => 0, } ; my $s_sock = IO::Socket::INET->new( PeerAddr => '127.0.0.1', PeerPort => $send_port, Proto => 'udp' ) ; my @flows; for (0..255){ #incorporate $_ into a few flows so we can see which flows get encoded. push @flows, { SetId=>300, 8=>inet_aton('10.1.15.'.$_), 12=>inet_aton('10.1.15.2'), 2=>pack('N',10+$_), 1=>pack('N',800+$_), 7=>pack('n',80), 11=>pack('n',4242), 4=>pack('C',6), 5=>pack('C',0), 34=>pack('N',1), 35=>pack('N',2), }; } for (1..1) { for my $FlowArrayRef ( [ @flows ] ) { my $PktsArrayRef = undef ; $EncodeHeaderHashRef->{SysUpTime} = $^T-time; $EncodeHeaderHashRef->{UnixSecs} = time; warn Dumper($EncodeHeaderHashRef), "\n"; ( $EncodeHeaderHashRef, $PktsArrayRef, $ErrorsArrayRef) = Net::Flow::encode( $EncodeHeaderHashRef, \@MyTemplates, $FlowArrayRef, 1400, ); warn "=====================================\n"; warn Dumper($EncodeHeaderHashRef), "\n"; grep{ print "$_\n" }@{$ErrorsArrayRef} if( @{$ErrorsArrayRef} ) ; foreach my $Ref (@{$PktsArrayRef}){ $s_sock->send($$Ref) ; } } }
  Fri Apr 09 09:32:47 2010 acferen [...] yahoo.com - Correspondence added
From: acferen [...] yahoo.com
Problem resolved. Patch attached.
Subject: Flow_IPFIX.patch
*** Flow.pm 2010-04-09 09:13:31.096277885 -0400 --- Flow.IPFIX_fixed 2010-04-09 09:17:23.906257368 -0400 *************** *** 398,405 **** }elsif( $HeaderRef->{VersionNum} == IPFIX ){ - $HeaderRef->{SequenceNum} += $$DataCountRef ; - $Payload = pack( "nnNNN", --- 398,403 ---- *************** *** 410,415 **** --- 408,417 ---- $HeaderRef->{ObservationDomainId} ) . $Payload ; + $HeaderRef->{SequenceNum} = + ($HeaderRef->{SequenceNum} + $$DataCountRef) % 0xFFFFFFFF; + + } return(
  Fri Feb 08 16:17:15 2013 ACFEREN [...] cpan.org - Correspondence added
Resolved in Net::Flow 0.05
  Fri Feb 08 16:17:16 2013 The RT System itself - Status changed from 'new' to 'open'
  Fri Feb 08 16:17:16 2013 ACFEREN [...] cpan.org - Status changed from 'open' to 'resolved'