Skip Menu |

This queue is for tickets about the Net-Flow CPAN distribution.

Report information
The Basics
Id: 56302
Status: resolved
Priority: 0/
Queue: Net-Flow
People
Owner: Nobody in particular
Requestors: acferen [...] yahoo.com
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 0.04
Fixed in: (no value)

History Show all quoted text
  Mon Apr 05 14:33:08 2010 acferen [...] yahoo.com - Ticket created
Subject: Sequence Numbers wrong for NetFlow version 9
Sequence Number Incremental sequence counter of all Export Packets sent from the current Observation Domain by the Exporter. This value MUST be cumulative, and SHOULD be used by the Collector to identify whether any Export Packets have been missed. --RFC 3954 Using the attached test script this module sends three packets with sequence numbers 0, 3, 10. Some of the gaps between between sequence numbers may be explained by Bug #55838. I Bug #55838 where the entire problem I'd expect 0, 2, 4. In addition to the missing sequence numbers the sequence number should be inclusive of the current packet. This means that the first sequence number should be 1.
Subject: netflow.pl
use strict; use Net::Flow qw(decode encode) ; use IO::Socket::INET ; use Socket; use Data::Dumper; my $receive_port = 9995; my $send_port = 9996; my $ErrorsArrayRef; my $packet; my $TemplateRef; sub flow_ver() {9} # 9 or 10 sub SetId() { flow_ver() == 9 ? 0 : 2 } my $MyTemplateRef={ SetId => SetId, TemplateId =>300, Template => [ { Length => 4, Id => 8 }, # SRC_ADDR { Length => 4, Id => 12 }, # DST_ADDR { Length => 4, Id => 2 }, # PKTS { Length => 4, Id => 1 }, # BYTES { Length => 2, Id => 7 }, # SRC_PORT { Length => 2, Id => 11 }, # DST_PORT { Length => 1, Id => 4 }, # PROT { Length => 1, Id => 5 }, # TOS { Length => 4, Id => 34 }, # SAMPLING_INT { Length => 4, Id => 35 }, # SAMPLING_ALG ], } ; my @MyTemplates = ( $MyTemplateRef ) ; warn Dumper(\@MyTemplates), "\n"; my $EncodeHeaderHashRef = { SourceId => 0, VersionNum => flow_ver, SequenceNum => 0, ObservationDomainId => 0, } ; my $s_sock = IO::Socket::INET->new( PeerAddr => '127.0.0.1', PeerPort => $send_port, Proto => 'udp' ) ; my @flows; for (0..255){ #incorporate $_ into a few flows so we can see which flows get encoded. push @flows, { SetId=>300, 8=>inet_aton('10.1.15.'.$_), 12=>inet_aton('10.1.15.2'), 2=>pack('N',10+$_), 1=>pack('N',800+$_), 7=>pack('n',80), 11=>pack('n',4242), 4=>pack('C',6), 5=>pack('C',0), 34=>pack('N',1), 35=>pack('N',2), }; } for (1..1) { for my $FlowArrayRef ( [ @flows ] ) { my $PktsArrayRef = undef ; $EncodeHeaderHashRef->{SysUpTime} = $^T-time; $EncodeHeaderHashRef->{UnixSecs} = time; warn Dumper($EncodeHeaderHashRef), "\n"; ( $EncodeHeaderHashRef, $PktsArrayRef, $ErrorsArrayRef) = Net::Flow::encode( $EncodeHeaderHashRef, \@MyTemplates, $FlowArrayRef, 1400, ); warn "=====================================\n"; warn Dumper($EncodeHeaderHashRef), "\n"; grep{ print "$_\n" }@{$ErrorsArrayRef} if( @{$ErrorsArrayRef} ) ; foreach my $Ref (@{$PktsArrayRef}){ $s_sock->send($$Ref) ; } } }
  Fri Apr 09 09:30:22 2010 acferen [...] yahoo.com - Correspondence added
From: acferen [...] yahoo.com
solution found (Thanks to Rudy Lippan). Patch attached.
  Fri Feb 08 16:16:17 2013 ACFEREN [...] cpan.org - Correspondence added
Resolved in Net::Flow 0.05
  Fri Feb 08 16:16:18 2013 The RT System itself - Status changed from 'new' to 'open'
  Fri Feb 08 16:16:18 2013 ACFEREN [...] cpan.org - Status changed from 'open' to 'resolved'