From nobody@FreeBSD.org  Tue Apr 25 02:33:12 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 72DE216A400
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 25 Apr 2006 02:33:12 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3F37743D46
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 25 Apr 2006 02:33:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k3P2XB6k020877
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 25 Apr 2006 02:33:11 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k3P2XBTM020876;
	Tue, 25 Apr 2006 02:33:11 GMT
	(envelope-from nobody)
Message-Id: <200604250233.k3P2XBTM020876@www.freebsd.org>
Date: Tue, 25 Apr 2006 02:33:11 GMT
From: David Duchscher <daved@tamu.edu>
To: freebsd-gnats-submit@FreeBSD.org
Subject: netgraph netflow module sends random data header fields.
X-Send-Pr-Version: www-2.3

>Number:         96296
>Category:       kern
>Synopsis:       [netgraph] [patch] netgraph netflow module sends random data header fields.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    maxim
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 25 02:40:15 GMT 2006
>Closed-Date:    Mon May 01 20:19:10 GMT 2006
>Last-Modified:  Mon May 01 20:19:10 GMT 2006
>Originator:     David Duchscher
>Release:        FreeBSD 6.1-RC
>Organization:
Texas A&M University
>Environment:
FreeBSD dns1.net.tamu.edu 6.1-RC FreeBSD 6.1-RC #1: Mon Apr 24 20:52:10 CDT 2006     root@dns1.net.tamu.edu:/data/usr/obj/data/usr/src/sys/CUSTOM  i386

>Description:
The netgraph netflow module does not fill in the engine type, engine id, or
pad fields in the netflow version 5 packet header.  This means that random
data is sent in these fields.  It also seems that that padding has meaning
now to some netflow clients.  Ethereal shows it as Sampling Mode and
Sampling Rate.  This random data may cause some tools to report numbers
that wrong.  In my case, flow-tools showed flows being loss when none really
were.
>How-To-Repeat:
Set up netgraph netflow to localhost and capture the flow with flow-tools.
Use flow-header to see that lost flows are reported.
>Fix:
Doesn't seem to be a good to send random data in packet fields so here is
a patch that zeroes the engine type, engine id, and padding.

--- /sys/netgraph/netflow/netflow.c.orig        Sat Jan 21 04:09:18 2006
+++ /sys/netgraph/netflow/netflow.c     Mon Apr 24 21:29:53 2006
@@ -621,6 +621,9 @@
        getnanotime(&ts);
        header->unix_secs  = htonl(ts.tv_sec);
        header->unix_nsecs = htonl(ts.tv_nsec);
+       header->engine_type = 0;
+       header->engine_id = 0;
+       header->pad = 0;
        header->flow_seq = htonl(atomic_fetchadd_32(&priv->flow_seq,
            header->count));
        header->count = htons(header->count);

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->glebius 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Tue Apr 25 06:50:51 UTC 2006 
Responsible-Changed-Why:  
Over to the author. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=96296 

From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Maxim Konovalov <maxim@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/96296: netgraph netflow module sends random data header fields.
Date: Tue, 25 Apr 2006 23:01:42 +0400

 On Tue, Apr 25, 2006 at 06:51:12AM +0000, Maxim Konovalov wrote:
 M> Synopsis: netgraph netflow module sends random data header fields.
 M> 
 M> Responsible-Changed-From-To: freebsd-bugs->glebius
 M> Responsible-Changed-By: maxim
 M> Responsible-Changed-When: Tue Apr 25 06:50:51 UTC 2006
 M> Responsible-Changed-Why: 
 M> Over to the author.
 
 I am now on my way to vacation and have only notebook-on-my-knees
 internet access via GPRS. The patch looks correct to me.
 
  Maxim, can you please handle this PR it and may be even merge 
 fix before release?
 
 -- 
 Totus tuus, Glebius.
 GLEBIUS-RIPN GLEB-RIPE
State-Changed-From-To: open->patched 
State-Changed-By: maxim 
State-Changed-When: Tue Apr 25 20:02:18 UTC 2006 
State-Changed-Why:  
Committed to HEAD.  Thanks for the patch! 


Responsible-Changed-From-To: glebius->maxim 
Responsible-Changed-By: maxim 
Responsible-Changed-When: Tue Apr 25 20:02:18 UTC 2006 
Responsible-Changed-Why:  
MFC reminder. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=96296 
State-Changed-From-To: patched->closed 
State-Changed-By: maxim 
State-Changed-When: Mon May 1 20:18:49 UTC 2006 
State-Changed-Why:  
MFC'ed to RELENG_6 and RELENG_6_1. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=96296 
>Unformatted:
