netflow: Report largest possible value when counters exceed 32 bits.

secchan tracks packets and bytes using 64-bit counters, but the
corresponding NetFlow v5 fields are only 32 bits wide.  Until now we would
just report the lower 32 bits on overflow; this commit changes the
behavior to reporting 0xffffffff instead.

Bug #1316.

diff --git a/secchan/netflow.c b/secchan/netflow.c
index 16abed943d09c14522be2a02cf84a5b4d23629c3..dc83a9b0454f7c3db7648be18d449dcc6494aae1 100644 (file)
--- a/secchan/netflow.c
+++ b/secchan/netflow.c
@@ -207,8 +207,8 @@ netflow_expire(struct netflow *nf, const struct ofexpired *expired)
     nf_rec->nexthop = htons(0);
     nf_rec->input = htons(expired->flow.in_port);
     nf_rec->output = htons(0);
-    nf_rec->packet_count = htonl(expired->packet_count);
-    nf_rec->byte_count = htonl(expired->byte_count);
+    nf_rec->packet_count = htonl(MIN(expired->packet_count, UINT32_MAX));
+    nf_rec->byte_count = htonl(MIN(expired->byte_count, UINT32_MAX));
     nf_rec->init_time = htonl(expired->created - nf->boot_time);
     nf_rec->used_time = htonl(MAX(expired->created, expired->used)
                              - nf->boot_time);