From 51c9228f964268baac7a3f7ee6d4282b7b9d8e3c Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Tue, 12 May 2009 10:44:36 -0700 Subject: [PATCH] Only send NetFlow notifications for IP traffic. NetFlow only supports exporting information about IP. We were sending a notification for any flow that expired, which included non-IP packets. This would generate NetFlow messages with nearly all fields set to zero. Now, we only send NetFlow for packets that are IP. (Bug #1256) --- secchan/netflow.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/secchan/netflow.c b/secchan/netflow.c index 99285a0e..7c16facb 100644 --- a/secchan/netflow.c +++ b/secchan/netflow.c @@ -178,6 +178,11 @@ netflow_expire(struct netflow *nf, const struct ofexpired *expired) struct netflow_v5_record *nf_rec; struct timeval now; + /* NetFlow only reports on IP packets. */ + if (expired->flow.dl_type != htons(ETH_TYPE_IP)) { + return; + } + time_timeval(&now); if (!nf->packet.size) { -- 2.30.2