From d83d6bbc3d9972c5adcc6c87df9f1b54b3a48e1d Mon Sep 17 00:00:00 2001 From: Jesse Gross Date: Mon, 5 Oct 2009 13:25:19 -0700 Subject: [PATCH] netflow: Increase maximum number of NetFlow records to 30. NetFlow v5 allows up to 30 records per packet but we were incorrectly limiting to 29. This corrects that and also uses the count of the number of records in the header rather than the packet size since it is easier to reason about. Bug #2103 --- secchan/netflow.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/secchan/netflow.c b/secchan/netflow.c index 7dd2e043..7912b4b8 100644 --- a/secchan/netflow.c +++ b/secchan/netflow.c @@ -221,9 +221,8 @@ netflow_expire(struct netflow *nf, const struct ofexpired *expired) nf_rec->ip_proto = expired->flow.nw_proto; nf_rec->ip_tos = expired->ip_tos; - /* NetFlow messages are limited to 30 records. A length of 1400 - * bytes guarantees that the limit is not exceeded. */ - if (nf->packet.size >= 1400) { + /* NetFlow messages are limited to 30 records. */ + if (ntohs(nf_hdr->count) >= 30) { netflow_run(nf); } } -- 2.30.2