git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
softflowd
1
0
Fork 0
Files
Browse Source

Fix broken flow aggregation

Christoph Biedl 5 years ago
parent
be620a04b6
commit
2441d9fc91
2 changed files with 69 additions and 0 deletions
Split View Show Diff Stats
  1. 68 0
      debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch
  2. 1 0
      debian/patches/series

+ 68 - 0
debian/patches/cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch
View File 

@@ -0,0 +1,68 @@
 
+Subject: [ Add option "-a" for reading pcap file and ] fix some bugs
 
+Origin: softflowd-0.9.9-22-ge6d29a1 <https://github.com/irino/softflowd/commit/e6d29a1>
 
+Upstream-Author: Hitoshi Irino <irino@sfc.wide.ad.jp>
 
+Date: Sun May 26 23:00:41 2019 +0900
 
+Comment: Fixes a regression introduced in buster: The flow aggregation
 
+ is broken, causing a new flow to generated for virtually each packet.
 
+ If the daemon sees a lot of traffic, the flow table might overflow,
 
+ resulting in forced expiration and 100% CPU usage.
 
+ .
 
+ Thanks Johanna Jerzembeck for reporting and testing.
 
+
 
+    - fix flow_compare for comparing vlan and ether
 
+    [ - fix missing sequence in netflow v9 ]
 
+
 
+
 
+--- a/softflowd.c
 
++++ b/softflowd.c
 
+@@ -55,6 +55,8 @@
 
+ static int verbose_flag = 0;		/* Debugging flag */
 
+ static u_int16_t if_index = 0;		/* "manual" interface index */
 
+ 
++static int track_level;
 
++
 
+ /* Signal handler flags */
 
+ static volatile sig_atomic_t graceful_shutdown_request = 0;	
+ 
+@@ -144,15 +146,21 @@
 
+ {
 
+ 	/* Be careful to avoid signed vs unsigned issues here */
 
+ 	int r;
 
++	if (track_level == TRACK_FULL_VLAN || track_level == TRACK_FULL_VLAN_ETHER) {
 
++		if (a->vlanid[0] != b->vlanid[0])
 
++			return (a->vlanid[0] > b->vlanid[0] ? 1 : -1);
 
++
 
++		if (a->vlanid[1] != b->vlanid[1])
 
++			return (a->vlanid[1] > b->vlanid[1] ? 1 : -1);
 
++        }
 
+ 
+-	if (a->vlanid != b->vlanid)
 
+-		return (a->vlanid > b->vlanid ? 1 : -1);
 
+-
 
++	if (track_level == TRACK_FULL_VLAN_ETHER) {
 
+ 	if ((r = memcmp(&a->ethermac[0], &b->ethermac[0], 6)) != 0)
 
+ 		return (r > 0 ? 1 : -1);
 
+ 
+ 	if ((r = memcmp(&a->ethermac[1], &b->ethermac[1], 6)) != 0)
 
+ 		return (r > 0 ? 1 : -1);
 
++	}
 
+ 
+ 	if (a->af != b->af)
 
+ 		return (a->af > b->af ? 1 : -1);
 
+@@ -1526,7 +1534,7 @@
 
+ 
+ 	ft->param.max_flows = DEFAULT_MAX_FLOWS;
 
+ 
+-	ft->param.track_level = TRACK_FULL;
 
++	track_level = ft->param.track_level = TRACK_FULL;
 
+ 
+ 	ft->param.tcp_timeout = DEFAULT_TCP_TIMEOUT;
 
+ 	ft->param.tcp_rst_timeout = DEFAULT_TCP_RST_TIMEOUT;
 
+@@ -1882,6 +1890,7 @@
 
+ 				usage();
 
+ 				exit(1);
 
+ 			}
 
++			track_level = flowtrack.param.track_level;
 
+ 			break;
 
+ 		case 'L':
 
+ 			hoplimit = atoi(optarg);

+ 1 - 0
debian/patches/series
View File 

@@ -14,3 +14,4 @@ cherry-pick.softflowd-0.9.9-12-g8ea92c3.new-implementation-of-ipfix-netflow-v9-f
 
 cherry-pick.softflowd-0.9.9-13-g49c039a.added-define-default-source-line-to-avoid-warning-in-linux.patch
 
 cherry-pick.softflowd-0.9.9-14-g8a47e87.adding-current-repository-information-in-readme.patch
 
 cherry-pick.softflowd-0.9.9-16-gbbd0685.add-check-of-the-length-of-string-for-i-interface-option.patch
 
+cherry-pick.softflowd-0.9.9-22-ge6d29a1.fix-some-bugs.patch