Ubuntu
ntop package

unknown flow_sample_element: 0:2048

Bug #1325122 reported by J Queiroz
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ntop (Ubuntu)
New
Undecided
Unassigned

Bug Description

When using NTOP's sflow plugin, samples of ethernet packets aren't properly processed.
All packets are registered as non-IP, and a message "unknown flow_sample_element: 0:2048" is generated for every sample.

I found that this is happening because the SFlow Datagram have the MAC Address registered as a 8 bytes, while code treats it as only 6 bytes.

Also, when debugging sflow plugin, mac addresses bytes are written as signed integers, instead of unsigned char.

I suggest that sflow code (plugins/sflowplugin.c) to be changed this way:

---------------------
< if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "dstMAC %02x%02x%02x%02x%02x%02x\n", ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5]);
---
> if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "dstMAC %02hhx%02hhx%02hhx%02hhx%02hhx%02hhx\n", ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5]);
1613c1613
< if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "srcMAC %02x%02x%02x%02x%02x%02x\n", ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5]);
---
> if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "srcMAC %02hhx%02hhx%02hhx%02hhx%02hhx%02hhx\n", ptr[0], ptr[1], ptr[2], ptr[3], ptr[4], ptr[5]);
1881c1881
< sprintf(buf, "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x",
---
> sprintf(buf, "%02hx%02hx:%02hx%02hx:%02hx%02hx:%02hx%02hx:%02hx%02hx:%02hx%02hx:%02hx%02hx:%02hx%02hx",
2371c2371
< skipBytes(sample, 6);
---
> skipBytes(sample, 8);
2373c2373
< skipBytes(sample, 6);
---
> skipBytes(sample, 8);
2378c2378
< if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "ethernet_src %02x%02x%02x%02x%02x%02x\n", p[0], p[1], p[2], p[3], p[4], p[5]);
---
> if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "ethernet_src %02hhx%02hhx%02hhx%02hhx%02hhx%02hhx\n", p[0], p[1], p[2], p[3], p[4], p[5]);
2380c2380
< if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "ethernet_dst %02x%02x%02x%02x%02x%02x\n", p[0], p[1], p[2], p[3], p[4], p[5]);
---
> if(SFLOW_DEBUG(deviceId)) traceEvent(CONST_TRACE_INFO, "ethernet_dst %02hhx%02hhx%02hhx%02hhx%02hhx%02hhx\n", p[0], p[1], p[2], p[3], p[4], p[5]);
----------------------

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.