Bug #10436
softflowd no longer sends flow data after upgrade (v0.9.9_1 -> v1.0.0)
0%
Description
Hi, after upgrading pfsense from v2.4.4_3 -> v2.4.5 (which included an upgrade of softflowd from v0.9.9_1 -> v1.0), softflowd no longer sends flows to receiver. Running softflowd with -D produces debug output of adding flows, but the netflow receiver never receives data. I've confirmed this with tcpdump on the source netgate device and destination netflow receiver - softflowd isn't generating reporting packets on the wire.
History
#1
Updated by Manuel Piovan 7 months ago
Updated by me too
can you try with the flag -P udp from console and report back?
example /usr/local/bin/softflowd -D -i 1:vmx1 -n 192.168.10.202:2055 -v 5 -T ether -A sec -p /var/run/softflowd.vmx1.pid -c /var/run/softflowd.vmx1.ctl -P udp
-P udp|tcp|sctp Specify transport layer protocol for exporting packets#2
Updated by Mark Hassman 7 months ago
Updated by Manuel Piovan wrote:
me too
can you try with the flag -P udp from console and report back?
example /usr/local/bin/softflowd -D -i 1:vmx1 -n 192.168.10.202:2055 -v 5 -T ether -A sec -p /var/run/softflowd.vmx1.pid -c /var/run/softflowd.vmx1.ctl -P udp-P udp|tcp|sctp Specify transport layer protocol for exporting packets
Hi Manuel, unfortunately, no change - still zero netflow packets sent to receiver:
/usr/local/bin/softflowd -i 1:mvneta1 -n 192.168.x.x:9995 -v 9 -T full -A sec -p /var/run/softflowd.mvneta1.pid -c /var/run/softflowd.mvneta1.ctl -P udp
I also noticed after a day of running, softflowd processes are dying. I run softflow on 3 vlans - checked today, only one was still active. So, decided to run it for longer duration in debug mode: -D:
...
ADD FLOW seq:300 [192.168.x.x]:161 <> [192.168.x.x]:56916 proto:17 vlan>:0 vlan<:0 ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:301 [192.168.x.x]:161 <> [192.168.x.x]:56917 proto:17 vlan>:0 vlan<:0 ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:302 [192.168.x.x]:37596 <> [x.x.x.x]:993 proto:6 vlan>:0 vlan<:0 ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
Starting expiry scan: mode 0
Queuing flow seq:6 (0x206a0640) for expiry reason 2
Queuing flow seq:21 (0x206a10e0) for expiry reason 2
Queuing flow seq:43 (0x206aed20) for expiry reason 2
Queuing flow seq:44 (0x206aec80) for expiry reason 2
Queuing flow seq:46 (0x206aeb40) for expiry reason 2
Queuing flow seq:47 (0x206aeaa0) for expiry reason 2
Queuing flow seq:48 (0x206aea00) for expiry reason 2
Queuing flow seq:49 (0x206ae960) for expiry reason 2
Queuing flow seq:50 (0x206ae8c0) for expiry reason 2
Queuing flow seq:52 (0x206ae780) for expiry reason 2
Queuing flow seq:77 (0x206c1fe0) for expiry reason 2
Queuing flow seq:78 (0x206c1f40) for expiry reason 2
Queuing flow seq:79 (0x206c1ea0) for expiry reason 2
Queuing flow seq:82 (0x206c1cc0) for expiry reason 2
Queuing flow seq:83 (0x206c1c20) for expiry reason 2
Queuing flow seq:84 (0x206c1b80) for expiry reason 2
Queuing flow seq:86 (0x206c1a40) for expiry reason 2
Queuing flow seq:87 (0x206c19a0) for expiry reason 2
Queuing flow seq:89 (0x206c1860) for expiry reason 2
Finished scan 19 flow(s) to be evicted
Flow 2/0: r 0 offset 371 ie 0004 len 84(0x0054)
Flow 2/1: r 0 offset 451 ie 0004 len 164(0x00a4)
Flow 2/2: r 0 offset 531 ie 0004 len 244(0x00f4)
Flow 2/3: r 0 offset 611 ie 0004 len 324(0x0144)
Flow 2/4: r 0 offset 691 ie 0004 len 404(0x0194)
Flow 2/5: r 0 offset 771 ie 0004 len 484(0x01e4)
Flow 2/6: r 0 offset 851 ie 0004 len 564(0x0234)
Flow 2/7: r 0 offset 931 ie 0004 len 644(0x0284)
Flow 2/8: r 0 offset 1011 ie 0004 len 724(0x02d4)
Flow 2/9: r 0 offset 1091 ie 0004 len 804(0x0324)
Flow 2/10: r 0 offset 1171 ie 0004 len 884(0x0374)
Flow 2/11: r 0 offset 1251 ie 0004 len 964(0x03c4)
Flow 2/12: r 0 offset 1331 ie 0004 len 1044(0x0414)
Flow 2/13: r 0 offset 1411 ie 0004 len 1124(0x0464)
Segmentation fault (core dumped)
#3
Updated by Chris Norris 2 months ago
Updated by Mark Hassman wrote:
Hi, after upgrading pfsense from v2.4.4_3 -> v2.4.5 (which included an upgrade of softflowd from v0.9.9_1 -> v1.0), softflowd no longer sends flows to receiver. Running softflowd with -D produces debug output of adding flows, but the netflow receiver never receives data. I've confirmed this with tcpdump on the source netgate device and destination netflow receiver - softflowd isn't generating reporting packets on the wire.
Same issue for me. Packet capture shows no Netflow packets being sent by the firewall.