Project

General

Profile

Actions
Copy link

Bug #14566

open

Softlflowd package don't send ICMP flows

Added by Yuran Yastreb 10 months ago. Updated 3 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
softflowd
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.7.0
Affected Plus Version:
Affected Architecture:
amd64

Description

I am using the softflowd package v.1.2.6_1 on pfsense v.2.7.0
Apparently icmp traffic is not sent from the sensor to the collector.
Here are the statistics on the interface:

[2.7.0-RELEASE][root@router.yyv83]/root: softflowctl -c /var/run/softflowd.re1.ctl statistics
softflowd[92673]: Accumulated statistics since 2023-07-10T19:06:54 UTC:
Number of active flows: 1406
Packets processed: 79136
Fragments: 0
Ignored packets: 100 (100 non-IP, 0 too short)
Flows expired: 3583 (0 forced)
Flows exported: 3583 (7023 records) in 334 packets (0 failures)
Packets received by libpcap: 81048
Packets dropped by libpcap: 0
Packets dropped by interface: 0

Expired flow statistics:  minimum       average       maximum
  Flow bytes:                 117         10013      16742857
  Flow packets:                 1            13         14553
  Duration:                  0.00s         7.80s       618.57s

Expired flow reasons:
       tcp =         0   tcp.rst =       288   tcp.fin =        34
       udp =      3255      icmp =         6   general =         0
   maxlife =         0
over 2 GiB =         0
  maxflows =         0
   flushed =         0

Per-protocol statistics:     Octets      Packets   Avg Life    Max Life
           icmp (1):           1440           24       3.01s       3.01s
            tcp (6):        3700956        11783      36.93s     618.57s
           udp (17):       32173091        36093       4.93s     348.47s

Apparently, the problem is reproduced by other users as well: https://github.com/irino/softflowd/issues/42

Actions
Copy link
 #1

Updated by Lev Prokofev 3 months ago

  • Status changed from New to Confirmed

I can confirm this behavior, package ver. v.1.2.6_1 tested on

23.09.1-RELEASE (amd64)
built on Wed Dec 20 21:27:00 MSK 2023
FreeBSD 14.0-CURRENT

It doesn't send ICMP flows on Netflow ver 5,9,10(IPFIX), statistics exists but no ICMP data in the captured packets(decode CFLOW in Wireshark for Netflow 5,9)

[23.09.1-RELEASE][root@pfSense.georgia.arpa]/root: softflowctl -c /var/run/softflowd.ix0.ctl statistics
softflowd[34739]: Accumulated statistics since 2024-01-20T07:25:25 UTC:
Number of active flows: 245
Packets processed: 38760
Fragments: 0
Ignored packets: 6 (6 non-IP, 0 too short)
Flows expired: 441 (0 forced)
Flows exported: 865 (865 records) in 39 packets (0 failures)
Packets received by libpcap: 42388
Packets dropped by libpcap: 0
Packets dropped by interface: 0

Expired flow statistics:  minimum       average       maximum
  Flow bytes:                 117         26254       5089464
  Flow packets:                 2            42          4722
  Duration:                  0.00s        39.82s       859.09s

Expired flow reasons:
       tcp =         0   tcp.rst =        78   tcp.fin =       252
       udp =       109      icmp =         2   general =         0
   maxlife =         0
over 2 GiB =         0
  maxflows =         0
   flushed =         0

Per-protocol statistics:     Octets      Packets   Avg Life    Max Life
           icmp (1):          17400          290     145.81s     145.81s
            tcp (6):       11494324        17827      51.23s     859.09s
           udp (17):          66221          371       3.35s     100.08s
Actions
Copy link

Also available in: Atom PDF