kern/98875: ng_netflow not send data to flow collector

Mon Jun 12 21:30:29 UTC 2006

>Number:         98875
>Category:       kern
>Synopsis:       ng_netflow not send data to flow collector
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 12 21:30:26 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Igor Russian
>Release:        6.1-RELEASE
>Organization:
Kaba Ltd
>Environment:
FreeBSD esm.com.ua 6.1-RELEASE FreeBSD 6.1-RELEASE #1: Sun Jun 11 11:12:58 EEST
2006     root at esm.com.ua:/usr/src/sys/i386/compile/ESM  i386
>Description:
ng_netflow config:

/usr/sbin/ngctl -f- <<-SEQ
 mkpeer vlan0: tee lower right
 connect vlan0: vlan0:lower upper left
 mkpeer vlan0:lower netflow right2left iface0
 name vlan0:lower.right2left netflow
 msg netflow: setifindex { iface=0 index=4 }

 mkpeer vlan23: tee lower right
 connect vlan23: vlan23:lower upper left
 connect netflow: vlan23:lower iface1 right2left
 msg netflow: setifindex { iface=1 index=15 }

 mkpeer netflow: ksocket export inet/dgram/udp
 msg netflow:export connect inet/127.0.0.1:9996
SEQ

Result of run command 'flowctl netflow show':
root at esm [4:22] /var/db/flows #flowctl netflow show
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
lo0           192.168.0.253   vlan0         192.168.0.254   17 e2ef 0035      6
lo0           192.168.0.253   vlan0         192.168.0.254    6 0016 ce2a     15
lo0           192.168.0.55    vlan0         192.168.0.255   17 0089 0089     12
lo0           192.168.0.253   vlan23        194.87.0.50      1 0000 0000      6

Flow collector:

root at esm [0:21] /root #pkg_info | grep flow
flow-tools-0.68_1   Suite of tools and library to work with netflow data

Check running collector:
root at esm [4:23] /var/db/flows #ps axww | grep flow
 2349  ??  Ss     0:00,01 /usr/local/bin/flow-capture -p /var/run/flow-capture.pid -w /var/db/flows -S5 -E5G 127.0.0.1/0/9996

But data on a collector do not get.

>How-To-Repeat:

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: