search

delian / node-netflowv9

NetFlow Version 9 library for Node.JS
GNU General Public License v2.0
42 stars 13 forks source link

Issues with packages from vyos #1

Closed kmpm closed 10 years ago

kmpm commented 10 years ago

I'm trying to get packages from a vyos (fork of vyatta) router but keep getting a crash on every packet.

e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:184
            if (nf.compileRule[0]) return nf.compileRule[len].toString().repla
                                                              ^
TypeError: Cannot call method 'toString' of undefined
    at compileStatement (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:184:63)
    at compileTemplate (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:199:36)
    at readTemplate (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:220:65)
    at nfPktDecode (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:235:22)
    at Socket.<anonymous> (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:258:17)
    at Socket.EventEmitter.emit (events.js:98:17)
    at UDP.onMessage (dgram.js:440:8)

Wireshark seems to be able to decode it. Sample frame as hex stream

3417eb9f1b1a001b2fb948490800450002089fdb40003f11dea2c0a8f0060a640054c0810bb801f45d6c000900070002549b53b289a200000001000000000000005c0400001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010038000600500006003a000200c90004003000010000005c0401001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010051000600390006003b000200c90004003000010000005c0800001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010038000600500006003a000200c90004003000010000005c0801001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010051000600390006003b000200c90004003000010001001a10000004000c000100040030000100310001003200041000000e000000000102000001f4040000400000209e0000209e0000002800000001040003000000000000000a640054c0004c0264aa0050001006001b2fb9484980ee7395562800000000000301

Packet without header and stuff. 

000900070002549b53b289a200000001000000000000005c0400001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010038000600500006003a000200c90004003000010000005c0401001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010051000600390006003b000200c90004003000010000005c0800001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010038000600500006003a000200c90004003000010000005c0801001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010051000600390006003b000200c90004003000010001001a10000004000c000100040030000100310001003200041000000e000000000102000001f4040000400000209e0000209e0000002800000001040003000000000000000a640054c0004c0264aa0050001006001b2fb9484980ee7395562800000000000301
kmpm commented 10 years ago

From my investigation it looks like an error in compileStatement when doing type 56

delian commented 10 years ago

I am happy that someone uses that package. Let me look at the packet, so I can see what the issue could be