search

irino / softflowd

softflowd: A flow-based network traffic analyser capable of Cisco NetFlow data export software.
https://github.com/irino/softflowd
Other
162 stars 29 forks source link

No netflow traffic being sent from PFSense #38

Open nigelpatsmith opened 3 years ago

nigelpatsmith commented 3 years ago

Running softflowd on pfsense 21.02.2-RELEASE on a netgate SG-1100 is failing to send any netflow traffic and is producing a segfault - see below (i've redacted the IPs)

# /usr/local/bin/softflowd -D -P udp -i pppoe0 -n x.x.x.x:2055 -v 9 -T proto -A milli -p /var/run/softflowd.pppoe0.pid -c /var/run/softflowd.pppoe0.ctl
Using pppoe0 (idx: 0)
softflowd v1.0.0 starting data collection
Exporting flows to [x.x.x.x]:2055
ADD FLOW seq:1 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:2 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:1 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:3 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:4 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:1 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:5 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:6 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:7 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:8 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:9 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:10 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:11 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:12 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:13 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:14 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:15 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:16 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:17 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:18 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:19 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:20 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:21 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:58 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:22 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:23 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:24 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:25 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:26 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:27 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:28 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:29 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:30 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:31 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:32 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:33 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:34 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:35 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:36 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:37 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:38 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:39 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:40 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:41 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:42 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:43 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:44 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:17 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:45 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:46 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:47 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:48 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:49 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:50 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:51 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:52 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:53 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:54 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:55 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:56 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:57 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:58 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:59 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:60 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:61 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
ADD FLOW seq:62 [x.x.x.x]:0 <> [x.x.x.x]:0 proto:6 vlan>:0 vlan<:0  ether:00:00:00:00:00:00 <> 00:00:00:00:00:00
Starting expiry scan: mode 0
Queuing flow seq:11 (0x4027d370) for expiry reason 4
Finished scan 1 flow(s) to be evicted
Flow 2/0: r 0 offset 387 ie 0004 len 100(0x0064)
Segmentation fault (core dumped)

There's no netflow traffic being sent by the firewall, and hence no traffic being received by the collector.

I'm not sure where to go next in terms of digging into the problem - any suggestions?

FYI I had first raised this with netgate who suggested I follow up with the maintainer of the package - see issue reported here: https://redmine.pfsense.org/issues/10436 . There's a separate support ticket where I have just been told:

I checked with our development team on this issue. Unfortunately Netflow is a third party package that we only "wrap up" to provide to pfSense. As such, you will want to follow up with the package maintainer as there isn't much we can do here to provide assistance for this package as it is unsupported. The best place to communicate is via the redmine and directly with the maintainer of the package.

For a list of supported packages, you can refer to this KB: https://www.netgate.com/support/supported-pfsense-packages.html

natemccallum commented 3 years ago

I ran into a similar issue running this command: softflowd -i eth0 -n collector_host:2055 -L 3 -m 8192 -v 10 -P udp -D I never got flow to "collector_host" until I removed the -D. softflowd -i eth0 -n collector_host:2055 -L 3 -m 8192 -v 10 -P udp

Not sure if that is your issue but took me a bit to figure out so thought I'd share. Not sure about your core.

nigelpatsmith commented 3 years ago

@natemccallum : Interesting. I've tried it with and without and doesn’t seem to make a difference, except that i can't see debug output! Thanks anyway.