mikemiles-dev
commented
8 months ago Can you gives me an example packet?
Closed karel-un closed 8 months ago
mikemiles-dev
commented
8 months ago Can you gives me an example packet?
karel-un
commented
8 months ago Finding example packet would be a little problematic for me because template packet which results in template without fields can be parsed many packets before infinite loop is hit. But I could create new NetFlow target in Mikrotik to send data directly to you, if you would like to.
Anyway I fixed it by adding following code BEFORE this line: https://github.com/mikemiles-dev/netflow_parser/blob/ad41358d0c21eeaf3c997dd8f90070a9d35412d6/src/variable_versions/ipfix.rs#L223
if template.get_fields().len() == 0 {
dbg!("Template without fields!");
return Err(NomErr::Error(NomError::new(i, ErrorKind::Fail)));
};Template without fields is not used and returns the same error as if there would be no template. I am not sure if this is right fix but I am running daemon without error for about half an hour now. Before that it failed in few minutes max.
Probably related to wrong template Mikrotik sends I described in #27. If there are no fields in template, while loop is going indefinitely:
https://github.com/mikemiles-dev/netflow_parser/blob/ad41358d0c21eeaf3c997dd8f90070a9d35412d6/src/variable_versions/ipfix.rs#L225 https://github.com/mikemiles-dev/netflow_parser/blob/ad41358d0c21eeaf3c997dd8f90070a9d35412d6/src/variable_versions/ipfix.rs#L227
I tried to fix this by detecting loop cycles and "take" remaining.len() if fieldless template is hit to stop parsing remaining data from packet, but no other packets are then processed so I am lost.