search

pavel-odintsov / fastnetmon

FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
https://fastnetmon.com
GNU General Public License v2.0
3.39k stars 561 forks source link

hsfowd on Cumulus: compatibility issues with raw IPv4 packets without Ethernet header #776

Closed csszep closed 4 years ago

csszep commented 4 years ago

Hi!

I'm sending sflow v5 from Cumulus switch to fastnetmon. Cumulus use the hsflowd daemon.

The fastnetmon_cli shows 0 bytes/pps etc

I get the following log :

2019-09-30 11:50:34,335 [INFO] Logger initialized! 2019-09-30 11:50:34,343 [INFO] Read configuration file 2019-09-30 11:50:34,343 [INFO] We loaded 0 networks from whitelist file 2019-09-30 11:50:34,343 [INFO] We are working on Linux and could use ip tool for detecting local IP's 2019-09-30 11:50:34,349 [INFO] We found 1 local IP addresses and will monitor they 2019-09-30 11:50:34,349 [INFO] We loaded 2 networks from networks file 2019-09-30 11:50:34,349 [INFO] Totally we have 3 IPv4 subnets 2019-09-30 11:50:34,349 [INFO] Totally we have 0 IPv6 subnets 2019-09-30 11:50:34,349 [INFO] Total number of monitored hosts (total size of all networks): 513 2019-09-30 11:50:34,349 [INFO] We need 0 MB of memory for storing counters for your networks 2019-09-30 11:50:34,349 [INFO] I will allocate 256 records for subnet 1073081 cidr mask: 24 2019-09-30 11:50:34,349 [INFO] I will allocate 256 records for subnet 1138617 cidr mask: 24 2019-09-30 11:50:34,349 [INFO] I will allocate 1 records for subnet 3425413312 cidr mask: 32 2019-09-30 11:50:34,349 [INFO] We start total zerofication of counters 2019-09-30 11:50:34,349 [INFO] We finished zerofication 2019-09-30 11:50:34,349 [INFO] We loaded 3 IPv4 subnets to our in-memory list of networks 2019-09-30 11:50:34,350 [INFO] Run banlist cleanup thread, we will awake every 60 seconds 2019-09-30 11:50:34,350 [INFO] sflow: plugin started 2019-09-30 11:50:34,350 [INFO] sflow: We will listen on 1 ports 2019-09-30 11:50:34,350 [INFO] netflow plugin started 2019-09-30 11:50:34,350 [INFO] Using custom sampling ratio for netflow: 1 2019-09-30 11:50:34,350 [INFO] netflow: We will listen on 1 ports 2019-09-30 11:50:34,350 [INFO] sflow: plugin will listen on 0.0.0.0:6344 udp port 2019-09-30 11:50:34,350 [INFO] netflow plugin will listen on 0.0.0.0:2056 udp port 2019-09-30 12:01:09,600 [ERROR] sflow: not supported protocol: 0 2019-09-30 12:01:10,545 [ERROR] sflow: not supported protocol: 0 2019-09-30 12:01:28,488 [ERROR] sflow: not supported protocol: 0 2019-09-30 12:02:21,951 [ERROR] sflow: not supported protocol: 0 2019-09-30 12:02:23,084 [ERROR] sflow: not supported protocol: 0 2019-09-30 12:03:33,881 [ERROR] sflow: not supported protocol: 11

Fastnetmon version 1.1.4 community

pavel-odintsov commented 4 years ago

Hello!

Can you share pcap collected for 5 minutes?

We had detailed testing for hsflowd and it worked fine.

pavel-odintsov commented 4 years ago

I checked issue in details and these errors looks harmless: https://github.com/pavel-odintsov/fastnetmon/blob/f527101e6248a17faf5693b428ac3b862994072c/src/sflow_plugin/sflow_collector.cpp#L658

Do you see traffic counters?

csszep commented 4 years ago

Hi!

I sent a pcap file for you privately to pavel.odintsov@gmail.com.

csszep commented 4 years ago

Cumulus has a bug id for this, so in fastnetmon side there is nothing to do.

https://docs.cumulusnetworks.com/cumulus-linux-37/Whats-New/rn/#CM-28212