[ovs-discuss] Wrong start time in Netflow5 records with active-timeout expired sessions

[Lior Neudorfer]

Hi,

(reposting this from dev list...)

I'm seeing wrong behavior of Netflow5 records emitted by Open vSwitch
2.1.90.
The git commit number is 87972a8fcd0f339c7229a014edd4c75fd9c1356c.

I've configured my switch to export Netflow records with an active timeout
of 30 seconds.
I've then started a single, long TCP session flowing through the switch.

The first netflow record seems OK - after 30 seconds, I get the first
record describing the session and it's OK.
>From that moment on, Netflow records about the session seem incorrect - the
start_time field ("init_time" in openvswitch code) is consistently set to a
very large value (which is identical in all records). The expected value is
the original init_time of the session.

end_time is correct - it specifies the time in which the last packet from
the session was seen.

Netflow configuration is as follows:
$ ovs-vsctl list Netflow
_uuid               : 14b2a247-a97f-46fb-a19b-d04d4625e0a5
active_timeout      : 30
add_id_to_interface : false
engine_id           : []
engine_type         : []
external_ids        : {}
targets             : ["10.0.0.20:2055"]

--

I've looked at ofproto/netflow.c, and I believe the problem lies in
the netflow_expire__ function.
The function calls nf_flow->created = 0; however, in gen_netflow_rec,
init_time is calculated like this:
nf_rec->init_time = htonl(nf_flow->created - nf->boot_time);

So for long sessions, which expire every active_timeout seconds, I will get
init_time = (0-boot_time) in every record which describes the ongoing
session.

I've recompiled openvswitch without the "nf_flow->created = 0" code, and
start_time looks good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20140311/bf267292/attachment-0002.html>