Comment # 2
on bug 12319
from Martin Mathieson
(In reply to Adrian Tam from comment #0)
> According to RFC https://tools.ietf.org/html/rfc7011#section-4.1, the IPFix
> sequence number should increment for data record, while the sequence number
> should not be incremented for template.
>
> To reproduce at problem, open the capture and decode as CFlow. Packet #8
> has the correct expected sequence number (53). However, it expects packet
> #10 to have sequence number as 55. It should be 54 as it is the next packet
> after packet #8.
I believe the current behaviour is correct, and that the data templates are not
being counted.
The confusion seems to around what is a "data record", which are what the
sequence number is counting. I believe that section 3.3.1 makes it clear that
each separate data flow within each set should be counted. So the PDUs in
frames 8, 10, 12, 14 and 16 all have 2 data records, and should result in the
count being incremented by 2. Note that v9 of the protocol just counts PDUs,
which is what this implementation appears to be doing.
Also, note that the sequence analysis is only reported as being off by one
(rather than the expected number going up by 2 each time). This is confusing
in this case, but the code currently resets the expected number for the next
frame to what was seen rather than what it actually expected.
You are receiving this mail because:
- You are watching all bug changes.