netflow tools - May 2005 - Softflowd not recognizing interface index

I''ve dropped pfflowd to try out softflowd as it appears to be a bit 
more "compliant" than the pfflowd exports.  However, I notice that my 
flows still don''t seem to be reporting the correct index numbers for 
the interfaces.  I''m not very SNMP savvy, so perhaps it''s my
own
inexperience showing.  Can someone please explain to me why the 
following output all have 0 as the if_index_in and if_index_out for all 
flows?

http://www.dixongroup.net/softflowd.txt

A good example is seen on lines 1-2 and 8-9.  Each pair represents the 
same SSH session but they appear to come from different softflowd 
agents (first from the external interface, then the internal).  
Regardless, they all report an if_index_* of 0, no matter the direction 
or agent.

Thanks,

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Jason Dixon wrote:
> I''ve dropped pfflowd to try out softflowd as it appears to be a
bit more
> "compliant" than the pfflowd exports.  However, I notice that my
flows
> still don''t seem to be reporting the correct index numbers for the
> interfaces.  I''m not very SNMP savvy, so perhaps it''s my
own
> inexperience showing.  Can someone please explain to me why the 
> following output all have 0 as the if_index_in and if_index_out for all 
> flows?
> 
> http://www.dixongroup.net/softflowd.txt
> 
> A good example is seen on lines 1-2 and 8-9.  Each pair represents the 
> same SSH session but they appear to come from different softflowd agents 
> (first from the external interface, then the internal).  Regardless, 
> they all report an if_index_* of 0, no matter the direction or agent.
Yes, softflowd doesn''t get enough information from bpf to fill these
in.
If you can figure out a way to get interface names of indices out of
libpcap I can fix it easily.

-d

On May 22, 2005, at 11:11 PM, Damien Miller wrote:
> Jason Dixon wrote:
>> I''ve dropped pfflowd to try out softflowd as it appears to be
a bit
>> more "compliant" than the pfflowd exports.  However, I notice
that my
>> flows still don''t seem to be reporting the correct index
numbers for
>> the interfaces.  I''m not very SNMP savvy, so perhaps
it''s my own
>> inexperience showing.  Can someone please explain to me why the 
>> following output all have 0 as the if_index_in and if_index_out for 
>> all flows?
>> http://www.dixongroup.net/softflowd.txt
>> A good example is seen on lines 1-2 and 8-9.  Each pair represents 
>> the same SSH session but they appear to come from different softflowd 
>> agents (first from the external interface, then the internal).  
>> Regardless, they all report an if_index_* of 0, no matter the 
>> direction or agent.
>
> Yes, softflowd doesn''t get enough information from bpf to fill
these
> in.
> If you can figure out a way to get interface names of indices out of
> libpcap I can fix it easily.
Hell, I don''t even grok the significance of the if_index_* stuff, other
than to assume that it''s somehow valuable.  I would think that the 
reporting agent would always report its own interface as 0, but what do 
I know.  :)

Unfortunately, what I know about pcap could fit into a bottlecap.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net