I'm going to guess here that send() is failing due to the MTU of the
tunnel interface being less than 1500. NetFlow expects to be running
over a media when can support at least a 1500 byte payload. The "spoof
IP" option is constructing the UDP packet by hand and that may result
in the MTU setting being overlooked by the kernel during a send().
Will your lan interfaces support a MTU > 1500 so there is enough room
for the tunnel header + 1500 byte payload?
--
mark
On May 9, 2005, at 9:10 AM, Juan Jose Lopez Juarez wrote:
I' trying to setup the next enviroment.
_________
_________
| HOST A | ================= | HOST B |
----------------
----------------
Each HOST is on a different network.
HOST A = 10.0.1.0/24 network
HOST B = 10.0.3.0/24 network
There is a ipip tun between both machines.
HOST A = eth0 // tun0
HOST B = eth0 // tun0
HOST A is getting Netflow traffic ussing the eth0 and has to send iit
to HOST B
ussing the tunnel.
So in HOST A I run.
# flow-fanout 10.0.1.230//1010 -s 0/172.0.0.2/1010
where 10.0.1.230 is the IP address of the eth0 dev.
and 172.0.0.2 is the ip address of the other point in the tun0 dev.
and on the messages file I see this.
---------------
flow-fanout: send (j=0): Message too long.
---------------
I've tryed to use more than one destination and all the traffic that
has to
go througt the tun dev is not send .. if the destination is reachable
ussing the
lan device everithing is fine.
I've tryed also without the -s option . and in that case everything
works fine.
I really need to spoof the Ipaddress .. and i've been googling for
related information
but I don't find anything related with this bug..
Have you seen something similar, can you help me..
Thnks :)
--
Juan Jose Lopez Juarez
[EMAIL PROTECTED]
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
