Messages

It would be fine to leave the fields out. Including them and setting them to zero makes little sense.

The GROK/LLM answer wasn't useful. I know the code is doing it. I'm saying it is not correct to do so.

I did some digging and confirmed sys/netgraph/netflow/netflow_v9.c always sets OUT_BYTES and OUT_PACKETS to 0.

Code Select Expand

       
rec->src_addr = fed->r.r_src.s_addr;
rec->dst_addr = fed->r.r_dst.s_addr;
...
rec->i_packets  = htonl(fed->packets);
rec->i_octets   = htonl(fed->bytes);
rec->o_packets  = htonl(0);
rec->o_octets   = htonl(0);
rec->first    = htonl(MILLIUPTIME(fed->first));
rec->last     = htonl(MILLIUPTIME(fed->last));

Why is it done this way? I've seen other collectors that only support unidirectional flows and they just don't include OUT_BYTES/OUT_PACKETS

I have Netflow setup to send v9 flows. When I look at the templates sent from OPNsense I see that IN_BYTES/IN_PACKETS as well OUT_BYTES/OUT_PACKETS are defined?

But when I get actual flows, OUT_BYTES and OUT_PACKETS are always 0. Why include them if they're always 0? The reason this is a problem is I'm trying to parse with goflow or goflow2 packages for golang and both of them will prefer OUT_BYTES/PACKETS to IN. See: https://github.com/netsampler/goflow2/issues/186

Is it intentional to include the OUT_* stats but never populate them?