netflow: Increase maximum number of NetFlow records to 30.

NetFlow v5 allows up to 30 records per packet but we were incorrectly
limiting to 29.  This corrects that and also uses the count of the
number of records in the header rather than the packet size since
it is easier to reason about.

Bug #2103

diff --git a/secchan/netflow.c b/secchan/netflow.c
index 7dd2e04..7912b4b 100644 (file)
--- a/secchan/netflow.c
+++ b/secchan/netflow.c
@@ -221,9 +221,8 @@ netflow_expire(struct netflow *nf, const struct ofexpired *expired)
     nf_rec->ip_proto = expired->flow.nw_proto;
     nf_rec->ip_tos = expired->ip_tos;
 
-    /* NetFlow messages are limited to 30 records.  A length of 1400
-     * bytes guarantees that the limit is not exceeded.  */
-    if (nf->packet.size >= 1400) {
+    /* NetFlow messages are limited to 30 records. */
+    if (ntohs(nf_hdr->count) >= 30) {
         netflow_run(nf);
     }
 }