Dave, et al,
I gave the forked copy a try, and I still see the problem. I'll include a
short snippet from logs:
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.14 dst_ip=0.0.0.0 d_version=5 expecting=1003054482
received=1003054512 lost=30
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.12 dst_ip=237.188.15.30 d_version=5 expecting=3747363059
received=3747365789 lost=2730
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.12 dst_ip=0.0.0.0 d_version=5 expecting=3747365729
received=3747365819 lost=90
Oct 7 00:48:26 server flow-capture[96376]: New exporter: time=1223340506
src_ip=192.168.248.12 dst_ip=48.193.208.156 d_version=5
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.12 dst_ip=0.0.0.0 d_version=5 expecting=3747366419
received=3747366449 lost=30
Oct 7 00:48:26 server flow-capture[96376]: New exporter: time=1223340506
src_ip=192.168.248.12 dst_ip=190.25.255.226 d_version=5
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.12 dst_ip=0.0.0.0 d_version=5 expecting=3747366539
received=3747366569 lost=30
Oct 7 00:48:26 server flow-capture[96376]: New exporter: time=1223340506
src_ip=192.168.248.14 dst_ip=241.15.201.236 d_version=5
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.14 dst_ip=0.0.0.0 d_version=5 expecting=1003054842
received=1003054872 lost=30
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.14 dst_ip=246.143.122.185 d_version=5 expecting=1003052982
received=1003055322 lost=2340
Oct 7 00:48:26 server flow-capture[96376]: ftpdu_seq_check():
src_ip=192.168.248.14 dst_ip=0.0.0.0 d_version=5 expecting=1003055322
received=1003055352 lost=30
There are two exporters at 192.168.248.1[24], but sending exporting to the same
destination IP of 192.168.37.30. The real destination IP is never picked up --
It's either 0.0.0.0 or garbage.
If I remove the #ifdef IP_RECVDSTADDR portion from flow-capture.c, I no longer
get the garbage destination IPs, but instead get all 0.0.0.0 (as would be
normally expected). This points to the setsockopt() as the culprit, but I'm
past my point of experience already.
Any suggestions as to what to try and change here?
Thanks,
Mark
On Mon, 6 Oct 2008, Dave Plonka wrote:
Hi Mark,
On Mon, Oct 06, 2008 at 04:48:03PM -0400, Mark R. wrote:
Are there any known issues with flow-tools on 64-bit platforms? I'm
trying to run 0.68 on FreeBSD 7.0/amd64 and running into some odd behavior
with flow-capture and flow-fanout.
I believe one of the manin reasons for this development fork was to
address 64-bit platform issues:
http://code.google.com/p/flow-tools/
I'd give that a try.
Dave
--
[EMAIL PROTECTED] http://net.doit.wisc.edu/~plonka/ Madison, WI
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
