Hi Paolo, This is a copy of https://github.com/pmacct/pmacct/issues/415 as I wasn't sure there is a suitable place for asking such questions. If it's for the maillist, please let me know, so I'll close the Github issue.
We're using pmacct and faced with some log flood containing such messages: Jul 6 18:40:23 gw pmacctd[28605]: INFO ( default/core ): short IPv4 packet read (35/38/frags). Snaplen issue ? Jul 6 18:40:40 gw pmacctd[28605]: INFO ( default/core ): short IPv4 packet read (35/38/frags). Snaplen issue ? Jul 6 18:40:46 gw pmacctd[28605]: INFO ( default/core ): short IPv4 packet read (35/38/frags). Snaplen issue ? $ grep Snaplen /var/log/daemon.log | wc -l 44019 We're investigated those packets and they seem legit, at the ethernet-frame level, each of those packets has padding added, i.e. size is valid for routers/switches, but pmacctd is treating them as suspicious and it leads to logs flooding. Not sure if this is a bug, but maybe we can just omit such logs somehow? At the source code ( https://github.com/pmacct/pmacct/blob/329a4744cc77eca98e5f51d3ff8323619f96c6f7/src/nl.c#L229-L232) I've found `config.handle_fragments` option, but there is lack of documentation explaining its behavior or at least syntax, how to set it properly. Can you please shed some light on that? Thanks in advance! Our Version: $ pmacct -V pmacct IMT plugin client, pmacct 1.7.2-git (20181018-00+c3) '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--with-pgsql-includes=/usr/include/postgresql' '--enable-l2' '--enable-ipv6' '--enable-plabel' '--enable-mysql' '--enable-pgsql' '--enable-sqlite3' '--enable-rabbitmq' '--enable-zmq' '--enable-kafka' '--enable-geoipv2' '--enable-jansson' '--enable-64bit' '--enable-threads' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' '--enable-nflog' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/pmacct-ws8uvS/pmacct-1.7.2=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists