[Bug 1760] Timestamp offset using softflowd with nfdump
https://bugzilla.mindrot.org/show_bug.cgi?id=1760 Damien Miller changed: What|Removed |Added Status|RESOLVED|CLOSED --- Comment #6 from Damien Miller 2011-01-24 12:33:32 EST --- Move resolved bugs to CLOSED after 5.7 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1760] Timestamp offset using softflowd with nfdump
https://bugzilla.mindrot.org/show_bug.cgi?id=1760 Damien Miller changed: What|Removed |Added Status|REOPENED|RESOLVED Resolution||FIXED --- Comment #5 from Damien Miller --- I think nfdump on Ubuntu is broken. It seems to decode the first flow in a softflowd netflow 9 export packet correctly (and has correct timers), but subsequent ones are corrupt. It is probably failing to calculate an increment length correctly when skipping to the end of a flow. nfdump seems to decode v.5 flows correctly in all cases and has correct timestamps. Wireshark decodes the flows correctly and gives correct times for both v5 and v9 flows. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1760] Timestamp offset using softflowd with nfdump
https://bugzilla.mindrot.org/show_bug.cgi?id=1760 screw changed: What|Removed |Added CC||screw@seznam.cz Status|RESOLVED|REOPENED Resolution|FIXED | --- Comment #4 from screw --- using last build from http://www.mindrot.org/softflowd_snap/ (with applied bugfix) on ubuntu with nfcapd (1.6.1) and still getting bad timestamps with -v 5 and completely wrong result(wrong/no IP, wrong/no port,...) with -v 9. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1760] Timestamp offset using softflowd with nfdump
https://bugzilla.mindrot.org/show_bug.cgi?id=1760 Damien Miller changed: What|Removed |Added Status|NEW |RESOLVED Resolution||FIXED --- Comment #3 from Damien Miller --- nice work - thanks. I have applied the patch and it will be in softflowd-0.9.9. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1760] Timestamp offset using softflowd with nfdump
https://bugzilla.mindrot.org/show_bug.cgi?id=1760 Stephen Nelson changed: What|Removed |Added CC||step...@sfnelson.org -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1760] Timestamp offset using softflowd with nfdump
https://bugzilla.mindrot.org/show_bug.cgi?id=1760 --- Comment #2 from Stephen Nelson --- Created attachment 1845 --> https://bugzilla.mindrot.org/attachment.cgi?id=1845 Fixes bug by switching the order of first and last switched fields in the NF9_SOFTFLOWD_DATA_COMMON struct -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 1760] Timestamp offset using softflowd with nfdump
https://bugzilla.mindrot.org/show_bug.cgi?id=1760 --- Comment #1 from Stephen Nelson --- Turns out that this is because softflow is still mixing the first_switched and last_switched fields in netflow9 output. These have been corrected in the header, but the struct which they are actually written to is wrong. Patch attached. Confirmation of this bug can be obtained by examining a softflowd packet using wireshark's "CFLOW" decoder. If the packet includes the template then wireshark will show that the last_switched field is greater than the first_swtiched field. After applying the submitted patch, the fields are in the correct order. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
