Re: [pmacct-discussion] icmp6 netflow 9 not including type & code sometimes
Hi, Best would be for me to be able to reproduce the issue; can you make a brief capture in pcap format (ie. with tcpdump) of some of this icmp6 traffic and send it over via unicast email? If you could even compose two traces, one for the interface that is working, one for the one that is not working that would be awesome. Paolo On 27/9/22 01:27, fireballiso wrote: More information: pmacctd -V Promiscuous Mode Accounting Daemon, pmacctd 1.7.9-git [RELEASE] Arguments: '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' Libs: cdada 0.4.0 libpcap version 1.10.1 (with TPACKET_V3) Plugins: memory print nfprobe sfprobe tee System: Linux 5.19.9-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Sep 15 09:49:52 UTC 2022 x86_64 Compiler: gcc 12.2.1 === Config file (sending netflow to IPv6 loopback interface for capture with nfcapd): ! daemonize: true ! pcap_interface: eth0 aggregate: src_host, dst_host, src_port, dst_port, proto, tcpflags, tos plugins: nfprobe nfprobe_receiver: [::1]:9995 nfprobe_version: 9 = Still, the netflow captured with the config above doesn't have the icmp6 type and code values set correctly, but are always zeros. On 9/25/2022 10:21 PM, fireballiso wrote: Hi! I use pmacctd to generate netflow 9 for two interfaces on a physical (not virtual) Linux machine. The flows from one interface shows icmp and icmp6 protocols with the type and code as expected in the dst_port, and the other interface only shows icmp type and code correctly; the icmp6 type and code are always 0, regardless of the true values. Another machine (a VMWare virtual machine, running on ESXi 7) generates netflow 9 for an interface that only has IPv6 addresses; this also shows the icmp6 type and code as always 0. The interfaces on both machines have identical pmacctd configurations (except for the interface names), and the pmacctd versions are identical (cloned from github). What would cause the icmp6 type and code to not be set correctly for two interfaces, but correctly for another one? -Indy ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] icmp6 netflow 9 not including type & code sometimes
More information: pmacctd -V Promiscuous Mode Accounting Daemon, pmacctd 1.7.9-git [RELEASE] Arguments: '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' Libs: cdada 0.4.0 libpcap version 1.10.1 (with TPACKET_V3) Plugins: memory print nfprobe sfprobe tee System: Linux 5.19.9-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Sep 15 09:49:52 UTC 2022 x86_64 Compiler: gcc 12.2.1 === Config file (sending netflow to IPv6 loopback interface for capture with nfcapd): ! daemonize: true ! pcap_interface: eth0 aggregate: src_host, dst_host, src_port, dst_port, proto, tcpflags, tos plugins: nfprobe nfprobe_receiver: [::1]:9995 nfprobe_version: 9 = Still, the netflow captured with the config above doesn't have the icmp6 type and code values set correctly, but are always zeros. On 9/25/2022 10:21 PM, fireballiso wrote: Hi! I use pmacctd to generate netflow 9 for two interfaces on a physical (not virtual) Linux machine. The flows from one interface shows icmp and icmp6 protocols with the type and code as expected in the dst_port, and the other interface only shows icmp type and code correctly; the icmp6 type and code are always 0, regardless of the true values. Another machine (a VMWare virtual machine, running on ESXi 7) generates netflow 9 for an interface that only has IPv6 addresses; this also shows the icmp6 type and code as always 0. The interfaces on both machines have identical pmacctd configurations (except for the interface names), and the pmacctd versions are identical (cloned from github). What would cause the icmp6 type and code to not be set correctly for two interfaces, but correctly for another one? -Indy -- -Indy fireball...@yahoo.com ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
[pmacct-discussion] icmp6 netflow 9 not including type & code sometimes
Hi! I use pmacctd to generate netflow 9 for two interfaces on a physical (not virtual) Linux machine. The flows from one interface shows icmp and icmp6 protocols with the type and code as expected in the dst_port, and the other interface only shows icmp type and code correctly; the icmp6 type and code are always 0, regardless of the true values. Another machine (a VMWare virtual machine, running on ESXi 7) generates netflow 9 for an interface that only has IPv6 addresses; this also shows the icmp6 type and code as always 0. The interfaces on both machines have identical pmacctd configurations (except for the interface names), and the pmacctd versions are identical (cloned from github). What would cause the icmp6 type and code to not be set correctly for two interfaces, but correctly for another one? -Indy -- -Indy fireball...@yahoo.com ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
