On 22.8.2012. 20:50, Florian Obser wrote: > Hi, > > I think I got this now. > - replace time_seconds with time_uptime > - with that flow_finish in pflow can be simplified (pointed out by benno@) > this should take care of flows with finish < start for localy created > states > - change various variables from unsigned to signed (mainly) in pfsync which > could underflow (inspired by a patch from dlg@ from last year, pointed out > by cameild@). This fixes pflow and at the same time an underflow problem > in pfsync which dlg's patch was addressing. If I understand the history > correctly cameild@ noticed this problem last year. > > Hrvoje Popovski tested an older version without the pfsync fix. > > Since this changes the semantics of a field in pfsync both pfsync machines > need to be updated (I think it's ok to import 5.1 states into this version > but the other way around will cause problems.) > > We are running with this patch since yesterday on a redundant firewall > (amd64) with pfsync and no longer see broken flows (i.e. where finish > < start). The pair survived various failovers. >
Hello, I can confirm that there aren't any 4294* flow durations in nfdump (1.6.6). Pfsync is patched and enabled on firewalls and redundancy was tested. Thank you.
