[Flow-tools] flow-tools on FreeBSD/amd64

Mark R. mark at inetu.net
Mon Oct 6 21:08:50 EDT 2008 

Dave, et al,

I gave the forked copy a try, and I still see the problem.  I'll include a 
short snippet from logs:

Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.14 dst_ip=0.0.0.0 d_version=5 expecting=1003054482 
received=1003054512 lost=30
Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.12 dst_ip=237.188.15.30 d_version=5 expecting=3747363059 
received=3747365789 lost=2730
Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.12 dst_ip=0.0.0.0 d_version=5 expecting=3747365729 
received=3747365819 lost=90
Oct  7 00:48:26 server flow-capture[96376]: New exporter: time=1223340506 
src_ip=192.168.248.12 dst_ip=48.193.208.156 d_version=5
Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.12 dst_ip=0.0.0.0 d_version=5 expecting=3747366419 
received=3747366449 lost=30
Oct  7 00:48:26 server flow-capture[96376]: New exporter: time=1223340506 
src_ip=192.168.248.12 dst_ip=190.25.255.226 d_version=5
Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.12 dst_ip=0.0.0.0 d_version=5 expecting=3747366539 
received=3747366569 lost=30
Oct  7 00:48:26 server flow-capture[96376]: New exporter: time=1223340506 
src_ip=192.168.248.14 dst_ip=241.15.201.236 d_version=5
Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.14 dst_ip=0.0.0.0 d_version=5 expecting=1003054842 
received=1003054872 lost=30
Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.14 dst_ip=246.143.122.185 d_version=5 expecting=1003052982 
received=1003055322 lost=2340
Oct  7 00:48:26 server flow-capture[96376]: ftpdu_seq_check(): 
src_ip=192.168.248.14 dst_ip=0.0.0.0 d_version=5 expecting=1003055322 
received=1003055352 lost=30

There are two exporters at 192.168.248.1[24], but sending exporting to the same 
destination IP of 192.168.37.30.  The real destination IP is never picked up -- 
It's either 0.0.0.0 or garbage.

If I remove the #ifdef IP_RECVDSTADDR portion from flow-capture.c, I no longer 
get the garbage destination IPs, but instead get all 0.0.0.0 (as would be 
normally expected).  This points to the setsockopt() as the culprit, but I'm 
past my point of experience already.

Any suggestions as to what to try and change here?


Thanks,
Mark

On Mon, 6 Oct 2008, Dave Plonka wrote:

> 
> Hi Mark,
> 
> On Mon, Oct 06, 2008 at 04:48:03PM -0400, Mark R. wrote:
>> 
>> Are there any known issues with flow-tools on 64-bit platforms?  I'm
>> trying to run 0.68 on FreeBSD 7.0/amd64 and running into some odd behavior
>> with flow-capture and flow-fanout.
> 
> I believe one of the manin reasons for this development fork was to
> address 64-bit platform issues:
>
>   http://code.google.com/p/flow-tools/
> 
> I'd give that a try.
> 
> Dave
> 
> -- 
> plonka at doit.wisc.edu  http://net.doit.wisc.edu/~plonka/  Madison, WI
>

More information about the Flow-tools mailing list