[netflow-tools] softflowctl expire-all
rbreathe at brookes.ac.uk
Tue Sep 27 16:54:08 EST 2005
Damien Miller wrote:
> On Tue, 27 Sep 2005, Robin Breathe wrote:
>> I actually did some fairly extensive testing earlier, I simply couldn't
>> decide how best to report the results.
>> Running tcpdump shows that there really are far more active flows than
>> end up in my flowd logs.
> Are you tcpdumping the traffic flows themselves or the flow export packets?
On the traffic flows themselves; I'm running softflowd and flowd on the
same Solaris 9 box, and S9 doesn't support tcpdump on the loopback
interface. If necessary I can set the two components up on different
machines allowing me to tcpdump the flow export packets...
> To ask an obvious question: are you using any flowd.conf filters that
> drop flows?
I can replicate the issue on a vanilla configuration:
listen on 127.0.0.1:4432
flow source 127.0.0.1
I have tried with and without bpf filters on softflowd: they make no
difference (but did highlight another possible far-less-important bug to
be looked at another time - not all valid recipes are accepted).
>> Your help is really appreciated, this was an unexpected surprise drawing
>> close to the end of an otherwise successful project :) I was going to
>> trawl through the code myself tomorrow, but you already know it; I'd be
>> even more delighted if we could nail this bug down together.
> I'm setting up a test environment right now. Hopefully this will be
> fairly easy to track down. (famous last words...)
Probably wrong, I've got it into my head that this relates to iterating
over the expiries list rather than the flows list in the `expire-all`
case. I'll look at the code once I get into work.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.mindrot.org/pipermail/netflow-tools/attachments/20050927/d091a8da/attachment.bin
More information about the netflow-tools