[Bug 1760] Timestamp offset using softflowd with nfdump
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue May 4 12:15:58 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1760
--- Comment #1 from Stephen Nelson <stephen at sfnelson.org> ---
Turns out that this is because softflow is still mixing the
first_switched and last_switched fields in netflow9 output. These have
been corrected in the header, but the struct which they are actually
written to is wrong. Patch attached.
Confirmation of this bug can be obtained by examining a softflowd
packet using wireshark's "CFLOW" decoder. If the packet includes the
template then wireshark will show that the last_switched field is
greater than the first_swtiched field. After applying the submitted
patch, the fields are in the correct order.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list