On 18.4.2013. 15:12, Tor Houghton wrote: > Hi, > > I'm capturing flows on an OpenBSD 5.2 system using the pflow interface. When > I export data using version 5, nfcapd behaves as expected. > > However, if I export the flows as version 9, or IPFIX, nfcapd has a problem > with the "first" and "last" fields of the flow record: > > Flow Record: > Flags = 0x06 FLOW, Unsampled > export sysid = 1 > size = 564 > first = 0 [1970-01-01 01:00:00] > last = 0 [1970-01-01 01:00:00] > msec_first = 0 > msec_last = 0 > .. > .. > .. > (src)tos = 0 > (in)packets = 6 > (in)bytes = 598 > ip router = 192.168.16.1 > received at = 1366290086402 [2013-04-18 15:01:26.402] > > Wireshark has no trouble decoding the packet. Has anyone else experienced > this? > > Tor >
Hi, Florian Obser upload some interesting v9/ipfix patches for pflow, so you could try catch todays current. c/p On Tue, Aug 13, 2013 at 02:44:06AM -0600, Florian Obser wrote: > CVSROOT: /cvs > Module name: src > Changes by: [email protected] 2013/08/13 02:44:05 > > Modified files: > sys/net : if_pflow.h if_pflow.c > > Log message: > Split pflow version 9 and version 10 to be able to send 64 bit > time values for version 10. > While there mark places which will blow up in 2038. > OK benno@ > As a bonus now nfdump can read v10 flows generated by pflow(4). ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
