I've started using PM tools for a new project I'm working on. After a while, I started noticing a strange problem. My setup is very simple: * TCP packet generator sending out stateless TCP packets on eth1 * pmacctd started using: pmacctd -c src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows,tcpflags,cos -i eth1 -P nfprobe -f /tmp/pmacctd.conf where pmacctd.conf is: nfprobe_receiver: 127.0.0.1:2101 nfprobe_version: 9 * nfacctd started using: pmacctd -c src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows,tcpflags,cos -i eth1 -P sqlite3 -v 8 -f /tmp/collector.config where collector.config: sql_db: /tmp/collector.db
Running the above setup, I noticed that pmacctd shows more packets and bytes that what I've actually sent out (and verified by tcpdump). About 30% more. 1) I tried using a different net flow collector. I tried using flow-tools collector. The packet count showed correctly so I know it has to do with pmacctd somehow. 2) I tried using the print plugin but that produced the same wrong counts. 3) I tried using the debug flag for pmacctd to see what's going on so I tried to run it as (notice the location of -d): pmacctd -c src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows,tcpflags,cos -i eth1 -P sqlite3 -d -v 8 -f /tmp/collector.config Still, produced the wrong numbers. 4) Next, I tried the same command only I placed the "-d" option as the first parameter: pmacctd -d -c src_mac,dst_mac,vlan,src_host,dst_host,src_port,dst_port,proto,tos,flows,tcpflags,cos -i eth1 -P sqlite3 -v 8 -f /tmp/collector.config Now, surprisingly that fixed the problem and the counters are correct! 5) Next I tried the same "-d" trick with the print plugin only but still produced the wrong numbers. So the only way to make it work is to run it in debug _and_ put the "-d" as the first argument. I tried the above scenarios several times to eliminate any chance of one-offs or race conditions but the results were 100% consistent. I hope that can give you some clues. I'm using version 0.14.0rc3 built from source uname -a Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 i686 i686 i386 GNU/Linux _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
