Hello,
Stuart Henderson wrote:
> On 2009-06-09, fROLOW kONSTANTIN <f-k...@yandex.ru> wrote:
>> Hi all.
>>
>> In fields FIRST and LAST in a stream should be system uptime during
>> reception of the first package
>> and during reception of the last
>>
>> When i use 'softflowd' software sensor - all OK (see below), but when i use
>> pflow interface
>> then in fields FIRST and LAST i see huge values.
>> Maybe somebody knows, what mean these values ?
> even compiled.
I think this patch will do it, please test it. OK?
tcpdump reports:
1244633496.760552 ip: NetFlow v5, 2279.000 uptime, 1244633496.000227807, #310,
6 recs
started 1524.000, last 2249.000
xxxxxxxxxx/0:0:779 > xxxxxxxxxxxxxx/0:0:2049 >> 0.0.0.0
17 tos 0, 5 (748 octets)
started 1524.000, last 2249.000
xxxxxxxxxxx/0:0:2049 > 1xxxxxxxxxxxx/0:0:779 >> 0.0.0.0
17 tos 0, 5 (796 octets)
Kind regards,
Joerg Goltermann
Index: if_pflow.c
===================================================================
RCS file: /cvs/src/sys/net/if_pflow.c,v
retrieving revision 1.10
diff -u -p -r1.10 if_pflow.c
--- if_pflow.c 27 Feb 2009 11:09:36 -0000 1.10
+++ if_pflow.c 10 Jun 2009 11:27:26 -0000
@@ -356,8 +356,9 @@ copy_flow_data(struct pflow_flow *flow1,
flow1->flow_octets = htonl(st->bytes[0]);
flow2->flow_octets = htonl(st->bytes[1]);
- flow1->flow_start = flow2->flow_start = htonl(st->creation * 1000);
- flow1->flow_finish = flow2->flow_finish = htonl(time_second * 1000);
+ flow1->flow_start = flow2->flow_start = htonl((st->creation -
+ (time_second - time_uptime))*1000);
+ flow1->flow_finish = flow2->flow_finish = htonl(time_uptime*1000);
flow1->tcp_flags = flow2->tcp_flags = 0;
flow1->protocol = flow2->protocol = sk->proto;
flow1->tos = flow2->tos = st->rule.ptr->tos;
Kind regards,
Joerg Goltermann
