pflow question - incorrect FIRST and LAST values ?

Hi all. In fields FIRST and LAST in a stream should be system uptime during reception of the first package and during reception of the last When i use 'softflowd' software sensor - all OK (see below), but when i use pflow interface then in fields FIRST and LAST i see huge values. Maybe somebod

Re: pflow question - incorrect FIRST and LAST values ?

09.06.09, 18:07, "Stuart Henderson" : > The fix might be as simple as this, but it's totally untested, not > even compiled. > Index: if_pflow.c > === > RCS file: /cvs/src/sys/net/if_pflow.c,v > retrieving revision 1.10 > diff -u -p -r

Re: pflow question - incorrect FIRST and LAST values ?

patch works, but i note some differences in same traffic (see attached files in my previous message) 1. softflowd captured 7 records, pflowd at the same time captured 8 2. different quantity of octets in reply from openbsd.org webserver: pflow.csv, line #6: 7107 octets softflowd.csv, line #5: 7121

Re: pflow question - incorrect FIRST and LAST values ?

Hello. 13.06.09, 12:08, "Joerg Goltermann" : > are you sure both versions are captured at the same time? Yes. > pflow(4) uses the counters from pf. Can you reproduce the > difference of 14? Yes, see attached file - i start softflowd and pflow capture at the same time, but get different resul

Re: pflow question - incorrect FIRST and LAST values ?

Hi, 16.06.09, 11:53, "Joerg Goltermann" : > pflow(4) is based on pf states, if a pflow tagged state expires, a > flow is created. If you change the pf expire, you can configure > the pflow expiring. > I attached a new version, which should give more correct values for > the "last-time" of a flow

Bug in pppoe ?

I have openbsd-based pppoe server for small lan with 20-30 WinXP and Vista clients (based on user-level ppp) After some time some random clients seems to be dead (XP and Vista) When i try disconnect/reconnect dead host to pppoe, connection established but i cannot ping hosts, link is dead. When i

Re: Bug in pppoe ?

03.07.09, 12:11, "Gregory Edigarov" : > sysctl net.inet.ip.forwarding ? net.inet.ip.forwarding=1

Re: Bug in pppoe ?

03.07.09, 16:00, "Denis Doroshenko" : how about tcpdumping at time when the link becomes broken and re-establishment is unsuccessful? tcpdumping on ethernet, on the pppoe in question... tcpdump shows nothing after pppoe reconnection. My IP - 192.168.70.44 My PPPoE IP - 192.168.100.35

Re: Bug in pppoe ?

Solved by adding ECHO parameters to ppp.conf: enable lqr set lqrperiod 5 + enable echo + set echoperiod 5 from man ppp: When this option is enabled, ppp will send LCP ECHO requests to the peer at the frequency defined by ``echoperiod''. Note: LQR requests will supersede LCP ECHO re- quests if

Re: pflow question/problem

03.07.09, 14:50, "Joerg Goltermann" : > Index: sbin/pfctl/pfctl_parser.c After patch: /etc/pf.conf set timeout pflowexport 10 # /flow-cat ft* | flow-export -f 2 > out.csv out.csv --- #:unix_secs,unix_nsecs,sysuptime,exaddr,dpkts,doctets,first,last,engine_type,engine_id,srcad

Re: ppp connection freezes

13.07.09, 15:32, "P$QP>P;P>P2 PP>P=Q
QP0P=QP8P=" : > What it can be - PPP bug ? > set mtu max 1492 > set mru max 1492 Solved by lowering MTU and MRU to 1452

Re: PF and LDAP

30.07.09, 13:55, "Marcello Cruz" : > Dear all, > Is there a way to use LDAP in a rule to allow or deny based on the user > instead of the IP Address? > The idea is to permit the traffic from an inside user to access, for example, > a VoIP resource on the Internet. Based on user... I use for this