249449 – net-analyzer/flow-tools - flow-print netflow timestamps output broken

Bug 249449 - net-analyzer/flow-tools - flow-print netflow timestamps output broken

Summary: net-analyzer/flow-tools - flow-print netflow timestamps output broken

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	AMD64 All

Importance:	High major (vote)
Assignee:	Gentoo Netmon project

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-12-01 08:54 UTC by Mirek Kratochvil
Modified:	2010-02-12 15:44 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
new ebuild with ftlib.h patch (flow-tools-0.68-r7.ebuild,2.72 KB, text/plain) 2009-09-21 14:41 UTC, Oleg Gawriloff	Details
ftlib.h patch itself (flow-tools-0.68-fix-ftlib.diff,274 bytes, text/plain) 2009-09-21 14:42 UTC, Oleg Gawriloff	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mirek Kratochvil 2008-12-01 08:54:42 UTC

Because of a bug in code, amd64 flow-print garbles netflow timestamps. Fix is simple, described here:

http://mailman.splintered.net/pipermail/flow-tools/2004-December/002501.html

if you don't want to click, here's the magic:


--- a/lib/ftlib.h     Wed Dec 15 16:13:30 2004
+++ b/lib/ftlib.h     Wed Dec 15 16:17:11 2004
@@ -414,8 +414,8 @@
 };
 
 struct fttime {
-  u_int32 secs;
-  u_int32 msecs;
+  time_t secs;
+  time_t msecs;
 };


working well, I already tested it on few boxes, and seems logical.

There already is some patch that is meant to fix similar thing
flow-tools-0.68-another-amd64-casting-fixes.patch
imho the fix belongs exactly to this patch.

For anyone having this problem, please note that it's not the captured data what is garbled - these are OK; problem is only the bad formatting of flow-print output.

Please add this patch to portage. As the developer of flow-tools doesn't seem to respond, the official upstream patching of this and bumping to tree could take weeks.


Reproducible: Always

Steps to Reproduce:
1.flowcapture some data
2.flow-print them on amd64; for example flow-print -f 5 <some-flow-file


Actual Results:  
observe the timestamps of flows are pretty much random.

Comment 1 Mirek Kratochvil 2009-09-04 21:02:36 UTC

*BUMP*

still present in flow-tools-0.68-r6 ...

Comment 2 Oleg Gawriloff 2009-09-21 14:41:55 UTC

Created attachment 204825 [details]
new ebuild with ftlib.h patch

Comment 3 Oleg Gawriloff 2009-09-21 14:42:11 UTC

Created attachment 204827 [details]
ftlib.h patch itself

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2010-02-12 15:44:24 UTC

Before the patch, output of flow-print looks like this:
0711.19:11:10.768 0101.03:19:27.469 0     xxx.xxx.xxx.xxx     57206 0     xxx.xxx.xxx.xxx   80    6   0  8          1271

Afterward, printing from the same file, it looks like this:
0212.16:22:22.768 0212.16:22:23.469 0     xxx.xxx.xxx.xxx    50103 0     xxx.xxx.xxx.xxx   80    6   0  10         4451


Applied in flow-tools-0.68-r8.


# ChangeLog for net-analyzer/flow-tools
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/flow-tools/ChangeLog,v 1.40 2010/02/12 15:43:28 jer Exp $

*flow-tools-0.68-r8 (12 Feb 2010)

  12 Feb 2010; Jeroen Roovers <jer@gentoo.org> +flow-tools-0.68-r8.ebuild,
  +files/flow-tools-0.68-249449-amd64.patch:
  Fix timestamp output thanks to Mirek Kratochvil and Oleg Gawriloff (bug
  #249449).