Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 249449

Summary: net-analyzer/flow-tools - flow-print netflow timestamps output broken
Product: Gentoo Linux Reporter: Mirek Kratochvil <exa.exa>
Component: Current packagesAssignee: Gentoo Netmon project <netmon>
Status: RESOLVED FIXED    
Severity: major CC: barzog
Priority: High    
Version: unspecified   
Hardware: AMD64   
OS: All   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: new ebuild with ftlib.h patch
ftlib.h patch itself

Description Mirek Kratochvil 2008-12-01 08:54:42 UTC 
Because of a bug in code, amd64 flow-print garbles netflow timestamps. Fix is simple, described here:

http://mailman.splintered.net/pipermail/flow-tools/2004-December/002501.html

if you don't want to click, here's the magic:


--- a/lib/ftlib.h     Wed Dec 15 16:13:30 2004
+++ b/lib/ftlib.h     Wed Dec 15 16:17:11 2004
@@ -414,8 +414,8 @@
 };
 
 struct fttime {
-  u_int32 secs;
-  u_int32 msecs;
+  time_t secs;
+  time_t msecs;
 };


working well, I already tested it on few boxes, and seems logical.

There already is some patch that is meant to fix similar thing
flow-tools-0.68-another-amd64-casting-fixes.patch
imho the fix belongs exactly to this patch.

For anyone having this problem, please note that it's not the captured data what is garbled - these are OK; problem is only the bad formatting of flow-print output.

Please add this patch to portage. As the developer of flow-tools doesn't seem to respond, the official upstream patching of this and bumping to tree could take weeks.


Reproducible: Always

Steps to Reproduce:
1.flowcapture some data
2.flow-print them on amd64; for example flow-print -f 5 <some-flow-file


Actual Results:  
observe the timestamps of flows are pretty much random.
Comment 1 Mirek Kratochvil 2009-09-04 21:02:36 UTC 
*BUMP*

still present in flow-tools-0.68-r6 ...
Comment 2 Oleg Gawriloff 2009-09-21 14:41:55 UTC 
Created attachment 204825 [details]
new ebuild with ftlib.h patch
Comment 3 Oleg Gawriloff 2009-09-21 14:42:11 UTC 
Created attachment 204827 [details]
ftlib.h patch itself
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2010-02-12 15:44:24 UTC 
Before the patch, output of flow-print looks like this:
0711.19:11:10.768 0101.03:19:27.469 0     xxx.xxx.xxx.xxx     57206 0     xxx.xxx.xxx.xxx   80    6   0  8          1271

Afterward, printing from the same file, it looks like this:
0212.16:22:22.768 0212.16:22:23.469 0     xxx.xxx.xxx.xxx    50103 0     xxx.xxx.xxx.xxx   80    6   0  10         4451


Applied in flow-tools-0.68-r8.


# ChangeLog for net-analyzer/flow-tools
# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/flow-tools/ChangeLog,v 1.40 2010/02/12 15:43:28 jer Exp $

*flow-tools-0.68-r8 (12 Feb 2010)

  12 Feb 2010; Jeroen Roovers <jer@gentoo.org> +flow-tools-0.68-r8.ebuild,
  +files/flow-tools-0.68-249449-amd64.patch:
  Fix timestamp output thanks to Mirek Kratochvil and Oleg Gawriloff (bug
  #249449).