bugzilla-daemon at netfilter.org
2019-Jan-19 12:52 UTC
[Bug 1317] New: ulogd missed flow.start.sec and flow.start.usec fields
https://bugzilla.netfilter.org/show_bug.cgi?id=1317
Bug ID: 1317
Summary: ulogd missed flow.start.sec and flow.start.usec fields
Product: ulogd
Version: 2.0.0beta1
Hardware: All
OS: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: ulogd
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: farzadazizsoltani98 at gmail.com
When I test ulogd, I found that after a while ulogd hasn't
"flow.start.sec" and
"flow.start.usec" fileds in their JASON file.
I send packet with scapy as follows:
send(IP(dst='myIP')/fuzz(UDP()),loop=1)
log with those fileds:
{ "ct.event" : 4, "ct.id" : 1864591088,
"ct.mark" : 2147483767,
"dest_ip" : "192.168.2.100", "dvc" :
"Netfilter", "flow.end.sec" :
1547900066, "flow.end.usec" : 425948, "flow.start.sec"
: 1547900066,
"flow.start.usec" : 210972, "oob.family" : 2,
"oob.protocol" : 0,
"orig.ip.protocol" : 17, "orig.l4.dport" : 39105,
"orig.l4.sport" :
25845, "orig.raw.pktcount" : 1, "orig.raw.pktlen" :
28,
"reply.ip.daddr.str" : "192.168.1.108",
"reply.ip.protocol" : 17,
"reply.ip.saddr.str" : "192.168.2.100",
"reply.l4.dport" : 25845,
"reply.l4.sport" : 39105, "reply.raw.pktcount" : 0,
"reply.raw.pktlen" :
0, "src_ip" : "192.168.1.108", "timestamp" :
"2019-01-19T15:44:26" }
log without those fileds:
{ "ct.event" : 4, "ct.id" : 1530067856,
"ct.mark" : 2147483767,
"dest_ip" : "192.168.2.100", "dvc" :
"Netfilter", "flow.end.sec" :
1547899965, "flow.end.usec" : 909658, "oob.family" :
2, "oob.protocol"
: 0, "orig.ip.protocol" : 17, "orig.l4.dport" : 27353,
"orig.l4.sport"
: 55469, "orig.raw.pktcount" : 1, "orig.raw.pktlen" :
28,
"reply.ip.daddr.str" : "192.168.1.108",
"reply.ip.protocol" : 17,
"reply.ip.saddr.str" : "192.168.2.100",
"reply.l4.dport" : 55469,
"reply.l4.sport" : 27353, "reply.raw.pktcount" : 0,
"reply.raw.pktlen" :
0, "src_ip" : "192.168.1.108", "timestamp" :
"2019-01-19T15:42:45" }
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190119/b49f2b2f/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jan-19 12:53 UTC
[Bug 1317] ulogd missed flow.start.sec and flow.start.usec fields
https://bugzilla.netfilter.org/show_bug.cgi?id=1317
Farzad Azizsoltani <farzadazizsoltani98 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |farzadazizsoltani98 at gmail.c
| |om
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190119/f4f7807e/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jan-20 10:45 UTC
[Bug 1317] ulogd missed flow.start.sec and flow.start.usec fields
https://bugzilla.netfilter.org/show_bug.cgi?id=1317
Farzad Azizsoltani <farzadazizsoltani98 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190120/3d3725d0/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jan-20 10:46 UTC
[Bug 1317] ulogd missed flow.start.sec and flow.start.usec fields
https://bugzilla.netfilter.org/show_bug.cgi?id=1317
Farzad Azizsoltani <farzadazizsoltani98 at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |INVALID
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190120/d9cfd0ac/attachment.html>
Possibly Parallel Threads
- A libguestfs-test-tool output
- [Bug 876] New: bizarre handling of "related" connection packets (wrong OUTPUT interface assigned)
- simulating a 2-parameter integrated ornstein-uhlenbeck process?
- [Bug 567] ulogd writes invalid len field in per-packet headers
- Using dovecot as LDA for postfix