openssh bugs - Nov 2010 - [Bug 1836] New: "undesired" behavior when using the -r flag

https://bugzilla.mindrot.org/show_bug.cgi?id=1836

           Summary: "undesired" behavior when using the -r flag
           Product: softflowd
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: softflowd
        AssignedTo: djm at mindrot.org
        ReportedBy: daan at intouch.eu


When using the -r flag exported flows will always be in the future.
Because the system uptime is set on line 118
(http://code.google.com/p/softflowd/source/browse/softflowd.c#1877) to
the current time, all exported packtes will be 49 days in the future
(2^32 milliseconds).

Solution: if flow records are created from a pcap file the system
uptime should be before the first timestap, but not more then 49 days
(2^32 - 1 milliseconds) in the past.

I will try to code this tomorrow and provide patch/new file.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1836

--- Comment #1 from Daan van der Sanden <daan at intouch.eu> 2010-11-09
21:59:53 EST ---
Created attachment 1953
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1953
Patch to fix -r 'behavior'

The solution is a little different than I first thought.

This patch fixes the behavior when reading from pcap files. It set the
boot time to 49,5 days in the past.

A note should be added to the documentation that it is not possible to
import/convert a pcap file where the frames are more than 49.5 days in
the past. This means that everything will works as expected/desired if
softflowd manages to export all flows that are read from the file
within 5 hours.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1836

screw <screw.you at seznam.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |screw.you at seznam.cz

--- Comment #2 from screw <screw.you at seznam.cz> 2011-03-11 03:19:26 EST
---
I didn't notice there's already bug filed about this behavior, so
I've
made a possible fix(only for -v 5 version). You can find it here
http://code.google.com/r/d0nald86-real-dates/

I didn't know where to put it to not mess up the original.

My only concern is about the sys_uptime. Is it used for anything else
than just computing the start and end time of a flow (on the collector
side)?

My solution in brief:
when exporting flows i check whether the system_boot_time is less than
flow_start and/or the difference between system_boot_time and
flow_start is not more than ~49 days (as mentioned in the above post).
If so, set the system_boot_time to flow_start.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1836

screw <screw.you at seznam.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #3 from screw <screw.you at seznam.cz> 2011-03-25 10:29:41 EST
---
(In reply to comment #2)
> I didn't notice there's already bug filed about this behavior, so
I've
> made a possible fix(only for -v 5 version). You can find it here
> http://code.google.com/r/d0nald86-real-dates/
> 
> I didn't know where to put it to not mess up the original.
> 
> My only concern is about the sys_uptime. Is it used for anything else
> than just computing the start and end time of a flow (on the collector
> side)?
> 
> My solution in brief:
> when exporting flows i check whether the system_boot_time is less than
> flow_start and/or the difference between system_boot_time and
> flow_start is not more than ~49 days (as mentioned in the above post).
> If so, set the system_boot_time to flow_start.
i've updated my "fix". now i think it's really working. PLEASE
test it.
(http://code.google.com/r/d0nald86-real-dates/)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1836

--- Comment #4 from Martin Vejmelka <vejmelka at agents.felk.cvut.cz>
2011-07-27 22:18:54 EST ---
Created attachment 2070
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2070
Simple fix for times in the future

I haven't found these solutions and have created my own simple
solution. Please find attached patch.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1836

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> 2011-09-06 15:33:03
EST ---
close resolved bugs now that openssh-5.9 has been released

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.