Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipv6 address is wrong when using mulitiple sort order #72

Closed
nitzan-tz opened this issue Jul 12, 2017 · 2 comments
Closed

ipv6 address is wrong when using mulitiple sort order #72

nitzan-tz opened this issue Jul 12, 2017 · 2 comments

Comments

@nitzan-tz
Copy link

I am using nfdump 1.6.15
When running report with the following parameters "-s srcip/bytes/packets/flows" ipv6 address in the second parameter is wrong (packets order in that case )
It happen for any type of output and for any order of sorts (e.g. for srcip/packets/flows the flows report will have the wrong IP )
It happen for csv output and also for regular output
If I run the same report for single sort order it works ok and it also work ok for ipv4

In the following output please look on "2606:2800:133:1c88:7d4:2e2:1718:1cbc" and "881c:3301:28:626:bc1c:1817:e202:d407" you can see that both has the same counters and when I run the same report for with single sort order I dont see the second one

`[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -V
/usr/local/bin/nfdump: Version: 1.6.15
[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -M /space/moka/MX-B:MX-A -r 2017/07/12/09/nfcapd.201707120907 -q -s srcip/bytes/packets/flows -n 2 -ocsv -f /etc/netflow/all-in.flt
ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 09:06:08,2017-07-12 09:07:42,94.345,any,93.184.221.200,417,1.3,639000,1.1,957730000,1.5,6773,81210874,1498

ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,881c:3301:28:626:bc1c:1817:e202:d407,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276

ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276
`

`[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -M /space/moka/MX-B:MX-A -r 2017/07/12/09/nfcapd.201707120907 -q -s srcip/flows -n 2 -ocsv -f /etc/netflow/all-in.flt
ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 09:06:08,2017-07-12 09:07:42,94.345,any,93.184.221.200,417,1.3,639000,1.1,957730000,1.5,6773,81210874,1498

[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -M /space/moka/MX-B:MX-A -r 2017/07/12/09/nfcapd.201707120907 -q -s srcip/packets -n 2 -ocsv -f /etc/netflow/all-in.flt
ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276

[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -M /space/moka/MX-B:MX-A -r 2017/07/12/09/nfcapd.201707120907 -q -s srcip/bytes -n 2 -ocsv -f /etc/netflow/all-in.flt
ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276
`

`[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -M /space/moka/MX-B:MX-A -r 2017/07/12/09/nfcapd.201707120907 -q -s srcip/bytes/packets -n 2 -ocsv -f /etc/netflow/all-in.flt
ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276

ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,881c:3301:28:626:bc1c:1817:e202:d407,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276

[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -M /space/moka/MX-B:MX-A -r 2017/07/12/09/nfcapd.201707120907 -q -s srcip/bytes/flows -n 2 -ocsv -f /etc/netflow/all-in.flt
ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 09:06:08,2017-07-12 09:07:42,94.345,any,93.184.221.200,417,1.3,639000,1.1,957730000,1.5,6773,81210874,1498

ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,881c:3301:28:626:bc1c:1817:e202:d407,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276

[root@netflow nfdump-1.6.15]# /usr/local/bin/nfdump -M /space/moka/MX-B:MX-A -r 2017/07/12/09/nfcapd.201707120907 -q -s srcip/packets/flows -n 2 -ocsv -f /etc/netflow/all-in.flt
ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,2606:2800:133:1c88:7d4:2e2:1718:1cbc,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 09:06:08,2017-07-12 09:07:42,94.345,any,93.184.221.200,417,1.3,639000,1.1,957730000,1.5,6773,81210874,1498

ts,te,td,pr,val,fl,flP,ipkt,ipktP,ibyt,ibytP,ipps,ibps,ibpp
2017-07-12 09:05:35,2017-07-12 09:07:51,136.068,any,881c:3301:28:626:bc1c:1817:e202:d407,8057,25.6,11523000,19.7,14622185000,22.8,84685,859698680,1268
2017-07-12 08:52:32,2017-07-12 09:07:57,925.286,any,149.154.165.120,168,0.5,1028000,1.8,1312717000,2.0,1111,11349718,1276`

Nitzan
@nitzan-tz
Copy link
Author

Hi,

With a different address I was able to find the logic behind the bug please see the image bellow

image

Nitzan

phaag pushed a commit that referenced this issue Nov 5, 2017
Fix issue #72 - multiple stat output
a35ecdd
@phaag
Copy link
Owner

phaag commented Nov 5, 2017

Thx. Fixed!

@phaag phaag closed this as completed Nov 5, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phaag @nitzan-tz