On Sep 27, 10:30, Alexandre Peixoto Ferreira wrote:
> I have discovered a bug in Cflowd that inflates the statistics. The bug
> is related to a race condition in the code for the locking of
> shared-memory. This bug when hit allows cflowd to processes again old
> flows already processed, distorting the statistics to higher values.
Thanks a lot for you patches!
> There is a patch included with this e-mail that corrects the problem and
> simplifies the debugging processes by modifying flowwatch to record for
> each flow a timestamp and a sequence number. Flowwatch can read old
> dumps but new dumps can not be read by an old flowwatch.
Unfortunatly your enhancements appear to break cflowd's ability to handle
more than one router. Receiving flows from two routers I get a lot of
syslog like this:
Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence -1313392633 out of order
with 16971535
Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence 16971535 out of order with
-1313392603
Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence -1313392603 out of order
with 16971565
Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence 16971565 out of order with
-1313392093
Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence -1313392093 out of order
with 16971595
Oct 17 13:25:49 noc3 cflowd[195]: [E] sequence 16971595 out of order with
-1313391523
In fact you are using one global static variable for the sequence number
regardless of which router the flows come from.
Martin
-- Dr. Martin Horneffer -- Horneffer@rrz.uni-koeln.de -- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Tue Oct 17 2000 - 06:50:44 PDT