Re: cflowd with incorrect statistics

From: Martin Horneffer (Horneffer@rrz.Uni-Koeln.DE)
Date: Tue Oct 17 2000 - 06:32:26 PDT

  • Next message: Martin Horneffer: "Re: cflowd race condition and high byte counts"

    On Sep 27, 10:30, Alexandre Peixoto Ferreira wrote:

    > I have discovered a bug in Cflowd that inflates the statistics. The bug
    > is related to a race condition in the code for the locking of
    > shared-memory. This bug when hit allows cflowd to processes again old
    > flows already processed, distorting the statistics to higher values.

    Thanks a lot for you patches!

    > There is a patch included with this e-mail that corrects the problem and
    > simplifies the debugging processes by modifying flowwatch to record for
    > each flow a timestamp and a sequence number. Flowwatch can read old
    > dumps but new dumps can not be read by an old flowwatch.

    Unfortunatly your enhancements appear to break cflowd's ability to handle
    more than one router. Receiving flows from two routers I get a lot of
    syslog like this:

    Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence -1313392633 out of order
    with 16971535
    Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence 16971535 out of order with
    -1313392603
    Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence -1313392603 out of order
    with 16971565
    Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence 16971565 out of order with
    -1313392093
    Oct 17 13:25:46 noc3 cflowd[195]: [E] sequence -1313392093 out of order
    with 16971595
    Oct 17 13:25:49 noc3 cflowd[195]: [E] sequence 16971595 out of order with
    -1313391523

    In fact you are using one global static variable for the sequence number
    regardless of which router the flows come from.

    Martin

    -- 
    Dr. Martin Horneffer -- Horneffer@rrz.uni-koeln.de
    --
    cflowd mailing list
    cflowd@caida.org
    



    This archive was generated by hypermail 2b29 : Tue Oct 17 2000 - 06:50:44 PDT