vutbr / nf-tools Goto Github PK
View Code? Open in Web Editor NEWNetFlow processing tools
nf-tools's People
Contributors
Stargazers
Watchers
nf-tools's Issues
Installation of libnf-devel RPM fails
Probably, due to %{epoch} in the spec file, installation on CentOS7 fails:
# yum install -y libnf-devel
Resolving Dependencies
--> Running transaction check
---> Package libnf-devel.x86_64 0:1.17-1 will be installed
--> Processing Dependency: libnf = %{epoch}:1.17-1 for package: libnf-devel-1.17-1.x86_64
--> Running transaction check
---> Package libnf.x86_64 0:1.17-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================
Installing:
libnf-devel x86_64 1.17-1 Liberouter-devel 149 k
Installing for dependencies:
libnf x86_64 1.17-1 Liberouter-devel 268 k
Transaction Summary
================================================================================================================================
Install 1 Package (+1 Dependent package)
Total size: 417 k
Installed size: 3.2 M
Downloading packages:
Running transaction check
ERROR with transaction check vs depsolve:
libnf = %{epoch}:1.17-1 is needed by libnf-devel-1.17-1.x86_64
You could try running: rpm -Va --nofiles --nodigest
Your transaction was saved, rerun it with:
yum load-transaction /tmp/yum_save_tx.2016-02-15.11-53.gTFjaW.yumtx
IPv4 src address 0.0.0.0 being interpreted as IPv6
Hi, I'm trying to process nfdump records using nf-tools 1.19 and I've got an issue where a small number of flows are being printed with a src address of "::" but a dst address that is IPv4.
My code is:
my $flow = new Net::NfDump(
InputFiles => [ $ARGV[0] ],
Fields => 'srcip,dstip,proto,srcport,dstport,pkts,bytes,inif,outif,srcas,dstas,router,received' );
$flow->query();
while (my ($srcipbin, $dstipbin, $proto, $srcport, $dstport, $pkts, $bytes, $inif, $outif, $srcas, $dstas, $routerbin, $received) = $flow->fetchrow_array() ) {
my $srcip = ip2txt($srcipbin);
my $dstip = ip2txt($dstipbin);
my $router = ip2txt($routerbin);
$received /= 1000;
printf "%s %s %u %u %u %llu %llu %u %u %u %u %s %llu\n", $srcip, $dstip, $proto, $srcport, $dstport, $pkts, $bytes, $inif, $outif, $srcas, $dstas, $router, $received;
}
}
$flow->finish();
In my output I'm getting a couple lines like:
:: 255.255.255.255 17 68 67 11 3608 1814 0 4294967295 4294967295 172.24.33.1 1459742428
It looks like the flow is a dhcp request, hence the rather odd src and dst.
Doing a "length($srcipbin)" returns 16 where it should return 4 so this appears to be confusing ip2txt into thinking the src address is IPv6.
Any help appreciated :)
Platform dependent object files in the tarballs
Recently I tried to create an libnf RPM packages on several distributions and on Fedora the build was failing. I noticed that in the tarballs there are already compiled and platform dependent object files (.o and .lo) in the bzip2 directory. This is generally a bad idea, because Make's incremental build will simply skip compilation of the whole bzlib2 but will link those potentially incompatible objects into the final shared library.
Why did that show up on the Fedora and only during RPM build? Because packages for the Fedora are compiled with some extra security flags by default, but those already present object files are compiled without them. Result is following error:
libtool: link: gcc -ggdb -I../include -I../nfdump/bin -I../ffilter -I../bzip2 -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -DLNF_THREADS -DNSEL -Wl,-z -Wl,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -o libnf-info libnf-info.o ../src/.libs/libnf.a -lresolv -lpthread
/usr/bin/ld: ../src/.libs/libnf.a(bzlib.o): relocation R_X86_64_32S against `BZ2_crc32Table' can not be used when making a shared object; recompile with -fPIC
../src/.libs/libnf.a: error adding symbols: Bad valueWhat is the reason of static linking of bzlib2 anyway?
Libnf doesn't compile because of C99 in filter
Recent filter code uses C99, but there are no compiler flags for this standard (or newer). This results in errors like
ffilter/ffilter.c: In function 'str_to_addr':
ffilter/ffilter.c:299:3: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
for (int x = 0; x < 4; x++) {
^
ffilter/ffilter.c:299:3: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
on CentOS 7 with GCC 4.8.5 and also Debian 8 with GCC 4.9.2.
Possible solution is to add AC_PROG_CC_STDC or AC_PROG_CC_C99 to the configure.ac.
Libnf doesn't compile
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -ggdb -I../include -I../nfdump/bin -I../ffilter -I../bzip2 -g -O2 -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn -fno-strict-aliasing -DLNF_THREADS -DNSEL -MT lnf_filter.lo -MD -MP -MF .deps/lnf_filter.Tpo -c lnf_filter.c -fPIC -DPIC -o .libs/lnf_filter.o
lnf_filter.c: In function 'lnf_ff_lookup_func':
lnf_filter.c:56:13: error: request for member 'index' in something not a structure or union
lvalue->id.index = lnf_fld_parse(fieldstr, NULL, NULL);
^
lnf_filter.c:58:17: error: request for member 'index' in something not a structure or union
if (lvalue->id.index == LNF_FLD_ZERO_) {
^
lnf_filter.c:62:34: error: request for member 'index' in something not a structure or union
switch (lnf_fld_type(lvalue->id.index)) {CentOS 7 with GCC 4.8.5
Question about RPM package of libnf
Could you please provide some script / command that can be used for creation of RPM package of libnf? (I can see that spec file already exists)
Alternatively, is there any public repository that contains a stable version of libnf RPM?
Thank you very much.
License?
I'm having trouble determining the terms under which this code can be redistributed. For reference, NFDUMP is licensed under the BSD license. flowsec and flowmon-ipv6-tunnel both appear to be GPL. libnf simply has no apparent licensing.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.