vutbr / nf-tools Goto Github PK
View Code? Open in Web Editor NEWNetFlow processing tools
NetFlow processing tools
Probably, due to %{epoch} in the spec file, installation on CentOS7 fails:
# yum install -y libnf-devel
Resolving Dependencies
--> Running transaction check
---> Package libnf-devel.x86_64 0:1.17-1 will be installed
--> Processing Dependency: libnf = %{epoch}:1.17-1 for package: libnf-devel-1.17-1.x86_64
--> Running transaction check
---> Package libnf.x86_64 0:1.17-1 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================
Installing:
libnf-devel x86_64 1.17-1 Liberouter-devel 149 k
Installing for dependencies:
libnf x86_64 1.17-1 Liberouter-devel 268 k
Transaction Summary
================================================================================================================================
Install 1 Package (+1 Dependent package)
Total size: 417 k
Installed size: 3.2 M
Downloading packages:
Running transaction check
ERROR with transaction check vs depsolve:
libnf = %{epoch}:1.17-1 is needed by libnf-devel-1.17-1.x86_64
You could try running: rpm -Va --nofiles --nodigest
Your transaction was saved, rerun it with:
yum load-transaction /tmp/yum_save_tx.2016-02-15.11-53.gTFjaW.yumtx
Hi, I'm trying to process nfdump records using nf-tools 1.19 and I've got an issue where a small number of flows are being printed with a src address of "::" but a dst address that is IPv4.
My code is:
my $flow = new Net::NfDump(
InputFiles => [ $ARGV[0] ],
Fields => 'srcip,dstip,proto,srcport,dstport,pkts,bytes,inif,outif,srcas,dstas,router,received' );
$flow->query();
while (my ($srcipbin, $dstipbin, $proto, $srcport, $dstport, $pkts, $bytes, $inif, $outif, $srcas, $dstas, $routerbin, $received) = $flow->fetchrow_array() ) {
my $srcip = ip2txt($srcipbin);
my $dstip = ip2txt($dstipbin);
my $router = ip2txt($routerbin);
$received /= 1000;
printf "%s %s %u %u %u %llu %llu %u %u %u %u %s %llu\n", $srcip, $dstip, $proto, $srcport, $dstport, $pkts, $bytes, $inif, $outif, $srcas, $dstas, $router, $received;
}
}
$flow->finish();
In my output I'm getting a couple lines like:
:: 255.255.255.255 17 68 67 11 3608 1814 0 4294967295 4294967295 172.24.33.1 1459742428
It looks like the flow is a dhcp request, hence the rather odd src and dst.
Doing a "length($srcipbin)" returns 16 where it should return 4 so this appears to be confusing ip2txt into thinking the src address is IPv6.
Any help appreciated :)
Recently I tried to create an libnf RPM packages on several distributions and on Fedora the build was failing. I noticed that in the tarballs there are already compiled and platform dependent object files (.o and .lo) in the bzip2 directory. This is generally a bad idea, because Make's incremental build will simply skip compilation of the whole bzlib2 but will link those potentially incompatible objects into the final shared library.
Why did that show up on the Fedora and only during RPM build? Because packages for the Fedora are compiled with some extra security flags by default, but those already present object files are compiled without them. Result is following error:
libtool: link: gcc -ggdb -I../include -I../nfdump/bin -I../ffilter -I../bzip2 -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -DLNF_THREADS -DNSEL -Wl,-z -Wl,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -o libnf-info libnf-info.o ../src/.libs/libnf.a -lresolv -lpthread
/usr/bin/ld: ../src/.libs/libnf.a(bzlib.o): relocation R_X86_64_32S against `BZ2_crc32Table' can not be used when making a shared object; recompile with -fPIC
../src/.libs/libnf.a: error adding symbols: Bad value
What is the reason of static linking of bzlib2 anyway?
Recent filter code uses C99, but there are no compiler flags for this standard (or newer). This results in errors like
ffilter/ffilter.c: In function 'str_to_addr':
ffilter/ffilter.c:299:3: error: 'for' loop initial declarations are only allowed in C99 or C11 mode
for (int x = 0; x < 4; x++) {
^
ffilter/ffilter.c:299:3: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
on CentOS 7 with GCC 4.8.5 and also Debian 8 with GCC 4.9.2.
Possible solution is to add AC_PROG_CC_STDC
or AC_PROG_CC_C99
to the configure.ac
.
libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -ggdb -I../include -I../nfdump/bin -I../ffilter -I../bzip2 -g -O2 -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn -fno-strict-aliasing -DLNF_THREADS -DNSEL -MT lnf_filter.lo -MD -MP -MF .deps/lnf_filter.Tpo -c lnf_filter.c -fPIC -DPIC -o .libs/lnf_filter.o
lnf_filter.c: In function 'lnf_ff_lookup_func':
lnf_filter.c:56:13: error: request for member 'index' in something not a structure or union
lvalue->id.index = lnf_fld_parse(fieldstr, NULL, NULL);
^
lnf_filter.c:58:17: error: request for member 'index' in something not a structure or union
if (lvalue->id.index == LNF_FLD_ZERO_) {
^
lnf_filter.c:62:34: error: request for member 'index' in something not a structure or union
switch (lnf_fld_type(lvalue->id.index)) {
CentOS 7 with GCC 4.8.5
Could you please provide some script / command that can be used for creation of RPM package of libnf? (I can see that spec file already exists)
Alternatively, is there any public repository that contains a stable version of libnf RPM?
Thank you very much.
I'm having trouble determining the terms under which this code can be redistributed. For reference, NFDUMP
is licensed under the BSD license. flowsec
and flowmon-ipv6-tunnel
both appear to be GPL. libnf
simply has no apparent licensing.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.