[Nfdump-discuss] nfcad and lxc issue

SancheZZS . Tue, 01 Nov 2016 04:07:34 -0700

Hello!

nfcapd don't capture netflow in  LXC container.


generated flow
13:40:28.003356 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
13:40:28.003373 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
13:40:28.003392 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
13:40:28.003410 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
13:40:28.003427 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
13:40:28.003444 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
13:40:28.003462 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464
13:40:28.003479 IP 10.11.108.251.46004 > 10.8.1.74.2055: UDP, length 1464

10.8.1.74 ip of LXC.

/usr/local/bin/nfcapd -E -z -w -p 2055 -B 200000 -S 1 -P
/var/tmp/p2055.pid -I rbth -l /var/tmp
                                   datastor
Add extension: 2 byte input/output interface index
Add extension: 4 byte input/output interface index
Add extension: 2 byte src/dst AS number
Add extension: 4 byte src/dst AS number
Bound to IPv4 host/IP: any, Port: 2055
Standard setsockopt, SO_RCVBUF is 212992 Requested length is 200000 bytes
System set setsockopt, SO_RCVBUF to 400000 bytes
Startup.
Init IPFIX: Max number of IPFIX tags: 62

File Block Header:
  NumBlocks     =           0
  Size          =           0
  id             =           2

Ident: 'rbth' Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Total ignored packets: 0
^CFile Block Header:
  NumBlocks     =           0
  Size          =           0
  id             =           2

Ident: 'rbth' Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0
Total ignored packets: 0
Terminating nfcapd.


generated flow
13:42:51.003270 IP 10.11.108.251.58690 > 10.11.110.26.2055: UDP, length 1464
13:42:51.003289 IP 10.11.108.251.58690 > 10.11.110.26.2055: UDP, length 1464
13:42:51.003305 IP 10.11.108.251.58690 > 10.11.110.26.2055: UDP, length 1464
13:42:51.003321 IP 10.11.108.251.58690 > 10.11.110.26.2055: UDP, length 1464
13:42:51.003338 IP 10.11.108.251.58690 > 10.11.110.26.2055: UDP, length 1464
13:42:51.003354 IP 10.11.108.251.58690 > 10.11.110.26.2055: UDP, length 1464

10.11.110.26 ip of host system

/usr/local/bin/nfcapd -E -z -w -p 2055 -B 200000 -S 1 -P
/var/tmp/p2055.pid -I rbth -l /var/tmp
...
...

Flow Record:
  Flags        =              0x00 FLOW, Unsampled
  export sysid =                 1
  size         =                56
  first        =        1477997655 [2016-11-01 13:54:15]
  last         =        1477997655 [2016-11-01 13:54:15]
  msec_first   =               902
  msec_last    =               902
  src addr     =         10.4.0.99
  dst addr     =      157.56.52.13
  src port     =             14320
  dst port     =             40027
  fwd status   =                 0
  tcp flags    =              0x00 ......
  proto        =                17 UDP
  (src)tos     =                 0
  (in)packets  =                 1
  (in)bytes    =                60
  input        =                 0
  output       =                 0
  src as       =                 0
  dst as       =                 0

c^CFile Block Header:
  NumBlocks     =         213
  Size          =       11824
  id             =           2

Ident: 'rbth' Flows: 210, Packets: 1584, Bytes: 532662, Sequence
Errors: 0, Bad Packets: 0
Total ignored packets: 0
Terminating nfcapd.

That's odd. Any advice is greatly appreciated.

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

[Nfdump-discuss] nfcad and lxc issue

Reply via email to