rastrip mangles timestamps

Thu Jun 14 10:55:19 EDT 2007

I tried running the same rastrip command two times and would expect the second run not to do anything with the data, but it seems that it does.

# rastrip -M -suser -M -duser -r INFILE -w OUTFILE1
# rastrip -M -suser -M -duser -r OUTFILE1 -w OUTFILE2

# ls -la OUTFILE*
-rw-r--r--    1 root     root     16932764 Jun 13 17:18 OUTFILE1
-rw-r--r--    1 root     root     16925984 Jun 14 16:01 OUTFILE2

Since OUTFILE1 shouldn't contain any suser or duser data I would expect OUTFILE2 to be identical to OUTFILE1 but as one can see from looking at the filesizes they do differ.

Let's see what differs

# ra -n -r OUTFILE1 > /tmp/OUT1
# ra -n -r OUTFILE2 > /tmp/OUT2

# diff /tmp/OUT{1,2}
<    23:49:57.199212  e          udp      x.x.52.167.32832    <->      x.x.47.142.8397         15    10037          975      1381547   CON
---
>    23:54:52.726221  e          udp      x.x.52.167.32832    <->      x.x.47.142.8397         15    10037          975      1381547   CON
1705c1705
<    23:49:58.773816  e d        tcp      x.x.35.135.4587      ->      x.x.220.18.80            0        4            0         5936   CON
---
>    23:53:05.983477  e d        tcp      x.x.35.135.4587      ->      x.x.220.18.80            0        4            0         5936   CON
3558c3558
<    23:50:00.250504  e s        tcp      x.x.45.214.41606    <?>     x.x.54.121.3774         67       47        87005         3007   CON
---
>    23:54:27.755044  e s        tcp      x.x.45.214.41606    <?>     x.x.54.121.3774         67       47        87005         3007   CON
4881,4882c4881,4882
<    23:50:02.120422  e       ipv6-i ffff::fff:fff:fe1*          <-> ffff::fff:ffff:c9*               8        7          688          602   NDN
<    23:50:02.120675  e       ipv6-i ffff::fff:ffff:c9*          <-> ffff::fff:fff:fe1*               8        7          624          546   NDR
---
>    23:54:37.603535  e       ipv6-i ffff::fff:fff:fe1*          <-> ffff::fff:ffff:c9*               8        7          688          602   NDN
>    23:54:37.611815  e       ipv6-i ffff::fff:ffff:c9*          <-> ffff::fff:fff:fe1*               8        7          624          546   NDR
8832c8832
<    23:50:08.175887  e d        tcp       x.x.184.60.3776     <?>       x.x.26.22.39109        13       14         1160          924   CON
---
>    23:54:36.201478  e d        tcp       x.x.184.60.3776     <?>       x.x.26.22.39109        13       14         1160          924   CON
12316c12316
<    23:50:15.330358  e d        tcp       x.x.2.188.63567     ->     x.x.222.184.80            0        2            0          124   ACC
---
>    23:51:03.521191  e d        tcp       x.x.2.188.63567     ->     x.x.222.184.80            0        2            0          124   ACC
13809c13809
<    23:50:18.426488  e d        tcp       x.x.2.188.63570     ->     x.x.222.184.80            0        2            0          124   ACC
---
>    23:51:06.627556  e d        tcp       x.x.2.188.63570     ->     x.x.222.184.80            0        2            0          124   ACC

Now, why have the timestamp changed?

Regards,

Patrick Forsberg, Chalmers IRT