Time Issue on OpenBSD 4.2 with rc.69 (Was: Re: Sparc64 OpenBSD4.1 Compile issue)
Eric Pancer
epancer at pobox.com
Mon Feb 11 15:12:50 EST 2008
On Mon, 2008-02-11 at 11:46:19 -0800, Peter Van Epp proclaimed...
> Local seems to work fine which may point to the socket code:
>
> # argus -d -i rl0 -w test.argus
> # ra -r test.argus -n
[snip]
> time is wrong but thats the machine :-) and I don't have Eric's patches in so
> ratop didn't build (but ra appears to have).
>
Yes, we have good time from the file here too! (i386)
ra -nr foo.cap <
2008-02-11 14:08:1 * llc 0:d:29:4b:c:26.66 -> 1:80:c2:0:0:0.66 60 3720 INT
2008-02-11 14:08:2 e tcp 10.154.223.177.22 <?> 10.154.223.223.3737 24 2520 CON
2008-02-11 14:08:2 e d tcp 10.154.223.223.2324 <?> 10.154.223.177.22 408 43104 CON
2008-02-11 14:08:2 e udp 10.154.223.3.1985 -> 224.0.0.2.1985 13 806 INT
2008-02-11 14:08:2 e udp 10.154.223.2.1985 -> 224.0.0.2.1985 13 806 INT
2008-02-11 14:08:2 * udp 10.154.198.3.1985 -> 224.0.0.2.1985 14 924 INT
2008-02-11 14:08:2 * udp 10.154.198.2.1985 -> 224.0.0.2.1985 14 924 INT
2008-02-11 14:08:2 e tcp 10.154.223.177.18056 <?> 10.152.23.39.80 4 264 FIN
2008-02-11 14:08:2 e tcp 10.154.223.177.9491 <?> 10.152.23.39.80 4 264 FIN
2008-02-11 14:08:2 * arp 10.154.198.3 who 10.154.198.16 9 576 INT
2008-02-11 14:08:3 e tcp 10.154.223.177.18368 <?> 10.154.215.170.80 4 264 FIN
2008-02-11 14:08:3 e tcp 10.154.223.177.1491 <?> 10.154.215.170.80 4 264 FIN
2008-02-11 14:08:3 e d tcp 10.154.223.177.26935 -> 10.154.215.170.80 43 23269 FIN
2008-02-11 14:08:3 e udp 10.154.223.177.20331 <-> 10.152.23.12.53 2 221 CON
2008-02-11 14:08:3 e udp 10.154.223.177.33705 <-> 10.152.23.12.53 2 335 CON
2008-02-11 14:08:3 e d tcp 10.154.223.177.35005 -> 10.154.215.170.80 23 12253 FIN
2008-02-11 14:08:3 e d tcp 10.154.223.177.25924 ->
How about sparc64?
$ date
Mon Feb 11 14:10:30 CST 2008
$ ra -nr foo.cap
1970-01-08 01:18:2 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
1970-01-10 02:52:1 * llc 0:d:29:4b:c:25.66 -> 1:80:c2:0:0:0.66 1 60 INT
1970-01-10 04:43:0 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
1970-01-10 04:56:2 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
1970-01-11 14:44:3 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
1970-01-01 02:55:5 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
1970-01-01 03:08:2 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
1970-01-01 03:12:0 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
1970-01-01 03:15:3 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
1970-01-01 19:18:1 e udp 10.154.223.2.1985 -> 224.0.0.2.1985 1 62 INT
1970-01-02 21:08:4 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
1970-01-02 21:21:5 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
1970-01-02 21:25:2 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
1970-01-02 21:28:4 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
1970-01-04 10:54:3 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 106 CON
1970-01-04 11:07:1 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
1970-01-04 11:10:4 e tcp 10.154.223.28.22 ?> 10.154.223.223.3953 1 106 CON
1970-01-04 11:13:5 e tcp 10.154.223.223.3953 ?> 10.154.223.28.22 1 60 CON
Damn, no go there.
So, taking flows from a file on i386 gives good time, but using sockets to
i386 or sparc64 doesn't work. Taking flows from a file on sparc64 doesn't
give good time, nor does it in taking flows from i386 or sparc64.
- Eric
More information about the argus
mailing list