Time Issue on OpenBSD 4.2 with rc.69 (Was: Re: Sparc64 OpenBSD4.1 Compile issue)

Carter Bullard carter at qosient.com
Mon Feb 11 16:11:01 EST 2008 

Hmmm, a bit more confusing.  So lets enumerate what we've got working
and what doesn't with regard to timestamps:

    sparc64 argus ->                sparc64 ra -  bad timestamps
    sparc64 argus ->    file     -> sparc64 ra -  bad timestamps

    i386 argus    ->                i386 ra    -  bad timestamps ?
    i386 argus    ->    file     -> i386 ra    - good timestamps

and then a follow up test would be:
    i386 argus    ->    file     -> sparc64 ra -  bad timestamps ?
    sparc64 argus ->    file     -> i386 ra    -  bad timestamps ?


Carter


On Feb 11, 2008, at 3:12 PM, Eric Pancer wrote:

> On Mon, 2008-02-11 at 11:46:19 -0800, Peter Van Epp proclaimed...
>
>> 	Local seems to work fine which may point to the socket code:
>>
>> # argus -d -i rl0 -w test.argus
>> # ra -r test.argus -n
>
> [snip]
>
>> time is wrong but thats the machine :-) and I don't have Eric's  
>> patches in so
>> ratop didn't build (but ra appears to have).
>>
>
> Yes, we have good time from the file here too! (i386)
>
> ra -nr foo.cap                                             <
> 2008-02-11 14:08:1  *         llc     0:d:29:4b:c:26.66        ->  
> 1:80:c2:0:0:0.66           60       3720   INT
> 2008-02-11 14:08:2  e         tcp    10.154.223.177.22       <?>  
> 10.154.223.223.3737         24       2520   CON
> 2008-02-11 14:08:2  e d       tcp    10.154.223.223.2324     <?>  
> 10.154.223.177.22          408      43104   CON
> 2008-02-11 14:08:2  e         udp      10.154.223.3.1985      ->  
> 224.0.0.2.1985         13        806   INT
> 2008-02-11 14:08:2  e         udp      10.154.223.2.1985      ->  
> 224.0.0.2.1985         13        806   INT
> 2008-02-11 14:08:2  *         udp      10.154.198.3.1985      ->  
> 224.0.0.2.1985         14        924   INT
> 2008-02-11 14:08:2  *         udp      10.154.198.2.1985      ->  
> 224.0.0.2.1985         14        924   INT
> 2008-02-11 14:08:2  e         tcp    10.154.223.177.18056    <?>  
> 10.152.23.39.80            4        264   FIN
> 2008-02-11 14:08:2  e         tcp    10.154.223.177.9491     <?>  
> 10.152.23.39.80            4        264   FIN
> 2008-02-11 14:08:2  *         arp      10.154.198.3          who  
> 10.154.198.16               9        576   INT
> 2008-02-11 14:08:3  e         tcp    10.154.223.177.18368    <?>  
> 10.154.215.170.80            4        264   FIN
> 2008-02-11 14:08:3  e         tcp    10.154.223.177.1491     <?>  
> 10.154.215.170.80            4        264   FIN
> 2008-02-11 14:08:3  e d       tcp    10.154.223.177.26935     ->  
> 10.154.215.170.80           43      23269   FIN
> 2008-02-11 14:08:3  e         udp    10.154.223.177.20331    <->  
> 10.152.23.12.53            2        221   CON
> 2008-02-11 14:08:3  e         udp    10.154.223.177.33705    <->  
> 10.152.23.12.53            2        335   CON
> 2008-02-11 14:08:3  e d       tcp    10.154.223.177.35005     ->  
> 10.154.215.170.80           23      12253   FIN
> 2008-02-11 14:08:3  e d       tcp    10.154.223.177.25924     ->
>
>
> How about sparc64?
>
> $ date
> Mon Feb 11 14:10:30 CST 2008
> $ ra -nr foo.cap
> 1970-01-08 01:18:2  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1         60   CON
> 1970-01-10 02:52:1  *         llc     0:d:29:4b:c:25.66        ->  
> 1:80:c2:0:0:0.66            1         60   INT
> 1970-01-10 04:43:0  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1        106   CON
> 1970-01-10 04:56:2  e         tcp     10.154.223.28.22        ?>  
> 10.154.223.223.3953          1        106   CON
> 1970-01-11 14:44:3  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1         60   CON
> 1970-01-01 02:55:5  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1        106   CON
> 1970-01-01 03:08:2  e         tcp     10.154.223.28.22        ?>  
> 10.154.223.223.3953          1        106   CON
> 1970-01-01 03:12:0  e         tcp     10.154.223.28.22        ?>  
> 10.154.223.223.3953          1        106   CON
> 1970-01-01 03:15:3  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1         60   CON
> 1970-01-01 19:18:1  e         udp      10.154.223.2.1985      ->  
> 224.0.0.2.1985          1         62   INT
> 1970-01-02 21:08:4  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1        106   CON
> 1970-01-02 21:21:5  e         tcp     10.154.223.28.22        ?>  
> 10.154.223.223.3953          1        106   CON
> 1970-01-02 21:25:2  e         tcp     10.154.223.28.22        ?>  
> 10.154.223.223.3953          1        106   CON
> 1970-01-02 21:28:4  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1         60   CON
> 1970-01-04 10:54:3  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1        106   CON
> 1970-01-04 11:07:1  e         tcp     10.154.223.28.22        ?>  
> 10.154.223.223.3953          1        106   CON
> 1970-01-04 11:10:4  e         tcp     10.154.223.28.22        ?>  
> 10.154.223.223.3953          1        106   CON
> 1970-01-04 11:13:5  e         tcp    10.154.223.223.3953      ?>  
> 10.154.223.28.22            1         60   CON
>
> Damn, no go there.
>
> So, taking flows from a file on i386 gives good time, but using  
> sockets to
> i386 or sparc64 doesn't work. Taking flows from a file on sparc64  
> doesn't
> give good time, nor does it in taking flows from i386 or sparc64.
>
> - Eric
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080211/790ddf78/attachment.html>

More information about the argus mailing list