[ARGUS] Ipv6 fragmentation tracking issue
Carter Bullard
carter at qosient.com
Wed Nov 6 12:29:54 EST 2019
Gentle people,
We discovered a bug in the IPv6 fragmentation tracking code where fragments we’re not being hashed to its parent IPv6 flow, causing argus to generate “ f “ status indications on some IPv6 flows (lower case ‘f’ is a flow record that represents fragments that couldn’t be mapped to its original flow). The flow data is correct, in that we’re accounting for the fragmented traffic, but we aren’t doing the right thing.
We have a fix, and are testing it now. If you are monitoring IPv6 and see some of these flows, send me a note, and I’ll try to get the fix to you, if you would like to test it.
Hope all is most excellent,
Carter
More information about the argus
mailing list