Re: ports/3565: trafshow-3.1 not showing traffic properly

[Herrb Matthieu <matthieu_(_dot_)_herrb_(_at_)_laas_(_dot_)_fr>]

The following reply was made to PR ports/3565; it has been noted by GNATS.

From: Herrb Matthieu <matthieu_(_dot_)_herrb_(_at_)_laas_(_dot_)_fr>
To: bugs_(_dot_)_openbsd_(_dot_)_org_(_at_)_VirginVinyl_(_dot_)_net
Cc: gnats_(_at_)_openbsd_(_dot_)_org, Herrb Matthieu <matthieu_(_dot_)_herrb_(_at_)_laas_(_dot_)_fr>
Subject: Re: ports/3565: trafshow-3.1 not showing traffic properly
Date: Thu, 13 Nov 2003 11:10:11 +0100

 On 12 Nov 2003, at 00:57, bugs_(_dot_)_openbsd_(_dot_)_org_(_at_)_VirginVinyl_(_dot_)_net wrote:
 
 >> Number:         3565
 >> Category:       ports
 >> Synopsis:       trafshow-3.1 not showing traffic properly
 >> Confidential:   yes
 >> Severity:       serious
 >> Priority:       medium
 >> Responsible:    bugs
 >> State:          open
 >> Quarter:
 >> Keywords:
 >> Date-Required:
 >> Class:          sw-bug
 >> Submitter-Id:   unknown
 >> Arrival-Date:   Wed Nov 12 00:10:01 GMT 2003
 >> Closed-Date:
 >> Last-Modified:
 >> Originator:     Terra
 >> Release:        trafshow-3.1
 >> Organization:
 > virginvinyl.net
 >> Environment:
 >
 > 	System      : OpenBSD 3.4
 > 	Architecture: OpenBSD.i386
 > 	Machine     : i386
 >
 >> Description:
 >
 > 	trafshow is not showing all of the traffic regardless if filter 
 > expression is in use or not.
 >
 >> How-To-Repeat:
 >
 > 	This affects both types of trafshow:
 > 	1) installed from package file included in OpenBSD 3.4 set
 > 	2) compiling and installed from ports tree
 >
 > 	Network setup:
 > 	
 > 	123.456.789.006 --|
 > 	123.456.789.010 --|
 > 	123.456.789.041 --|--- [fxp1]=OpenBSD NAT (trafshow)=[fxp0] --- 
 > 192.168.1.88
 > 	123.456.789.181 --|
 > 	123.456.789.231 --|
 > 	
 > 	Consider that all of the (123.456.789.*) addresses are both sending 
 > and receiving traffic to 192.168.1.88
 >
 > 	For simplification, I used a /24 network range of IPs - however the 
 > external IPs can be any
 > 	valid routable IP.
 > 	
 > 	running:
 > 	# tcpdump -n -i fxp0 src host 192.168.1.88
 > 	
 > 	Shows all of the traffic correctly for all external IPs.
 > 	
 > 	
 > 	When running:
 > 	# trafshow -n -i fxp0 src host 192.168.1.88
 > 	
 > 	Will only show 1 of the external IPs at any one time.  I have tried 
 > various expressions, and the 	result ends up being the same 
 > restrictive view.  Dropping the 'src' specifier had no effect, other 
 > 	than showing both egress and ingress.
 > 	
 > 	Let's say that 123.456.789.010 was the only IP showing, if I were to 
 > do:
 > 	# trafshow -n -i fxp0 src host 192.168.6.11 and dst host 
 > 123.456.789.181
 > 	
 > 	Then I would be able to see that particular external IP for which was 
 > nonexistent prior.
 > 	
 > 	If I run trafshow on the external interface:
 > 	# trafshow -n -i fxp1
 > 	
 > 	Then I will see 3 sets of traffic with 1 associated IP each.
 > 	1) tcp
 > 	2) udp
 > 	3) icmp
 >
 > 	In conclusion, trafshow is only showing one (inbound and outbound) 
 > traffic set (per protocol) for IP
 > 	addresses that it sees either on the internal or external network 
 > card.
 >
 >> Fix:
 >
 > 	I will be happy to provide the maintainer/author with whatever 
 > information is requested of me.
 >
 >
 I can see that too. I've reported it to the port's maintainer some 
 month ago.
 
 This problem is caused by the IPv6 patches in the OpenBSD port. If you
 remove them before installing the port the problem disapeard.
 
 I've not took the time to look at what's the problem in the patches 
 though.
 Shame on me.