|Summary:||net-mgmt/iftop 1.0pre4 unable to detect IPv6 traffic on pure monitoring interface|
|Product:||Ports & Packages||Reporter:||Trond.Endrestol|
|Component:||Individual Port(s)||Assignee:||Vasil Dimov <vd>|
|Severity:||Affects Some People||CC:||pi, vd, w.schwarzenfeld|
Description Trond.Endrestol 2015-02-02 10:12:38 UTC
I'm running an IDS with the bce1 interface configured as a pure monitoring interface, i.e.: ifconfig_bce1="up monitor promisc" This results in: bce1: flags=68943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC,MONITOR> metric 0 mtu 1500 options=c01bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> ether XX:XX:XX:XX:XX:XX nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex>) status: active Other software, like net-mgmt/darkstat, are able to detect and extract IPv6 traffic from the same interface. net-mgmt/iptop is able to detect and extract IPv6 traffic on proper interfaces, e.g. non-monitoring interfaces.
Comment 2 Walter Schwarzenfeld 2018-01-12 04:20:32 UTC
Is this still relevant. Please, maintainer feedback!
Comment 3 Trond.Endrestol 2018-01-12 09:04:07 UTC
(In reply to w.schwarzenfeld from comment #2) Yes. My IDS is running stable/11 r326928 amd64, and net-mgmt/iftop doesn't display any IPv6 traffic on any of the monitoring interfaces. net-mgmt/iftop shows both IPv4 and IPv6 traffic on the management interface. I'm not sure whether the problem is within the kernel or iftop. If the bug proves too difficult to resolve, then let's close this PR and go on.
Comment 4 Vasil Dimov 2018-01-12 10:35:51 UTC
Created attachment 189644 [details] Quick and dirty patch to use latest iftop from the git repository. Will break once a new commit is done to the iftop repository.
Comment 5 Vasil Dimov 2018-01-12 10:37:54 UTC
Hey, While there is no new version of iftop released, I see that there are some commits in the git repository of the project, after 1.0pre4 has been released. I crafted a quick patch to the port to use that latest source from git instead of 1.0pre4 at https://bugs.freebsd.org/bugzilla/attachment.cgi?id=189644 Maybe you can check if the problem exists with this latest iftop?
Comment 6 Kurt Jaeger 2018-01-12 12:16:31 UTC
patch fails to build in poudriere: http://people.freebsd.org/~pi/logs/net-mgmt__iftop-111-1515759265.txt
Comment 7 Walter Schwarzenfeld 2018-01-12 12:42:08 UTC
I try it with 10.4 in poudriere. Works if you add autoreconf to USES.
Comment 8 Kurt Jaeger 2018-01-12 15:11:17 UTC
Yes, it builds with that change. But: Does it solve the IPv6 problem ? Has anyone tested if this newer version fixes the problem ?
Comment 9 Walter Schwarzenfeld 2018-01-12 15:14:09 UTC
Cannot test it, work without ipv6.
Comment 10 Walter Schwarzenfeld 2018-01-12 15:14:40 UTC
correct: I am working without ipv6.
Comment 11 Trond.Endrestol 2018-01-12 15:39:58 UTC
(In reply to Kurt Jaeger from comment #8) I'll try as soon as time allows.
Comment 12 Trond.Endrestol 2018-01-12 21:13:24 UTC
(In reply to Trond.Endrestol from comment #11) Sadly the new version didn't have any effect. Significant IPv6 traffic was spotted by the regular iftop on a local server during a FTP transfer from an external FTP server, but not by the IDS using this version.
Comment 13 Trond.Endrestol 2018-01-12 21:15:09 UTC
(In reply to Trond.Endrestol from comment #12) darkstat is able to see both IPv4 and IPv6 traffic on the same interface while iftop doesn't.
Comment 14 Trond.Endrestol 2018-01-12 22:30:15 UTC
(In reply to Trond.Endrestol from comment #12) I tried the new version on a different monitoring interface on my IDS. iftop sees some of the IPv6 traffic. Two SPAN ports on my core switch are feeding bce0 and bce1 on the IDS. (Yes, I know, SPAN ports have their own problems.) bce0 receives external traffic, while bce1 receives internal traffic. Maybe the volume of IPv4 traffic displaces any IPv6 traffic on bce0 when viewed with iftop. I thought connections with the highest transfer rates would bubble up to the top lines in the display regardless of IPv4 or IPv6.
Comment 15 Mark Linimon 2018-02-24 00:07:30 UTC
Maintainership was reset.
Comment 16 Vasil Dimov 2018-02-25 11:21:45 UTC
Hey, my maintainership was not reset. I guess it was a mistake to de-assign this from me. Reassigning it back.