[Bug 1317] New: ulogd missed flow.start.sec and flow.start.usec fields

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1317

            Bug ID: 1317
           Summary: ulogd missed flow.start.sec and flow.start.usec fields
           Product: ulogd
           Version: 2.0.0beta1
          Hardware: All
                OS: Debian GNU/Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: ulogd
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: farzadazizsoltani98 at gmail.com

When I test ulogd, I found that after a while ulogd hasn't "flow.start.sec" and
"flow.start.usec" fileds in their JASON file.
I send packet with scapy as follows:
send(IP(dst='myIP')/fuzz(UDP()),loop=1)

log with those fileds:
{    "ct.event" : 4,    "ct.id" : 1864591088,    "ct.mark" : 2147483767,   
"dest_ip" : "192.168.2.100",    "dvc" : "Netfilter",    "flow.end.sec" :
1547900066,    "flow.end.usec" : 425948,    "flow.start.sec" : 1547900066,   
"flow.start.usec" : 210972,    "oob.family" : 2,    "oob.protocol" : 0,   
"orig.ip.protocol" : 17,    "orig.l4.dport" : 39105,    "orig.l4.sport" :
25845,    "orig.raw.pktcount" : 1,    "orig.raw.pktlen" : 28,   
"reply.ip.daddr.str" : "192.168.1.108",    "reply.ip.protocol" : 17,   
"reply.ip.saddr.str" : "192.168.2.100",    "reply.l4.dport" : 25845,   
"reply.l4.sport" : 39105,    "reply.raw.pktcount" : 0,    "reply.raw.pktlen" :
0,    "src_ip" : "192.168.1.108",    "timestamp" : "2019-01-19T15:44:26" }

log without those fileds:
{    "ct.event" : 4,    "ct.id" : 1530067856,    "ct.mark" : 2147483767,   
"dest_ip" : "192.168.2.100",    "dvc" : "Netfilter",    "flow.end.sec" :
1547899965,    "flow.end.usec" : 909658,    "oob.family" : 2,    "oob.protocol"
: 0,    "orig.ip.protocol" : 17,    "orig.l4.dport" : 27353,    "orig.l4.sport"
: 55469,    "orig.raw.pktcount" : 1,    "orig.raw.pktlen" : 28,   
"reply.ip.daddr.str" : "192.168.1.108",    "reply.ip.protocol" : 17,   
"reply.ip.saddr.str" : "192.168.2.100",    "reply.l4.dport" : 55469,   
"reply.l4.sport" : 27353,    "reply.raw.pktcount" : 0,    "reply.raw.pktlen" :
0,    "src_ip" : "192.168.1.108",    "timestamp" : "2019-01-19T15:42:45" }

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190119/b49f2b2f/attachment.html>