<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - ulogd missed flow.start.sec and flow.start.usec fields"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1317">1317</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>ulogd missed flow.start.sec and flow.start.usec fields
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>ulogd
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>2.0.0beta1
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Debian GNU/Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>major
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P5
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>ulogd
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>netfilter-buglog@lists.netfilter.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>farzadazizsoltani98@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>When I test ulogd, I found that after a while ulogd hasn't "flow.start.sec" and
"flow.start.usec" fileds in their JASON file.
I send packet with scapy as follows:
send(IP(dst='myIP')/fuzz(UDP()),loop=1)

log with those fileds:
{    "ct.event" : 4,    "ct.id" : 1864591088,    "ct.mark" : 2147483767,   
"dest_ip" : "192.168.2.100",    "dvc" : "Netfilter",    "flow.end.sec" :
1547900066,    "flow.end.usec" : 425948,    "flow.start.sec" : 1547900066,   
"flow.start.usec" : 210972,    "oob.family" : 2,    "oob.protocol" : 0,   
"orig.ip.protocol" : 17,    "orig.l4.dport" : 39105,    "orig.l4.sport" :
25845,    "orig.raw.pktcount" : 1,    "orig.raw.pktlen" : 28,   
"reply.ip.daddr.str" : "192.168.1.108",    "reply.ip.protocol" : 17,   
"reply.ip.saddr.str" : "192.168.2.100",    "reply.l4.dport" : 25845,   
"reply.l4.sport" : 39105,    "reply.raw.pktcount" : 0,    "reply.raw.pktlen" :
0,    "src_ip" : "192.168.1.108",    "timestamp" : "2019-01-19T15:44:26" }

log without those fileds:
{    "ct.event" : 4,    "ct.id" : 1530067856,    "ct.mark" : 2147483767,   
"dest_ip" : "192.168.2.100",    "dvc" : "Netfilter",    "flow.end.sec" :
1547899965,    "flow.end.usec" : 909658,    "oob.family" : 2,    "oob.protocol"
: 0,    "orig.ip.protocol" : 17,    "orig.l4.dport" : 27353,    "orig.l4.sport"
: 55469,    "orig.raw.pktcount" : 1,    "orig.raw.pktlen" : 28,   
"reply.ip.daddr.str" : "192.168.1.108",    "reply.ip.protocol" : 17,   
"reply.ip.saddr.str" : "192.168.2.100",    "reply.l4.dport" : 55469,   
"reply.l4.sport" : 27353,    "reply.raw.pktcount" : 0,    "reply.raw.pktlen" :
0,    "src_ip" : "192.168.1.108",    "timestamp" : "2019-01-19T15:42:45" }</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>