From mix.kao at cipherium.com.tw  Thu Mar 11 12:07:39 2010
From: mix.kao at cipherium.com.tw (mix.kao)
Date: Thu, 11 Mar 2010 19:07:39 +0800
Subject: [ulogd] Wrong ip address and port in ulogd 1.24 build in arm
 platform (big endian)
Message-ID: <4B98CEFB.9030406@cipherium.com.tw>

Hi,

i found some issue in ulogd ver 1.24.
I got wrong source and destination IP address and port in ulogd output.
It's work in x86 platform but get wrong in arm platform.
I don't know is it a endian issue or?
Any idea?

[From dmesg]
[ 1336.040000] IN=eth11 OUT=eth2 PHYSIN=eth10.1005 SRC=192.168.2.35 
DST=63.245.209.106 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=62747 DF 
PROTO=TCP SPT=36209 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0xa01

[user space log from ulogd]
Mar 11 16:47:37 2010 TCP MAC=00:06:1b:d3:9b:08 SIP=2.99.192.168 
SPort=27277 DIP=209.35.63.245 DPort=29184


Thanks.

From mark at tux-edo.co.za  Tue Mar 23 12:49:40 2010
From: mark at tux-edo.co.za (Mark Coetser)
Date: Tue, 23 Mar 2010 13:49:40 +0200
Subject: [ulogd] ip_totlen question
Message-ID: <4BA8AAD4.9080501@tux-edo.co.za>

Hi

kernel		2.6.26-2-686
ulogd		1.24-2.1
iptables	1.4.2-6

iptables rule

iptables -t filter -I FORWARD -j ULOG

Ulog is logging too mysql and everything seems 100%

My issue is that when calculating the sum of ip_totlen for all traffic 
with a tcp_sport and tcp_dport of 80 for a specific day, then 
multiplying that by 4 for a byte figure this doesnt seem too correspond 
too the figure from ciscos "ip accounting".

Am I doing this correctly? All I am trying too achieve is too do some 
proper bandwidth accounting on my gateway boxes.

-- 
Thank you,

Mark Adrian Coetser
mark at tux-edo.co.za
http://www.tux-edo.co.za
http://www.tux-voip.co.za
cel: +27 76 527 8789