arno-st
commented
2 years ago Doing a simple function to test the INET_NTOA and ATON look like it's causing the problem When I did: RETURN ( INET6_NTOA(ipadd & INET6_ATON(mask))
) and a call with: SELECT get_network(0x0a55a094, "255.255.0.0", "10.85.0.0")
return NULL
but having the function : RETURN ( INET_NTOA(ipadd & INET_ATON(mask))
) and same call as before, it return: 10.85.0.0
So verification with the function: RETURN ( (ipadd & INET_ATON(mask)) = INET_ATON(test) ) And allways the same call return true, and if I call with this: SELECT get_network(0x0aa5a094, "255.255.0.0", "10.85.0.0")
it return false.
So why is the INET6_ATON and NTOA is not working ?
TheWitness
I try to use flow-View 3.0 in cacti 1.2.19 My colletor is working fine, my DB is populated with netflow from my cisco device, with V5 netflow.
I setup a filter who is like this: Name Source IP B85 10.85.0.0/16 Other filed are left by default The query I can log from the DB query is the following: SELECT INET6_NTOA(src_addr) AS src_addr, INET6_NTOA(dst_addr) AS dst_addr, SUM(flows) AS flows, SUM(bytes) AS bytes, SUM(packets) AS packets, src_domain, dst_domain FROM (SELECT src_addr, dst_addr, SUM(flows) AS flows, SUM(bytes) AS bytes, SUM(packets) AS packets, src_domain, dst_domain FROM plugin_flowview_raw_2022093 WHERE (
start_timeBETWEEN "2022-04-04 10:48:00" AND "2022-04-04 11:18:00" ORend_timeBETWEEN "2022-04-04 10:48:00" AND "2022-04-04 11:18:00") AND (src_addr & INET6_ATON('255.255.0.0') = INET6_ATON('10.85.0.0')) GROUP BY src_addr, dst_addr) AS rs GROUP BY INET6_NTOA(src_addr), INET6_NTOA(dst_addr) ORDER BY 4 DESC LIMIT 20So why is the ouput containing packet that have a source ip outside 10.85.0.0/16 ?
src_addr | dst_addr | flows | bytes | packets | src_domain | dst_domain | 10.75.138.201 237.1.1.5 231 70186963032 120238661 ip-10-75-138-201.private.net ip-237-1-1-5.mcast.net 10.75.138.213 237.1.1.17 179 30466778480 39217083 ip-10-75-138-213.private.net ip-237-1-1-17.mcast.net 10.0.24.42 10.85.105.18 172 17882249186 11827444 ip-10-0-24-42.private.net l36961.mydomain.ch 10.4.9.26 10.75.160.148 3397 12971856214 8796642 server1.video.mydomain.ch poste5.video.mydomain.ch 10.0.24.37 10.85.107.124 70 9419318154 6240962 ip-10-0-24-37.private.net poste3.mydomain.ch 10.0.24.94 10.85.106.0 519 6321374924 4156211 server1.mydomain.ch poste1.mydomain.ch 10.0.24.38 10.75.104.95 105 6077939429 4229959 ip-10-0-24-38.private.net ip-10-75-104-95.private.net 10.0.24.48 10.85.105.37 152 5841555820 6124238 ip-10-0-24-48.private.net poste2.mydomain.ch
And my log is full of: 04/04/2022 11:26:35 - CMDPHP PHP ERROR NOTICE Backtrace: (/plugins/flowview/flow_collector.php[338]:process_fv5(), /plugins/flowview/flow_collector.php[428]:flowview_get_dns_from_ip(), /plugins/flowview/functions.php[3300]:flowview_get_owner_from_arin(), /plugins/flowview/functions.php[3562]:CactiErrorHandler())
04/04/2022 11:26:35 - ERROR PHP NOTICE in Plugin 'flowview': Trying to access array offset on value of type null in file: /usr/share/cacti/plugins/flowview/functions.php on line: 3562
Maybee due to the fact that my server dosen't have access to http://whois.arin.net/rest/ip