Openfpc-client Doesn't Return After Executing Search

[spellfish]

When I run openfpc-client on a cloned branch from Dec 2nd, the client never returns results after accepting username and password. When I include uid and passwd (with AUTH OK from openfpc-queued), the client just hangs.

I ran tshark to capture the query being sent from openfpc-client. For the command: bash$ openfpc-client -a search -dtp 443 -proto tcp

The resulting query is sent. I don't see my exact parameters, so it's possible this is the wrong query. What I notice is that the query includes "\x0a" and "\0x9". Placing this command onto the mysql command-line results in an error on parsing those characters:

SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes\x0a\x09FROM session IGNORE INDEX (p_key) WHERE unix_timestamp(CONVERT_TZ(start_time, '+00:00', @@session.time_zone)) \x0a\x09between 1418084402 and 1418088002 ORDER BY start_time DESC LIMIT 20

On the queued side, the daemon shows the following, while the client hangs infinitely: Tue Dec 9 00:54:19 2014 GMT: ids_dev COMMS: 127.0.0.1: RID: 2 Search Request Tue Dec 9 00:54:19 2014 GMT: ids_dev COMMS: 127.0.0.1: RID: 2 Start time=0 End time=0

I would appreciate any help. I noticed there have been many commits the last few days, is now a good time to git pull from this repo?

[spellfish]

Also, I wanted to note that when I specify search criteria that doesn't match - i.e. false dst port that doesn't exist, openfpc-client returns immediately.

[spellfish]

I have better debug output here. Using '-debug' on queued command-line yields the following:

bash$ openfpc-client -a search -dpt 22 -proto tcp --utc

Openfpc-Queued Debug: Tue Dec 9 01:50:04 2014 GMT: ids_dev DEBUG: Enabling debug via shell variable OFPCDEBUG Tue Dec 9 01:50:04 2014 GMT: ids_dev DECOD: DEBUG: Received action search Tue Dec 9 01:50:04 2014 GMT: ids_dev DECOD: DEBUG: Search request Tue Dec 9 01:50:04 2014 GMT: ids_dev DECOD: stime and etime are set in request as 1418089744 / 1418089804 Tue Dec 9 01:50:04 2014 GMT: ids_dev COMMS: 127.0.0.1: RID: 4 Search Request Tue Dec 9 01:50:04 2014 GMT: ids_dev COMMS: 127.0.0.1: RID: 4 Start time=1418089744 End time=1418089804 Tue Dec 9 01:50:04 2014 GMT: ids_dev QUERY: DEBUG: Building query Tue Dec 9 01:50:04 2014 GMT: ids_dev QUERY: DEBUG: Result Limit: 20 DEBUG: Query is SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes FROM session IGNORE INDEX (p_key) WHERE unix_timestamp(CONVERT_TZ(start_time, '+00:00', @@session.time_zone)) between 1418089744 and 1418089804 ORDER BY start_time DESC LIMIT 20 DEBUG getresults : DB Name = openfpc : DB User = openfpc : DB Pass = **** : Query = SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes FROM session IGNORE INDEX (p_key) WHERE unix_timestamp(CONVERT_TZ(start_time, '+00:00', @@session.time_zone)) between 1418089744 and 1418089804 ORDER BY start_time DESC LIMIT 20 DEBUG: Connected to DB

[leonward]

So a few things here: 1) It looks like the session identifiers (sip, dip, spt, dpt) aren't finding their way to the query. I've just checked in comit 156ab582b61ba5fad1256f7e949a121807649ac2 to fix they're actually passed from the client.

2) I really need to write up some documentation of how to put openfpc into debug mode. It's not written anywhere and the debug data above is a little lacking. Could you please do the following and provide (censor as needed) the output of the below?

cd sudo ./openfpc -a debug

Then make a simple search request like: ./openfpc-client -a search -dpt 53

Cheers

[spellfish]

@leonward Apologies for the delay. I wanted to point out that I've gone through quite a bit of trouble to add code for connection to remote (non-local) DBs. It took me some time to re-apply my changes for 0.9 to 0.9.1. I would submit a PR but I'm not sure you would like all of my changes. Suffice to say, I am using amazon's RDS mysql as a backend db, so there were several places, files and so on where I had to modify code to connect to "$dbhost" or "config{'SESSION_DB_HOST'}.

It seems your change does not have an affect on my issue - openfpc-client still hangs. As I've investigated the issue further, I've discovered when connecting with mysql(1), my database returns this message on connect, and hangs as well.

neha@ip-10-27-54-217:/home/openfpc$ mysql -u openfpc -p -h dbhost openfpc Enter password: [ENTER PASSWD]

"Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A"

When I connect to the db with "-A" option, my mysql client connection does not hang. The mysql client has auto-rehashing enabled by default, so this is due to the mysql cli client. The openfpc-client utility may be experiencing some other issue.

I ran the following: bash$ openfpc-client -a search -dpt 443

The debug output:

bash:/home/openfpc$ sudo openfpc -a debug Putting ids_dev into DEBUG mode Stopping OpenFPC Queue Daemon (ids_dev)... Not running

• Waiting for daemon to stop..Putting openfpc-queued into debug mode: Thu Dec 11 13:24:25 2014 GMT: sensor DEBUG: Enabling debug via shell variable OFPCDEBUG Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: SHA1 passwords enabled - Reading /etc/openfpc/openfpc.passwd

Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Enabling debug via shell variable OFPCDEBUG Thu Dec 11 13:24:25 2014 GMT: idsdev DEBUG: Adding user "ops" PassHash "**" Thu Dec 11 13:24:25 2014 GMT: idsdev START: ****** OpenFPC 0.9 ** Thu Dec 11 13:24:25 2014 GMT: ids_dev START: \ http://www.openfpc.org Thu Dec 11 13:24:25 2014 GMT: ids_dev START: Dropping Privileges to user openfpc Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: START: Started by user root Thu Dec 11 13:24:25 2014 GMT: ids_dev START: Now running as user openfpc Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Checking write access to directory /mnt/openfpc/extracted Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Write access to /mnt/openfpc/extracted successful Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Unlink access successful for /mnt/openfpc/extracted Thu Dec 11 13:24:25 2014 GMT: ids_dev START: Starting OFPC Node "ids_dev" as a Node Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Node Description: "Simple FPC Node" Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Enabled : y Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: local savedir : /mnt/openfpc/extracted Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Buffer Path : /mnt/openfpc/pcap Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: mergecap : /usr/bin/mergecap Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: tcpdump : /usr/sbin/tcpdump Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Keep files : 0 Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Adding user "ops" PassHash "**_" Thu Dec 11 13:24:25 2014 GMT: idsdev START: ****** OpenFPC 0.9 ** Thu Dec 11 13:24:25 2014 GMT: ids_dev START: \ http://www.openfpc.org Thu Dec 11 13:24:25 2014 GMT: ids_dev START: Dropping Privileges to user openfpc Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: START: Started by user root Thu Dec 11 13:24:25 2014 GMT: ids_dev START: Now running as user openfpc Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Checking write access to directory /mnt/openfpc/extracted Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Write access to /mnt/openfpc/extracted successful Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Unlink access successful for /mnt/openfpc/extracted Thu Dec 11 13:24:25 2014 GMT: ids_dev START: Starting OFPC Node "ids_dev" as a Node Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Node Description: "FPC Node" Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Enabled : y Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: local savedir : /mnt/openfpc/extracted Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Buffer Path : /mnt/openfpc/pcap Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: mergecap : /usr/bin/mergecap Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: tcpdump : /usr/sbin/tcpdump Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Keep files : 0 Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Local Timezone for this node is UTC Thu Dec 11 13:24:25 2014 GMT: ids_dev DEBUG: Local time at UTC is Thu Dec 11 13:24:25 2014 Thu Dec 11 13:24:25 2014 GMT: ids_dev START: Starting listener on TCP:4242 Thu Dec 11 13:24:52 2014 GMT: ids_dev COMMS: Accepted new connection from 127.0.0.1 Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: Enabling debug via shell variable OFPCDEBUG Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG 127.0.0.1: GOT version, sending OFPC-v2 OK Thu Dec 11 13:24:52 2014 GMT: ids_dev COMMS: 127.0.0.1: GOT USER secops Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: 127.0.0.1: Sending challenge: 1098687986894917152358371243303677152 Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: 127.0.0.1: Waiting for response to challenge Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: 127.0.0.1: Got RESPONSE Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: 127.0.0.1: Expected resp: '****_' Thu Dec 11 13:24:52 2014 GMT: idsdev DEBUG: 127.0.0.1: Actual resp : '****' Thu Dec 11 13:24:52 2014 GMT: ids_dev AUTH : 127.0.0.1: Pass Okay Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: 127.0.0.1: REQ -> {"metadata":{"nodeuser":0,"nodeaddress":0,"nodeport":0,"tempfile":0,"nodepass":0},"filetype":{"text":"File type","val":"PCAP","required":0},"password":{"val":0,"text":"Password","required":1},"sip":{"required":0,"val":0,"text":"Source IP"},"sumtype":{"required":0,"val":"top_source_ip_by_volume","text":"Summary Type"},"msg":{"val":"","text":"Feedback Message","required":0},"comment":{"required":0,"text":"Comment","val":0},"fail":{"text":"Errorval","0":null},"dpt":{"required":0,"text":"Destination port","val":"443"},"stime":{"required":0,"text":"Start time","val":0},"spt":{"val":0,"text":"Source port","required":0},"showposition":{"required":0,"text":"Show Position","val":0},"logline":{"val":0,"text":"Log line","required":0},"timestamp":{"required":0,"val":1418304292,"text":"Timestamp"},"device":{"val":0,"text":"Device Name","required":0},"tz":{"requred":0,"val":"UTC","text":"Time Zone"},"proto":{"val":0,"text":"Protocol","required":0},"filename":{"required":0,"val":"/tmp/pcap-openfpc-1418304285","text":"Filename"},"etime":{"required":0,"val":0,"text":"End time"},"bpf":{"required":0,"text":"BPF filter","val":0},"logtype":{"text":"Log Type","val":"auto","required":0},"action":{"required":1,"val":"search","text":"Action"},"rtime":{"val":0,"text":"Request Time","required":0},"user":{"text":"Username","val":"secops","required":1},"dip":{"val":0,"text":"Destination IP","required":0},"limit":{"requred":0,"text":"Results limit","val":20}}

Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: Enabling debug via shell variable OFPCDEBUG Thu Dec 11 13:24:52 2014 GMT: ids_dev DECOD: DEBUG: Received action search Thu Dec 11 13:24:52 2014 GMT: ids_dev DECOD: DEBUG: Normalizing timestamps Thu Dec 11 13:24:52 2014 GMT: ids_dev DECOD: DEBUG: timestamp in request was: 1418304292 Thu Dec 11 13:24:52 2014 GMT: ids_dev DEBUG: DEBUG: timestamp normalized to 1418304292 (Thu Dec 11 13:24:52 2014) Thu Dec 11 13:24:52 2014 GMT: ids_dev DECOD: DEBUG: stime not set in request. Nothing to normalize Thu Dec 11 13:24:52 2014 GMT: ids_dev DECOD: DEBUG: etime not set in request. Nothing to normalize Thu Dec 11 13:24:52 2014 GMT: ids_dev DECOD: DEBUG: Search request Thu Dec 11 13:24:52 2014 GMT: ids_dev DECOD: DEBUG: Final timestamp used in request is epoch 1418304292 Thu Dec 11 13:24:52 2014 GMT: ids_dev COMMS: 127.0.0.1: RID: 16FF8230-8139-11E4-8B89-AE15906692D6 Search Request Thu Dec 11 13:24:52 2014 GMT: ids_dev COMMS: 127.0.0.1: RID: 16FF8230-8139-11E4-8B89-AE15906692D6 Start time=0 End time=0 DEBUG: No time set, instead using default time window of 1 hour : Start time: 1418300692 (Thu Dec 11 12:24:52 2014) : End time : 1418304292 (Thu Dec 11 13:24:52 2014) Thu Dec 11 13:24:52 2014 GMT: ids_dev QUERY: DEBUG: Building query Thu Dec 11 13:24:52 2014 GMT: ids_dev QUERY: DEBUG: Adding Destination Port: 443 Thu Dec 11 13:24:52 2014 GMT: ids_dev QUERY: DEBUG: Result Limit: 20 DEBUG: Query is SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes FROM session IGNORE INDEX (p_key) WHERE unix_timestamp(CONVERT_TZ(start_time, '+00:00', @@session.time_zone)) between 1418300692 and 1418304292 AND dst_port='443' ORDER BY start_time DESC LIMIT 20 DEBUG getresults : DB Name = openfpc : DB User = openfpc : DB Pass = **** : Query = SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes FROM session IGNORE INDEX (p_key) WHERE unix_timestamp(CONVERT_TZ(start_time, '+00:00', @@session.time_zone)) between 1418300692 and 1418304292 AND dst_port='443' ORDER BY start_time DESC LIMIT 20 DEBUG: Connected to DB

[leonward]

Hi, A couple of points:

• I'd like to see the changes you made if the diff isn't too ugly to consume. If you've found problems it would be good to fix. I don't use a remote database myself, so it's likely that there could be a problem somewhere that I've not caught. All of my DBs are on the nodes.
• Clearly there is something wrong with getting data out of your DB. Lets remove the overhead of openfpc-queue daemon to work out what, as it looks like it's getting the request, converting it into usable SQL, and connecting to the DB fine.

If you look at the debug output you'll see the actual SQL that is executed. So try to run it from your cli client. Just copy/paste it into the mysql-client when connected to the DB.

E.g.

lward@openfpc:~/openfpc$ mysql -uroot -p mysql> show databases; +----------------------+ | Database | +----------------------+ | information_schema | | mysql | | ofpc_session_default | | performance_schema | +----------------------+ 4 rows in set (0.00 sec)

mysql> use ofpc_session_default; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A

Database changed

Then paste in the QUERY = line from where it starts with "SELECT", ending with a ";"

mysql> SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes -> FROM session IGNORE INDEX (p_key) WHERE unix_timestamp(CONVERT_TZ(start_time, '+00:00', @@session.time_zone)) -> between 1418300692 and 1418304292 AND dst_port='443' ORDER BY start_time DESC LIMIT 20; +---------------------+-------------------+----------+-------------------+----------+----------+-----------+-----------+-------------+ | start_time | INET_NTOA(src_ip) | src_port | INET_NTOA(dst_ip) | dst_port | ip_proto | src_bytes | dst_bytes | total_bytes | +---------------------+-------------------+----------+-------------------+----------+----------+-----------+-----------+-------------+

20 rows in set (0.00 sec)

[spellfish]

@leonward

Thanks for your time. I'm preparing a commit for changes that I've made locally, although I've overloaded the config{'SESSION_DB_HOST'} global, as I've used it as an argument to "-h" in many sql queries where localhost was hardcoded or implied. Is it possible for the session db and the proxy db to exist in the same database? I will submit a PR this weekend.

I submitted the SQL Query directly via mysql, and the query hung there also. I have a feeling my database may not have been created correctly. I dropped the db and user via ./openpfc-dbmaint drop session, and started fresh. Because I had to modify openfpc-dbmaint a bit, I missed an error during the script's run:

• Creating Session database on ids_dev
• Session DB Created
• Adding function INET_ATON6 to DB openfpc ERROR 1419 (HY000) at line 4: You do not have the SUPER privilege and binary logging is enabled (you might want to use the less safe log_bin_trust_function_creators variable)

The Super privileges on AWS RDS are restricted via the aws console. This requires a backend change in aws and a restart of the database. I may be able to do this and test again on Mon. However, I believe this may be the source of the hanging. My db is not created correctly (or at least modified correctly). Is there an alternative way of creating these functions - I'm not familiar with the use of 'log_bin_trust_function'.

Here are the specifics for those who are running into this problem also:

http://techtavern.wordpress.com/2013/06/17/mysql-triggers-and-amazon-rds/

[leonward]

HI,

The extra function enables the ability to store ipv6 addresses in a more usable way in mysql. I'm away from the code right now so I can't look it up to make sure, but IIRC I created a config variable to check if the user wanted to enable ipv6 support for session searching. If this is set to 0, then the function should not be created.

-L

Sent from my iPad

On 13 Dec 2014, at 04:35, nehafish notifications@github.com wrote:

@leonward

Thanks for your time. I'm preparing a commit for changes that I've made locally, although I've overloaded the config{'SESSION_DB_HOST'} global, as I've used it as an argument to "-h" in many sql queries where localhost was hardcoded. Is it possible for the session db and the proxy db to exist in the same database? I will submit a PR this weekend.

I submitted the SQL Query directly via mysql, and the query hung there also. I have a feeling my database may not have been created correctly. I dropped the db and user via ./openpfc-dbmaint drop session, and started fresh. Because I had to modify openfpc-dbmaint a bit, I missed an error during the script's run:

Creating Session database on ids_dev

Session DB Created Adding function INET_ATON6 to DB openfpc ERROR 1419 (HY000) at line 4: You do not have the SUPER privilege and binary logging is enabled (you might want to use the less safe log_bin_trust_function_creators variable) The Super privileges on AWS RDS are restricted via the aws console. This requires a backend change in aws and a restart of the database. I may be able to do this and test again on Mon. However, I believe this may be the source of the hanging. My db is not created correctly (or at least modified correctly). Is there an alternative way of creating these functions - I'm not familiar with the use of 'log_bin_trust_function'.

— Reply to this email directly or view it on GitHub.

[spellfish]

Ah, this was confusing as I had IP_V_6=0 in openfpc.conf. After dropping my database and re-creating, I was able to test this again:

• openfpc-client hangs on a search unless there is an empty set returned.
• I can run the same query on my backend DB and get a complete result.

I ran openpfc-client -a search -dpt 443, and the query hung.

The following query was issued to the DB: SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes FROM session IGNORE INDEX (p_key) WHERE unix_timestamp(CONVERT_TZ(start_time, '+00:00', @@session.time_zone)) between 1418499952 and 1418503552 AND dst_port='443' ORDER BY start_time DESC LIMIT 20;

On the mysql side, I get several rows returned. From openfpc-client, there is nothing. I will investigate any changes that I've made to the OpenFPC pm's, as this may have either been a typo or error I've introduced into the code. I will report back shortly.

[spellfish]

Hello @leonward

So after investigating the code, it seems whatever happens within getresults() is silently failing, or there's some other issue. Here's the code in question. Queued hangs after "Connected to DB" is printed. I tried to stick with the standard use of $dbh database handle when adding the $dbhost variable.. maybe there is a better way to do this? Here's the code, and I've included the results that my db should return from this query "openfpc-client -a search -u x -p x -dpt 443"

sub getresults{
        my $dbname = shift;
        my $dbuser = shift;
        my $dbpass = shift;
        my $query = shift;
        my $dbhost = "host.name.blah.rds.amazonaws.com";
        my $debug=wantdebug();
        my @results=();
        my $error=0;

        my %t=(
                size => 0,
                table => {},
                error => 0,
                );

        if ($debug) {
                print "DEBUG getresults \n" .
                        "     : DB Name = $dbname \n" .
                        "     : DB User = $dbuser \n" .
                        "     : DB Pass = $dbpass \n" .
                        "     : Query = $query\n";
        }

        if (my $dbh= DBI->connect("dbi:mysql:database=$dbname:host=$dbhost",$dbuser,$dbpass)) {
                print "DEBUG: Connected to DB\n" if ($debug);
        if (my $query=$dbh->prepare($query)) {
                if ($query->execute()) {
                        my @row;
                        my $rnum=0;
                while ( @row = $query->fetchrow_array ) {
                                        push @row, $config{'NODENAME'};
                                $t{'table'}{$rnum} = [ @row ];                  # Add row to hash
                        $rnum++;
                                        if ($debug){
                                                printf "%5s |", "$rnum";
                                                my $drc=0;
                                                while ($drc <= 5) {
                                                        printf '%15s', "$row[$drc]";
                                                        print " | ";
                                                        $drc++;
                                                }
                                                print "<SNIP to $drc fields>\n";
                                                #%t{$rnum} = @row;
                                        }
                                        # Add the nodename to the row
                                        # XXX
                                        push @results, [@row];          # Add this row to the Results AoA
                                }
                                $t{'size'}=$rnum;
                                [...]

When running the query in my db, i get a response like so:

mysql> SELECT start_time,INET_NTOA(src_ip),src_port,INET_NTOA(dst_ip),dst_port,ip_proto,
src_bytes, dst_bytes,(src_bytes+dst_bytes) as total_bytes FROM session IGNORE INDEX (p_key)
WHERE unix_timestamp(CONVERT_TZ(`start_time`, '+00:00', @@session.time_zone))
between 1418509260 and 1418512860 AND dst_port='443' ORDER BY start_time DESC LIMIT 20;
+---------------------+-------------------+----------+-------------------+----------+----------+-----------+-----------+-------------+
| start_time          | INET_NTOA(src_ip) | src_port | INET_NTOA(dst_ip) | dst_port | ip_proto | src_bytes | dst_bytes | total_bytes |
+---------------------+-------------------+----------+-------------------+----------+----------+-----------+-----------+-------------+
| 2014-12-13 23:21:00 | 255.255.255.110    |    33144 | 100.100.100.216       |      443 |        6 |      2244 |      6252 |        8496 |
| 2014-12-13 23:21:00 | 255.255.255.198    |    50727 | 100.100.100.216       |      443 |        6 |      2244 |      6326 |        8570 |
| 2014-12-13 23:21:00 | 255.255.55.233      |    43892 | 100.100.100.205    |      443 |        6 |      1195 |      4486 |        5681 |
| 2014-12-13 23:21:00 | 255.255.55.233      |    40269 | 100.100.174.153    |      443 |        6 |      1343 |      9389 |       10732 |
| 2014-12-13 23:21:00 | 255.255.55.233      |    40271 | 100.100.174.153    |      443 |        6 |      1475 |      5067 |        6542 |
| 2014-12-13 23:21:00 | 255.255.55.233      |    40272 | 100.100.174.153    |      443 |        6 |      1275 |      5537 |        6812 |
| 2014-12-13 23:21:00 | 255.255.55.233      |    40273 | 100.100.174.153    |      443 |        6 |      1555 |      4898 |        6453 |
| 2014-12-13 23:21:00 | 255.255.55.233      |    40274 | 100.100.174.153    |      443 |        6 |      1211 |      3966 |        5177 |
| 2014-12-13 23:21:00 | 255.255.55.233      |    40275 | 100.100.174.153    |      443 |        6 |      1217 |      4104 |        5321 |
| 2014-12-13 23:20:59 | 255.255.57.182      |    41978 | 100.100.230.156    |      443 |        6 |      2306 |      1548 |        3854 |
| 2014-12-13 23:20:59 | 255.255.62.85       |    49195 | 100.100.21.142     |      443 |        6 |      1401 |      5297 |        6698 |
| 2014-12-13 23:20:59 | 255.255.55.233      |    43881 | 100.100.81.205    |      443 |        6 |      1195 |      4486 |        5681 |
| 2014-12-13 23:20:59 | 255.255.55.233      |    40258 | 100.100.174.153    |      443 |        6 |      1409 |      9389 |       10798 |
| 2014-12-13 23:20:59 | 255.255.55.233      |    40260 | 100.100.174.153    |      443 |        6 |      1475 |      5211 |        6686 |
| 2014-12-13 23:20:59 | 255.255.55.233      |    40261 | 100.100.174.153    |      443 |        6 |      1275 |      5471 |        6746 |
| 2014-12-13 23:20:59 | 255.255.55.233      |    40262 | 100.100.174.153    |      443 |        6 |      1411 |      3562 |        4973 |
| 2014-12-13 23:20:59 | 255.255.55.233      |    40263 | 100.100.174.153    |      443 |        6 |      1211 |      3966 |        5177 |
| 2014-12-13 23:20:59 | 255.255.55.233      |    40264 | 100.100.174.153    |      443 |        6 |      1217 |      4104 |        5321 |
| 2014-12-13 23:20:59 | 255.255.56.156      |    60487 | 100.100.163.231   |      443 |        6 |      2418 |      5328 |        7746 |
| 2014-12-13 23:20:58 | 255.255.57.110      |    33143 | 100.100.78.216       |      443 |        6 |      2298 |      6318 |        8616 |
+---------------------+-------------------+----------+-------------------+----------+----------+-----------+-----------+-------------+
20 rows in set (0.10 sec)

mysql>

[leonward]

Will try to take a look early next week. Traveling right now.

On Sat, Dec 13, 2014 at 11:52 PM, nehafish notifications@github.com wrote:

Hello -

So after investigating the code, it seems whatever happens within get_results is silently failing, or there's some other issue. Here's my code:

sub getresults{ my $dbname = shift; my $dbuser = shift; my $dbpass = shift; my $query = shift; my $dbhost = "sa1222nidizbe4y.cuaw550x9dhr.us-west-1.rds.amazonaws.com"; my $debug=wantdebug(); my @results=(); my $error=0;

    my %t=(
            size => 0,
            table => {},
            error => 0,
            );

    if ($debug) {
            print "DEBUG getresults \n" .
                    "     : DB Name = $dbname \n" .
                    "     : DB User = $dbuser \n" .
                    "     : DB Pass = $dbpass \n" .
                    "     : Query = $query\n";
    }

    if (my $dbh= DBI->connect("dbi:mysql:database=$dbname:host=$dbhost",$dbuser,$dbpass)) {
            print "DEBUG: Connected to DB\n" if ($debug);

— Reply to this email directly or view it on GitHub https://github.com/leonward/OpenFPC/issues/3#issuecomment-66896507.

[spellfish]

hello @leonward I believe i have solved this issue. I am almost done implementing stable 0.9 code, I will submit a PR in another couple of days. Many thanks for this great code!

[leonward]

Sounds good. I've been working on packaging, documentation and cleaning up a load of minor issues for something I can call a 1.0 release. Would be good to get the fixes in for what you've found before that.

-L

Sent from a mobile device. Apologies for any typos but they happen.

On 2 Jan 2015, at 22:01, nehafish notifications@github.com wrote:

hello @leonward I believe i have solved this issue. I am almost done implementing stable 0.9 code, I will submit a PR in another couple of days. Many thanks for this great code!

— Reply to this email directly or view it on GitHub.

[leonward]

Closing