-
Notifications
You must be signed in to change notification settings - Fork 12
/
KNOWN_ISSUES.txt
65 lines (56 loc) · 3.43 KB
/
KNOWN_ISSUES.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#
# Copyright 2016-2019, 2021 Internet Corporation for Assigned Names and Numbers.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
KNOWN ISSUES/LIMITATIONS:
-------------------------
* Malformed packet recording as described in the implemented C-DNS RFC
is not supported. However, the compactor can record malformed
packets in a separate PCAP file with the `--ignored-pcap` option
when capturing from network interfaces.
* Output of raw or ignored packets to PCAP is not currently supported
during capture via DNSTAP.
* File rotation is triggered internally in the compactor (if a
file-rotation-period and/or a max-file-size is configured) by the processing of
packets. This means that under low traffic conditions files may not rotate until
the first packet arrives after the rotation period has expired, and so files
may be much longer than the file rotation period in this case. File rotation
may be forced externally by sending a SIGUSR1 to the compactor. It is
recommended to either
* rely on just the file rotation configuration parameters OR
* to override the internally triggered rotation with an external signal sent
at a period much shorter then the file-rotation-period (which defaults to 300s)
The second mechanism must be used with care to avoid a race condition because
the internal triggering cannot currently be disabled if the filename contains
a timestamp. The file rotation mechanism is under review and may be further
updated in a coming release.
* File rotation period reported by the inspector is calculated as the
difference in seconds between the first and last items read from the
C-DNS file. File rotation is an implementation detail of the compactor,
and as such is not recorded in the C-DNS format.
* After starting compactor the first capture file is not created on disk until
the first packet arrives, and is named based on the file creation time.
Therefore the filename may be later than the actual 'start_time' of the
capture period. The 'start_time` is correctly captured within the C-DNS file
in a proprietary field and is reported by the inspector.
* Packet loss under Ubuntu Trusty/Debian Jessie. When capturing live data
from network interfaces, the first packet and any subsequent packet that
arrives more than about 50ms later than its predecessor will not be
captured. This is a problem with the libpcap library and the kernel.
Debian Jessie can be used by updating the kernel to a later backported
kernel; we have tested this with the 4.7.0 kernel. For Ubuntu we
recommend upgrading to at least Xenial.
* The design of C-DNS allows blocks with different storage and
collection parameters to be present in the same C-DNS file.
This might arise when two separate C-DNS files are merged.
inspector has not been tested on such inputs, as there currently
exists no tool that can generate them. It may not function correctly
if presented with such a file. Currently it will only display
configuration and storage hints from the first set of parameters.
PCAP writing may work correctly but is untested.
* We are observing that, when run inside a virtual machine, compactor
can sustain without dropping packets only a fraction of the traffic levels
it can manage when run directly on the host. We are investigating.