On 06/02/17 18:48, Stuart Gathman wrote:
It works if all IPv6 rDNS lookups succeed. Even if most IPv6 rDNS lookups succeed, you might not notice the problem (and that is when it is the most dangerous). The best way to reproduce is to run on a local IPv6 subnet where *none* of the IPv6 lookups succeed, or else point /etc/resolv.conf to a local dnsmasq with ip6.arpa set to always return NXDOMAIN. Then all IPv6 will display as the same raw IP, and you will surely notice.
Please could you try the latest in git?
https://code.blinkace.com/pdw/iftop/commit/35af3cf65f17961d173b31fd3b00166ec...
It looks like the key used for caching DNS lookups was assumed to be in6_addr, but in fact was a larger struct that wrapped the IP address. This means that the comparison looking for NS lookups was effectively ignoring 64 of the 128 bits in the v6 address, leading to very unpredictable results.
Paul