These patches will be in 0.68.
I would encourage you to use flow-nfilter and flow-report. Flow-filter and flow-stat may not be included in later versions of flow-tools.
-- mark
On Sep 15, 2004, at 9:57 AM, Espen Breivik wrote:
We are using flow-tools as data processing tools for our upcoming application 'Stager' that creates tabular and graphical network reports from NetFlow data. We have made some small changes to flow-tools in order to make this work for us.
flow-filter: Added an export-option (-e) that can filter on exporter IP-address.
flow-stat: Corrected some casting errors when calculating averages, prevention of floating point exception when working with empty flows.
The patches are enclosed in this mail and we would appreciate if these got considered to be included in the official flow-tools distribution. If the developers rather wish to have patches originating derived from later versions or a CVS version, we can provide this if needed.
Cheers!
--
Espen Breivik <[EMAIL PROTECTED]>
Application Developer
Uninett AS
89c89,90
< int filter_input, filter_output, filter_srcport, filter_dstport;
---
> int filter_input, filter_output, filter_srcport, filter_dstport, filter_exaddr;
> u_int32 exaddr;
122c123
< filter_input = filter_output = filter_srcport = filter_dstport = 0;
---
> filter_input = filter_output = filter_srcport = filter_dstport = filter_exaddr = 0;
126c127
< while ((i = getopt(argc, argv, "a:A:b:C:d:D:E:f:i:I:kop:P:r:S:t:T:x:z:"))
---
> while ((i = getopt(argc, argv, "a:A:b:C:d:D:e:E:f:i:I:kop:P:r:S:t:T:x:z:"))
164a166,170
> case 'e': /* filter on exporter IP address */
> filter_exaddr = 1;
> exaddr = scan_ip(optarg);
> break;
>
304a311
> if (filter_exaddr) xflag |= FT_XFIELD_EXADDR;
413a421
> cur.exaddr = ((u_int32*)(rec+fo.exaddr));
461a470,479
> /* filter on exporter addr */
> if (filter_exaddr) {
> if (*cur.exaddr != exaddr) {
> if (!first_match)
> continue;
> } else if (first_match) {
> goto found;
> }
> }
>
615c633
< fprintf(stderr, " [-C comment] [-D dstaddr_filter_name] [-d debug_level] [-f acl_fname]\n");
---
> fprintf(stderr, " [-C comment] [-D dstaddr_filter_name] [-d debug_level] [-e exaddr] [-f acl_fname]\n");
625,628c625,629
< fs0.aflowtime = fs0.time / fs0.nflows;
< fs0.aps = fs0.noctets / fs0.npackets;
< fs0.afs = fs0.noctets / fs0.nflows;
< fs0.apf = fs0.npackets / fs0.nflows;
---
> fs0.aflowtime = (fs0.nflows != 0) ? fs0.time / (float)fs0.nflows : 0;
> fs0.aps = (fs0.npackets != 0) ? fs0.noctets / (float)fs0.npackets : 0;
> fs0.afs = (fs0.nflows != 0) ? fs0.noctets / (float)fs0.nflows : 0;
> fs0.apf = (fs0.nflows != 0) ? fs0.npackets / (float)fs0.nflows : 0;
>
631c632
< fs0.time_real = fs0.time_end - fs0.time_start;
---
> fs0.time_real = (fs0.npackets != 0) ? fs0.time_end - fs0.time_start : 0;
633,634c634,635
< fs0.fps_real = (float)fs0.nflows / (float)fs0.time_real;
< fs0.aos_real = ((float)(fs0.noctets*8) / 1000) / (fs0.time_real);
---
> fs0.fps_real = (fs0.time_real != 0) ? ((float)fs0.nflows / (float)fs0.time_real) : 0;
> fs0.aos_real = (fs0.time_real != 0) ? (((float)(fs0.noctets*8) / 1000) / (fs0.time_real)) : 0;
657c658
< fmt_uint64(fmt_buf+34, (fs0.end - fs0.start), FMT_JUST_LEFT);
---
> fmt_uint64(fmt_buf+34, (fs0.npackets != 0) ? (fs0.end - fs0.start) : 0, FMT_JUST_LEFT);
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
