[Flow-tools] Patch for lack of timezone in flow-header output

Wed, 27 Dec 2006 16:07:51 -0800 

On Sun, Oct 29, 2006 at 02:00:20PM -0500, Ed Ravin wrote:
> Here is some sample flow-header output:
> #
> # mode:                 normal
> # capture hostname:     flowneighs.example.com
> # capture start:        Wed May 17 18:30:00 2006
> # capture end:          Wed May 17 18:45:00 2006
...

[and the lack of a timezone in the "capture start" and "catpure end output
makes my life difficult since I have scripts that use flow-header and
convert the output back into a ctime value]

An expedient though somewhat clumsy (and hopefully robust) patch to lib/ftio.c
is attached.  It adds the current timezone to the "capture start" and
"catpure end" outputs above.

Comments welcome.

--- lib/ftio.c  2006/12/27 23:28:32     1.1
+++ lib/ftio.c  2006/12/27 23:51:37
@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *      $Id: ftio.c,v 1.1 2006/12/27 23:28:32 root Exp $
+ *      $Id: ftio.c,v 1.2 2006/12/27 23:51:18 root Exp root $
  */
 
 #include "ftconfig.h"
@@ -1605,6 +1605,8 @@
   u_int32 flags, fields;
   u_long period;
   int n, streaming2;
+  struct tm* thentm;
+  char temptimestr[128];
 
   fth = &ftio->fth;
 
@@ -1639,17 +1641,25 @@
   }
 
   if (!streaming2)
-    if (fields & FT_FIELD_CAP_START)
-      fprintf(std, "%c capture start:        %s", cc,
-        ctime((time_t*)&fth->cap_start));
+    if (fields & FT_FIELD_CAP_START) {
+      thentm= localtime((time_t*)&fth->cap_start);
+      strncpy(temptimestr,ctime((time_t*)&fth->cap_start),sizeof(temptimestr));
+      temptimestr[strlen(temptimestr) -  1] = ' ';  /* dump ctime's newline*/
+      strncat(temptimestr, thentm->tm_zone, sizeof(temptimestr) - 
strlen(temptimestr) - 1);  /* and append time zone */
+      fprintf(std, "%c capture start:        %s\n", cc, temptimestr);
+    }
 
   if (!streaming2) {
 
     if ((flags & FT_HEADER_FLAG_DONE) || (flags & FT_HEADER_FLAG_PRELOADED)) {
 
-      if (fields & FT_FIELD_CAP_END)
-        fprintf(std, "%c capture end:          %s", cc,
-          ctime((time_t*)&fth->cap_end));
+      if (fields & FT_FIELD_CAP_END) {
+        thentm= localtime((time_t*)&fth->cap_end);
+        
strncpy(temptimestr,ctime((time_t*)&fth->cap_start),sizeof(temptimestr));
+        temptimestr[strlen(temptimestr) -  1] = ' ';  /* dump ctime's newline*/
+        strncat(temptimestr, thentm->tm_zone, sizeof(temptimestr) - 
strlen(temptimestr) - 1);  /* and append time zone */
+        fprintf(std, "%c capture end:          %s\n", cc, temptimestr);
+      }
 
       period = fth->cap_end - fth->cap_start;
       if ((fields & FT_FIELD_CAP_END) && (fields & FT_FIELD_CAP_START))

_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools

Reply via email to