I have been tracking a problem in which threshold (-L) options seem to
wrap when larger than 4GB. I reviewed the source for nfdump 1.6.4 and I
believe I located the problem. In nfdump.c, the limitflows variable is
properly set to uint64_t. However, in nfstat.c, the variable used to
calculate the parsed limit specifier is not:
static uint32_t byte_limit, packet_limit;
I believe this can be fixed simply by changing that to uint64_t, at
least for the byte_limit variable. Theoretically, use of atol in this
calculation:
byte_limit = atol(s) * scale
could also result in a separate problem, but I'm reasonably sure that
would not be a real problem for people. Overflowing byte_limit is
simple, though. I ran into this with our wrapper plugin that reports
flows over a specified limit, and it was reporting data under 1GB even
though the threshold was set to 5G or 5000M (either broke, and now I see
why).
Regards,
Mark
--
Mark D. Nagel, CCIE #3177 <[email protected]>
Principal Consultant, Willing Minds LLC (http://www.willingminds.com)
cell: 949-279-5817, desk: 714-495-4001, fax: 949-623-9854
** For faster support response time, please
** email [email protected] or call 714-495-4000
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
