Re: [Nfdump-discuss] flags in output are not numeric with -N

Mon, 09 Jan 2012 01:22:50 -0800 

Thanks Dave. I'll check hat and let you know.

        - Peter


On 1/6/12 23:43, Dave Plonka wrote:
> 
> Hi Peter and others,
> 
> In nfdump-1.6.5, I've noticed that the flg (flags) field is (a)
> not printed numerically when "-N" (Print plain numbers) is specified.
> 
> What I propose for your consideration is that when "-N" is specified
> (or it has a "weird" value, i.e., >63), that the flags be printed
> with the format "0x%-4.4x" for both csv and non csv output, e.g.:
> 
>    $ nfdump -o csv -N -r /tmp/nfcapd.YYYYMMDDHHMISS '!(flags = 0)' |head -2 
> |cut -d, -f9
>    flg
>    0x0010
> 
> and:
> 
>    $ nfdump -o fmt:%flg -N -r nfcapd.YYYYMMDDHHMISS '!(flags = 0)' |head -2
>     Flags
>    0x0010
> 
> Without "-N", output remains as it is now, e.g.:
> 
>    $ nfdump -o fmt:%flg -r nfcapd.YYYYMMDDHHMISS '!(flags = 0)' |head -2
>     Flags
>    .A....
> 
> The problem I'm trying to address is that when importing nfdump
> data into another representation, the current (CSV) output requires
> complicated (i.e., slow) parsing to convert the (TCP) flags field
> back into a native number (so that bitwise tests can be performed).
> Also, in the future, you may wish to change the display format when
> "-N" isn't used.
> 
> If you happen to like this proposal, the following patch does this
> (but requires the previous bug fix patch I sent earlier).
> 
> If you have other solutions, those might be of interest too. :)
> 
> Thanks,
> Dave
> 
> $ diff --unified bin/nf_common.c_csv-N bin/nf_common.c
> --- bin/nf_common.c_csv-N     2012-01-06 16:15:35.000000000 -0600
> +++ bin/nf_common.c   2012-01-06 16:15:47.000000000 -0600
> @@ -1963,8 +1963,8 @@
>  static void String_Flags(master_record_t *r, char *string) {
>  
>       // if record contains unusuall flags, print the flags in hex as 0x.. 
> number
> -     if ( r->tcp_flags > 63 ) {
> -             snprintf(string, 7, "  0x%2x\n", r->tcp_flags );
> +     if ( r->tcp_flags > 63 || no_scale ) {
> +             snprintf(string, 7, "0x%-4.4x\n", r->tcp_flags );
>       } else {
>               string[0] = r->tcp_flags & 32 ? 'U' : '.';
>               string[1] = r->tcp_flags & 16 ? 'A' : '.';
> 

-- 
--
Be nice to your netflow data

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to