Re: [Nfsen-discuss] extending the -N option

Fri, 20 Jul 2007 03:41:26 -0700 

Peter Haag wrote:

> Sorry - it's missing only in the usage text. It's already in the man page.
>
>     - Peter

Hi Peter,
this is not quite what I meant. Let me be more clear with an example.
This is an output generated with the -N option as it is now. The -N
affects only the summary part, while the suffixes (M,G, etc.) still
appear in the  details of the top flows:

Top 10    Dst Port ordered by flows:
Date first seen          Duration Proto         Dst Port    Flows 
Packets    Bytes      pps      bps   bpp
2007-07-19 22:38:12.921   405.535 any                 80    21462   
32274    3.2 M       79    65724   103
2007-07-19 22:38:19.942   395.244 any               4662     8870   
10420    7.9 M       26   168451   798
2007-07-19 22:38:13.166   405.456 any                 53     4457    
5808   482045       14     9511    82
2007-07-19 22:38:20.797   380.822 any               6881     3685    
5703    4.6 M       14   101875   850
2007-07-19 22:38:26.918   389.252 any                 22     2877    
6552    3.9 M       16    83136   617
2007-07-19 22:38:20.548   389.837 any                 25     2706    
3144    1.6 M        8    34369   532
2007-07-19 22:38:22.193   391.905 any               6346     2097    
2405   738304        6    15071   306
2007-07-19 22:38:31.786   383.832 any               2170     1637    
1740   143511        4     2991    82
2007-07-19 22:38:34.632   383.843 any              20000     1568   
22403   30.3 M       58   661117  1415
2007-07-19 22:38:22.191   382.000 any                443     1481    
2198   636290        5    13325   289

Summary: total flows: 391745, total bytes: 565159306, total packets:
738114, avg bps: 11144351, avg pps: 1819, avg bpp: 765
Time window: 2007-07-19 22:38:12 - 2007-07-19 22:44:58
Total flows processed: 391745, skipped: 0, Bytes read: 20371184
Sys: 0.137s flows/second: 2839184.5  Wall: 0.351s flows/second: 1116031.7

What I suggest  is the following, i.e. that the -N option *also* removes
the suffixes from the details of the top flows:

Top 10    Dst Port ordered by flows:
Date first seen          Duration Proto         Dst Port    Flows 
Packets    Bytes      pps      bps   bpp
2007-07-19 22:38:12.921   405.535 any                 80    21462   
32274  3331678       79    65724   103
2007-07-19 22:38:19.942   395.244 any               4662     8870   
10420  8322427       26   168451   798
2007-07-19 22:38:13.166   405.456 any                 53     4457    
5808   482045       14     9511    82
2007-07-19 22:38:20.797   380.822 any               6881     3685    
5703  4849566       14   101875   850
2007-07-19 22:38:26.918   389.252 any                 22     2877    
6552  4045123       16    83136   617
2007-07-19 22:38:20.548   389.837 any                 25     2706    
3144  1674803        8    34369   532
2007-07-19 22:38:22.193   391.905 any               6346     2097    
2405   738304        6    15071   306
2007-07-19 22:38:31.786   383.832 any               2170     1637    
1740   143511        4     2991    82
2007-07-19 22:38:34.632   383.843 any              20000     1568   
22403 31720667       58   661117  1415
2007-07-19 22:38:22.191   382.000 any                443     1481    
2198   636290        5    13325   289

Summary: total flows: 391745, total bytes: 565159306, total packets:
738114, avg bps: 11144351, avg pps: 1819, avg bpp: 765
Time window: 2007-07-19 22:38:12 - 2007-07-19 22:44:58
Total flows processed: 391745, skipped: 0, Bytes read: 20371184
Sys: 0.142s flows/second: 2739916.2  Wall: 0.149s flows/second: 2627450.6

For the above, I just brutally added two lines (snprintf and return) at
the beginning of  format_number function. The right way to do would be
to check for the -N flag there, and run these two lines conditionally to it.
 
inline void format_number(uint64_t num, char *s, int fixed_width) {
double f = num;
snprintf(s, 31, "%.0f",f);
return;
        if ( f >= _1TB ) {
...........

Regards,
Maurizio

>
> --On July 19, 2007 18:07:16 +0100 Maurizio Molina
> <[EMAIL PROTECTED]> wrote:
>
> | Hi,
> | I would find it very useful if  the -N option of nfdump:
> |
> | "-N Print the numbers in the summary line as plain numbers. Better
> parsing"
> |
> | could be extended to whatever statistic is generated by the -s option,
> | not just the summary line. This would greatly simplify the writing of
> | plugins parsing multiple lines.
> |
> | If I correctly understood, a simple modification to the format_number
> | function in nf-common.c would do the job: currently I brutally
> | circumvented the problem by the following immediate return
> |
> | inline void format_number(uint64_t num, char *s, int fixed_width) {
> | double f = num;
> | snprintf(s, 31, "%.0f",f);
> | return;
> |         if ( f >= _1TB ) {
> |                 if ( fixed_width )
> |
> | the correct solution would be to pass the -N flag into that function and
> | condition the immediate return to it.
> |
> | Anybody else seconding my proposal?
> | regards,
> | Maurizio
> |
> |
> |
> -------------------------------------------------------------------------
> | This SF.net email is sponsored by: Microsoft
> | Defy all challenges. Microsoft Visual Studio 2005.
> | http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> | _______________________________________________
> | Nfsen-discuss mailing list
> | [email protected]
> | https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
>
>
>


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nfsen-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss

Reply via email to