[Nfdump-discuss] Glitch in conversion to new 1.6.12 file format?

[Sebastian A. <sa...@sa...>]

Dear Peter et al.

We’ve been working on a nfdump extension which allows labelling (i.e. annotation) of netflow records using integer values.  We’ve been testing this extension with nfdump version 1.6.11 and prior, which worked.  Now, before releasing the code, we ported our changes to version 1.6.12 and noticed that it didn’t work any more.  After investigating for a while, we assume this is related to a glitch in 1.6.12’s file conversion done in function ExpandRecord_v2 of nffile_inline.c around lines 102-115.  My guess is that record type of the new output_record should be set to CommonRecordType as well.  The following patch applies this change:

--- nffile_inline.orig.c	2014-05-09 09:51:08.000000000 +0200
+++ nffile_inline.c	2014-05-09 09:52:35.000000000 +0200
@@ -111,6 +111,7 @@
 		memcpy((void *)output_record, (void *)input_record, COMMON_RECORDV0_DATA_SIZE);
 		output_record->flags 		  = flags;
 		output_record->exporter_sysid = exporter_sysid;
+		output_record->type	= CommonRecordType;
 		p = (void *)common_record_v0->data;
 	}

After applying it, our code works again.  Not overwriting the record type seems to have broken PackRecord, which we currently use to write labelled records.  As this function seems to not be heavily used otherwise, I assume this glitch doesn’t seriously affect any current installation.

Regards
sebastian