[Nfdump-discuss] bug in flowcache printing
netflow collecting and processing tools
Brought to you by:
phaag
Menu
▾
▴
[Nfdump-discuss] bug in flowcache printing
|
From: Matej G. <ig...@fi...> - 2014-05-19 16:38:57
|
Hi Peter,
if I aggregate according the netmask I receive wrong results. Probably
all nfdump versions are affected (tested with 1.6.12, 1.6.11, 1.6.10)
The bug is however not connected with aggregation but with printing the
flow cache.
Example:
nfcapd.test contains one flow:
141.3.120.67:38098 -> 12.30.26.218:25507
Nothing is printed with the following command:
nfdump -r nfcapd.test -A srcip4/24
This command works:
nfdump -r nfcapd.test -A srcip4/16
Src IP Addr Packets
141.3.0.0 1
I have been digging around the source code and I believe, that a
condition for flowcache iteration is wrong in nfstat.c PrintFlowTable().
In the rare case, where the flow record is in the last position in the
cache (the index has the same value as the FlowTable.IndexMask), you
will not print the record, because you iterate the table with following
code:
for ( i=0; i<FlowTable->IndexMask; i++ ) {
}
The condition should be probably:
i <= FlowTable->IndexMask
Patch solving the issue is attached. Hope you will find it useful.
Sincerely,
Matej
|
