[flow-tools] flow-report problem
Russell Dwarshuis
rjd@merit.edu
Mon, 2 Dec 2002 16:48:21 -0500 (EST)
I'm having a problem with flow-report crashing. I'm creating a tagged
flow file /tmp/fu and flow-cat'ing that to flow-report, just trying to get
a summary at this point.
If I select a tag number that had no traffic in the tagged netflow file,
it core dumps. It works fine if I select a tag number that did have
traffic. I had the same problem when using flow-cat /tmp/fu | flow-tag |
flow-nfilter -blahblah | flow-stat, where flow-nfilter was filtering for
the tag with no traffic. The system is running FreeBSD 4.6-STABLE and
flow-stat v0.61
latvia> cat /tmp/conf.test include-filter /tmp/filter.conf.test
stat-report TESTIT_summary-detail
filter TESTIT
type summary-detail
output /tmp/TESTIT_summary-detail
stat-definition report_all
report TESTIT_summary-detail
latvia> cat /tmp/filter.conf.test
filter-primitive TESTIT
type tag
permit 0x7
filter-definition TESTIT
match src-tag TESTIT
or
match dst-tag TESTIT
latvia> flow-cat /tmp/fu | flow-report -s/tmp/conf.test -Sreport_all
Floating exception (core dumped)
latvia> gdb -core flow-report.core
GNU gdb 4.18 (...snip)
This GDB was configured as "i386-unknown-freebsd".
Core was generated by `flow-report'.
Program terminated with signal 8, Floating point exception.
#0 0x80af7b5 in ?? ()
(gdb)
I'm not familiar with gdb so I don't know what to do next... '#0 0x80af7b5
in ?? ()' is a bit cryptic :-)
Here's the other problem:
latvia> flow-cat ft-v05.2002-12-02.151000-0500 | flow-tag -t
/tmp/test2.tag -TTEST2 | flow-nfilter -f/tmp/test.ff -FTESTIT |
flow-stat -f0
# --- ---- ---- Report Information --- --- ---
#
# Fields: Total
# Symbols: Disabled
# Sorting: None
# Name: Overall Summary
#
# Args: flow-stat -f0
#
Floating exception (core dumped)
latvia> gdb -core flow-stat.core
GNU gdb 4.18 (...snip)
This GDB was configured as "i386-unknown-freebsd".
Core was generated by `flow-stat'.
Program terminated with signal 8, Floating point exception.
#0 0x8074421 in ?? ()
(gdb)
Looks like a bug to me, but I've been wrong before... Thanks in advance,
-Russell Dwarshuis