[flow-tools] flow-report problem
Mark Fullmer
maf@eng.oar.net
Tue, 3 Dec 2002 12:45:20 -0500
Bug. If the summary-detail report is run with no flows processed it will try
to divide various counters by 0 flows or 0 packets.
mark
Index: ftstat.c
===================================================================
RCS file: /usr/home/djnz-cvsroot/flow-tools/lib/ftstat.c,v
retrieving revision 1.21
diff -c -r1.21 ftstat.c
*** ftstat.c 3 Dec 2002 16:52:31 -0000 1.21
--- ftstat.c 3 Dec 2002 17:05:29 -0000
***************
*** 4834,4852 ****
int ftstat_rpt_1_calc(struct ftstat_rpt *rpt)
{
struct ftstat_rpt_1 *rpt1;
rpt1 = rpt->data;
STD_CALC;
- rpt1->aflowtime = rpt1->time / rpt->t_flows;
- rpt1->aps = rpt->t_octets / rpt->t_packets;
- rpt1->afs = rpt->t_octets / rpt->t_flows;
- rpt1->apf = rpt->t_packets / rpt->t_flows;
- rpt1->fps = (double)rpt->t_flows / ((rpt1->end - rpt1->start) / 1000.0);
rpt1->time_real = rpt1->time_end - rpt1->time_start;
! rpt1->fps_real = (double)rpt->t_flows / (double)rpt1->time_real;
return 0;
--- 4834,4862 ----
int ftstat_rpt_1_calc(struct ftstat_rpt *rpt)
{
struct ftstat_rpt_1 *rpt1;
+ u_int32 dif;
rpt1 = rpt->data;
STD_CALC;
rpt1->time_real = rpt1->time_end - rpt1->time_start;
+ dif = rpt1->end - rpt1->start;
! if (rpt->t_flows) {
! rpt1->aflowtime = rpt1->time / rpt->t_flows;
! rpt1->afs = rpt->t_octets / rpt->t_flows;
! rpt1->apf = rpt->t_packets / rpt->t_flows;
! }
!
! if (rpt->t_packets)
! rpt1->aps = rpt->t_octets / rpt->t_packets;
!
! if (dif)
! rpt1->fps = (double)rpt->t_flows / (dif / 1000.0);
!
! if (rpt1->time_real)
! rpt1->fps_real = (double)rpt->t_flows / (double)rpt1->time_real;
return 0;
On Mon, Dec 02, 2002 at 04:48:21PM -0500, Russell Dwarshuis wrote:
> I'm having a problem with flow-report crashing. I'm creating a tagged
> flow file /tmp/fu and flow-cat'ing that to flow-report, just trying to get
> a summary at this point.
>
> If I select a tag number that had no traffic in the tagged netflow file,
> it core dumps. It works fine if I select a tag number that did have
> traffic. I had the same problem when using flow-cat /tmp/fu | flow-tag |
> flow-nfilter -blahblah | flow-stat, where flow-nfilter was filtering for
> the tag with no traffic. The system is running FreeBSD 4.6-STABLE and
> flow-stat v0.61
>
> latvia> cat /tmp/conf.test include-filter /tmp/filter.conf.test
>
> stat-report TESTIT_summary-detail
> filter TESTIT
> type summary-detail
> output /tmp/TESTIT_summary-detail
>
> stat-definition report_all
> report TESTIT_summary-detail
> latvia> cat /tmp/filter.conf.test
> filter-primitive TESTIT
> type tag
> permit 0x7
>
> filter-definition TESTIT
> match src-tag TESTIT
> or
> match dst-tag TESTIT
> latvia> flow-cat /tmp/fu | flow-report -s/tmp/conf.test -Sreport_all
> Floating exception (core dumped)
> latvia> gdb -core flow-report.core
> GNU gdb 4.18 (...snip)
> This GDB was configured as "i386-unknown-freebsd".
> Core was generated by `flow-report'.
> Program terminated with signal 8, Floating point exception.
> #0 0x80af7b5 in ?? ()
> (gdb)
>
> I'm not familiar with gdb so I don't know what to do next... '#0 0x80af7b5
> in ?? ()' is a bit cryptic :-)
>
> Here's the other problem:
> latvia> flow-cat ft-v05.2002-12-02.151000-0500 | flow-tag -t
> /tmp/test2.tag -TTEST2 | flow-nfilter -f/tmp/test.ff -FTESTIT |
> flow-stat -f0
> # --- ---- ---- Report Information --- --- ---
> #
> # Fields: Total
> # Symbols: Disabled
> # Sorting: None
> # Name: Overall Summary
> #
> # Args: flow-stat -f0
> #
> Floating exception (core dumped)
> latvia> gdb -core flow-stat.core
> GNU gdb 4.18 (...snip)
> This GDB was configured as "i386-unknown-freebsd".
> Core was generated by `flow-stat'.
> Program terminated with signal 8, Floating point exception.
> #0 0x8074421 in ?? ()
> (gdb)
>
> Looks like a bug to me, but I've been wrong before... Thanks in advance,
>
> -Russell Dwarshuis
>
>
> _______________________________________________
> flow-tools@splintered.net
> http://www.splintered.net/sw/flow-tools