[flow-tools] problems with expire

Mark Fullmer maf@eng.oar.net
Sun, 15 Dec 2002 22:21:05 -0500 

v1005 is version 5 with tags.

The following (lightly tested) patch will allow reloading tags and filters
with a SIGHUP.


Index: flow-capture.c
===================================================================
RCS file: /usr/home/djnz-cvsroot/flow-tools/src/flow-capture.c,v
retrieving revision 1.69
diff -c -r1.69 flow-capture.c
*** flow-capture.c	11 Dec 2002 23:15:39 -0000	1.69
--- flow-capture.c	16 Dec 2002 02:16:22 -0000
***************
*** 107,112 ****
--- 107,113 ----
  
  int debug;
  int sig_pipe_flag, sig_quit_flag, sig_hup_flag, sig_chld_flag;
+ int reload_flag;
  void sig_pipe(int);
  void sig_quit(int);
  void sig_hup(int);
***************
*** 163,168 ****
--- 164,170 ----
    char *tag_fname, *tag_active;
    char *filter_fname, *filter_active;
    int stat_interval, stat_next, child_status;
+   int v_flag;
  
    bzero (&rot, sizeof rot);
    bzero (&cap_file, sizeof cap_file);
***************
*** 179,184 ****
--- 181,188 ----
    FT_LIST_INIT(&client.list);
    stat_interval = 0;
    stat_next = -1;
+   v_flag = 0;
+   reload_flag = 1;
  
    tag_fname = FT_PATH_CFG_TAG;
    tag_active = (char*)0L;
***************
*** 330,338 ****
--- 334,348 ----
  
      case 'T': /* active tags */
        tag_active = optarg;
+       /* required for fttag_eval() */
+       ftv.s_version = FT_IO_SVERSION;
+       ftv.d_version = 1005;
+       ftv.set = 1;
+     
        break;
        
      case 'V': /* PDU version */
+       v_flag = 1;
        n = sscanf(optarg, "%u.%u", &v1, &v2);
        if (n == 1) {
          ftv.s_version = FT_IO_SVERSION;
***************
*** 375,413 ****
    if ((argc - optind) != 1)
      fterr_errx(1, "Specify localip/remoteip/port.");
  
    if (!work_dir[0])
      fterr_errx(1, "Specify workdir with -w.");
  
-   /* load tags */
-   if (tag_active) {
- 
-     if (ftv.set)
-       fterr_errx(1, "-V not supported with tagging.");
- 
-     if (fttag_load(&fttag, tag_fname) < 0)
-       fterr_errx(1, "fttag_load(): failed");
- 
-     if (!(ftd = fttag_def_find(&fttag, tag_active)))
-       fterr_errx(1, "fttag_load(): failed");
- 
-     /* required for fttag_eval() */
-     ftv.s_version = FT_IO_SVERSION;
-     ftv.d_version = 1005;
-     ftv.set = 1;
- 
-   } /* tag_active */
- 
-   /* load filters */
-   if (filter_active) {
-     
-     if (ftfil_load(&ftfil, filter_fname))
-       fterr_errx(1, "ftfil_load(%s): failed", filter_fname);
-         
-     if (!(ftfd = ftfil_def_find(&ftfil, filter_active)))
-       fterr_errx(1, "ftfil_def_find(%s): failed", filter_active);
-   
-   } /* filter_active */
- 
    ftpi = scan_peeri(argv[optind]);
  
    ftnet.rem_ip = ftpi.rem_ip;
--- 385,397 ----
    if ((argc - optind) != 1)
      fterr_errx(1, "Specify localip/remoteip/port.");
  
+   /* tagging forces v1005 */
+   if (v_flag && tag_active && (ftv.d_version != 1005))
+     fterr_errx(1, "Must be v1005 with tagging.");
+ 
    if (!work_dir[0])
      fterr_errx(1, "Specify workdir with -w.");
  
    ftpi = scan_peeri(argv[optind]);
  
    ftnet.rem_ip = ftpi.rem_ip;
***************
*** 1036,1041 ****
--- 1020,1070 ----
  
      } /* create capture file and init new io stream */
  
+     /* load filters and tags? */
+     if (reload_flag && ftv.set) {
+ 
+       /* load tags */
+       if (tag_active) {
+   
+         /* not first time through, then free previous tags */
+         if (ftd) {
+           fttag_free(&fttag);
+           fterr_info("Reloading tags.");
+         }
+     
+         if (fttag_load(&fttag, tag_fname) < 0)
+           fterr_errx(1, "fttag_load(): failed");
+     
+         if (!(ftd = fttag_def_find(&fttag, tag_active)))
+           fterr_errx(1, "fttag_load(): failed");
+     
+       } /* tag_active */
+     
+       /* load filters */
+       if (filter_active) {
+   
+         /* not first time through, then free previous filters */
+         if (ftfd) {
+           ftfil_free(&ftfil);
+           fterr_info("Reloading filters.");
+         }
+         
+         if (ftfil_load(&ftfil, filter_fname))
+           fterr_errx(1, "ftfil_load(%s): failed", filter_fname);
+             
+         if (!(ftfd = ftfil_def_find(&ftfil, filter_active)))
+           fterr_errx(1, "ftfil_def_find(%s): failed", filter_active);
+ 
+         if (ftfil_def_test_xfields(ftfd, ftrec_xfield(&ftv)))
+           fterr_errx(1, "Filter references a field not in flow.");
+     
+     } /* filter_active */
+ 
+     reload_flag = 0;
+ 
+    } /* reload_flag */
+     
+ 
      /* if the decode buffer has entries write them out */
      for (i = 0, offset = 0; i < ftpdu.ftd.count;
        ++i, offset += ftpdu.ftd.rec_size) {
***************
*** 1250,1255 ****
--- 1279,1285 ----
  void sig_hup(int signo)
  {
    sig_hup_flag = 1;
+   reload_flag = 1;
  }
      
  void sig_quit(int signo)

mark

On Sun, Dec 15, 2002 at 07:09:36PM +0100, Michael Redinger wrote:
> 
> Thanks again, Mark.
> I now tried to use flow-capture's tagging. However, I am using -V 5.
> Therefore I get an error when using -t ... -T ... :
> 
> flow-capture: -V not supported with tagging.
> 
> Am I correct that, when I don't specify -V ('cause I can't), some kind of 
> version 5 output will be used? Found the following line in the 
> flow-capture man page:
> "1005 Flow-Tools tagged version 5"
> 
> Thanks,
> Michael
>