[flow-tools] some bugs in flow-tools-0.58
Horatio B. Bogbindero
wyy@admu.edu.ph
Fri, 14 Jun 2002 14:20:33 +0800
i did some tests on flow-tools-0.58. basically, what i did was compare
the results of the regular flow-filter, flow-cidr (Inter.netPH) with flow-nfilter.
-flow-tags documentation says tag symbols are in /var/ft/sym/tags (0.57
location) but the file is now /var/ft/sym/tag (0.58 location)
-using the filter-primitive ip-address causes flow-nfilter to core dump
-"match dst-ip-addr" yields the same results as "match src-ip-addr". i
did a quick check on the lib/ftfil.c source but have not traced the problem
yet.
-the time field using:
filter-primitive shift
type time
permit gt 1:00
permit lt 2:00
yields the same result as:
filter-primitive shift
type time
permit gt 1:00
permit lt 23:00
based on my data this should not be the case. the result is the same as if
there was no time filter at all. i used flow-stat to compare the byte counts.
fyi.
-------------------------------------------
William Emmanuel S. Yu
Ateneo Campus Network Group (AteneoCNG)
email : wyu at ateneo dot edu
web : http://CNG.ateneo.net/wyu/
phone : +63(2)4266001-4186
GPG : http://CNG.ateneo.net/wyu/wyy.pgp