[flow-tools] Re: persistent bug in flow-stat.c for format23
Mark Fullmer
maf@splintered.net
Wed, 19 Jun 2002 01:25:29 -0400
Thanks for the fix. The bug got introduced recently while working towards
flow-tools internals being less Cisco NetFlow centric.
The flow-capture memory leak should be fixed in 0.58.
mark
On Tue, Jun 18, 2002 at 09:32:50PM +0400, Y.Lachin@transtk.ru wrote:
> Hi, Mark
>
> First, thanks for the great and flexible flow-tools :-). Its nice to see
> the "Right Thing" after looking at buggy commercial monsters.
>
> I beleive there is a small bug I found in recent versions of flow-tools
> (at least, starting from v5.6, didn't look at older versions).
> I expected it to be fixed in v.5.8, but it's still there.
>
> In function:
>
> int format23(struct fmtargs *args)
>
> lines
>
> ftch_recif2.input = *((u_char*)(rec+fo.input));
> ftch_recif2.output = *((u_char*)(rec+fo.output));
>
> should obviously be changed to
>
> ftch_recif2.input = *((u_int16*)(rec+fo.input));
> ftch_recif2.output = *((u_int16*)(rec+fo.output));
>
> otherwise it doesn't work correctly. There might be similar pointer type
> casting errors in other places, too, but I didn't check.
>
> I noticed and tried this on Sparc Solaris
> (gcc-2.95.3, SunOS kestrel 5.8 Generic_108528-11 sun4u sparc
> SUNW,UltraAX-i2).
>
> Strange enough, that nobody reported it before. Looks like it doesn't show
> up under some circumstances (small number of interfaces?).
> Can't check it now, but as far as I remember, I haven't seen it
> (half-year ago) when running flow-stat on x86 Linux machine?! (it was
> version 5.5 or 5.6).
>
>
> Regards,
> Yuri
>
> PS: I think that there is a possible memory leak in flow-capture code:
> after running flow-capture non-stop for several days I saw its size in
> memory
> grown 10-20 times. Don't have time now to find it.
>
> --
> Yuri Lachin Company TransTeleCom <y.lachin@transtk.ru>
> +7(095)784-6670 ext.7280
>
>