Change -B behaviour as proposed in issue #59. Should not impact with previous use, but is more flexible

bin/nfstat.c

@@ -1553,7 +1553,7 @@ char				*string;
 				if ( aggr_record_mask ) {
 					ApplyAggrMask(flow_record, aggr_record_mask);
 				}
-				if ( GuessDir && ( flow_record->srcport < 1024 && flow_record->dstport > 1024 ) )
+				if ( GuessDir && ( flow_record->srcport < flow_record->dstport ) )
 					SwapFlow(flow_record);
 				print_record((void *)flow_record, &string, tag);
 				printf("%s\n", string);
@@ -1736,7 +1736,7 @@ int	i, max;
 		} else if ( aggr_record_mask )
 			ApplyAggrMask(flow_record, aggr_record_mask);
 
-		if ( GuessFlowDirection && ( flow_record->srcport < 1024 && flow_record->dstport > 1024 ) )
+		if ( GuessFlowDirection && ( flow_record->srcport < flow_record->dstport ) )
 			SwapFlow(flow_record);
 
 		print_record((void *)flow_record, &string, tag);

man/nfdump.1

@@ -232,10 +232,10 @@ flows are merged into a single record. An appropriate output format is selected
 automatically, which may be overwritten by any \-o format option.
 .TP 3
 .B -B
-Like \-b but automagically swaps flows, such that src port is > 1024 and dst port 
+Like \-b but automagically swaps flows if src port is < dst port 
-is < 1024 as some exporters do not care sending the flows in proper order. It's 
+as some exporters do not care sending the flows in proper order. It's 
-considered to be a convenient option. If src and dst port are > 1024 or < 1024, 
+considered to be a convenient option. Please note - for some peer-to-peer flows
-the flows are taken as is.
+this my lead to errornous swapping.
 .TP 3
 .B -I
 Print flow statistics from file specified by \-r, or timeslot specified by \-R/\-M.