farrokhi/nfdump
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change -B behaviour as proposed in issue #59. Should not impact with previous use, but is more flexible

Browse Source
This commit is contained in:
Peter Haag 2017-11-05 15:41:47 +01:00
parent a8bc82decb
commit 29e80e48b5
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/nfstat.c
View File

@ -1553,7 +1553,7 @@ char *string;
if ( aggr_record_mask ) {
ApplyAggrMask(flow_record, aggr_record_mask);
}
if ( GuessDir && ( flow_record->srcport < 1024 && flow_record->dstport > 1024 ) )
if ( GuessDir && ( flow_record->srcport < flow_record->dstport ) )
SwapFlow(flow_record);
print_record((void *)flow_record, &string, tag);
printf("%s\n", string);
@ -1736,7 +1736,7 @@ int i, max;
} else if ( aggr_record_mask )
ApplyAggrMask(flow_record, aggr_record_mask);
if ( GuessFlowDirection && ( flow_record->srcport < 1024 && flow_record->dstport > 1024 ) )
if ( GuessFlowDirection && ( flow_record->srcport < flow_record->dstport ) )
SwapFlow(flow_record);
print_record((void *)flow_record, &string, tag);

8
man/nfdump.1
View File

@ -232,10 +232,10 @@ flows are merged into a single record. An appropriate output format is selected
automatically, which may be overwritten by any \-o format option.
.TP 3
.B -B
Like \-b but automagically swaps flows, such that src port is > 1024 and dst port
is < 1024 as some exporters do not care sending the flows in proper order. It's
considered to be a convenient option. If src and dst port are > 1024 or < 1024,
the flows are taken as is.
Like \-b but automagically swaps flows if src port is < dst port
as some exporters do not care sending the flows in proper order. It's
considered to be a convenient option. Please note - for some peer-to-peer flows
this my lead to errornous swapping.
.TP 3
.B -I
Print flow statistics from file specified by \-r, or timeslot specified by \-R/\-M.