ChangeLog

@@ -1,14 +1,3 @@
-2018-06-24
-- Fix bookkeeper type - use key_t
-- Add multiple packet repeaters to nfcapd/sfcapd. Up to 8 repeaters (-R) can be defined.
-- Ignore OSX .DS_Store files in -R file list
-- Add CISCO ASA elements initiatorPackets (298) responderPackets (299)
-- Merge #120 pull request for -z parameter to nfreplay
-- Update man page nfreplay
-
-2018-05-06
-- New bookkeeper hash broke NfSen. Fixed. ported back to release 1.6.17
-
 2018-04-20
 - Release 1.6.17
 

bin/bookkeeper.c

@@ -43,7 +43,6 @@
 #include <sys/shm.h>
 #include <sys/sem.h>
 #include <sys/stat.h>
-#include <sys/param.h>
 #include <string.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -69,7 +68,7 @@ static bookkeeper_list_t *bookkeeper_list = NULL;
 
 /* function prototypes */
 
-static key_t hash(char *str, int flag);
+static uint32_t hash(char *str, int flag);
 
 static void sem_lock(int sem_set_id);
 
@@ -81,25 +80,18 @@ static inline bookkeeper_list_t *Get_bookkeeper_list_entry(bookkeeper_t *bookkee
 
 /* hash: compute hash value of string */
 #define MULTIPLIER 37
-static key_t hash(char *str, int flag) {
+static uint32_t hash(char *str, int flag) {
 uint32_t h; 
 unsigned char *p;
-char cleanPath[MAXPATHLEN];
-
-	if ( realpath(str, cleanPath) == NULL ) {
-		return -1;
-	}
 
 	h = 0;
-	for (p = (unsigned char*)cleanPath; *p != '\0'; p++)
+	for (p = (unsigned char*)str; *p != '\0'; p++)
 		h = MULTIPLIER * h + *p;
 
 	if ( flag ) {
 		h = MULTIPLIER * h + 'R';
 	}
-	// LogError("Bookeeper hash for path: '%s' -> '%s': %u flag: %i", str, cleanPath, h, flag);
-	return (key_t)h; // or, h % ARRAY_SIZE;
-
+	return h; // or, h % ARRAY_SIZE;
 } // End of hash
 
 // locks the semaphore, for exclusive access to the bookkeeping record

bin/flist.c

@@ -798,9 +798,6 @@ printf("DGB: short fts: '%s', filer_first: '%s', filter_last: '%s'\n",
 					continue;
 				if ( strstr(ftsent->fts_name, ".stat") != NULL )
 					continue;
-				// skip OSX DS_Store files
-				if ( strstr(ftsent->fts_name, ".DS_Store") != NULL )
-					continue;
 				// skip pcap file
 				if ( strstr(ftsent->fts_name, "pcap") != NULL )
 					continue;

bin/netflow_v9.c

@@ -210,7 +210,6 @@ static struct v9_element_map_s {
 	{ NF9_IN_BYTES, 			 "bytes",			_8bytes,  _8bytes, move64_sampling, zero64, COMMON_BLOCK },
 	{ NF9_IN_PACKETS, 			 "packets",			_4bytes,  _8bytes, move32_sampling, zero64, COMMON_BLOCK },
 	{ NF9_IN_PACKETS, 			 "packets",			_8bytes,  _8bytes, move64_sampling, zero64, COMMON_BLOCK },
-	{ NF_F_INITIATORPACKETS, 	 "packets",			_8bytes,  _8bytes, move64_sampling, zero64, COMMON_BLOCK },
 
 	{ NF9_FLOWS_AGGR, 			 "flows",			_4bytes,  _4bytes, move32, zero32, EX_AGGR_FLOWS_4 },
 	{ NF9_FLOWS_AGGR, 			 "flows",			_8bytes,  _8bytes, move64, zero64, EX_AGGR_FLOWS_8 },
@@ -243,7 +242,6 @@ static struct v9_element_map_s {
 	{ NF9_OUT_BYTES, 			 "out bytes",		_8bytes,  _8bytes, move64_sampling, zero64, EX_OUT_BYTES_8 },
 	{ NF9_OUT_PKTS, 			 "out packets",		_4bytes,  _8bytes, move32_sampling, zero64, EX_OUT_PKG_8 },
 	{ NF9_OUT_PKTS, 			 "out packets",		_8bytes,  _8bytes, move64_sampling, zero64, EX_OUT_PKG_8 },
-	{ NF_F_RESPONDERPACKETS, 	 "out packets",		_8bytes,  _8bytes, move64_sampling, zero64, EX_OUT_PKG_8 },
 	{ NF9_IPV6_SRC_ADDR,		 "V6 src addr",		_16bytes, _16bytes, move128, zero128, COMMON_BLOCK },
 	{ NF9_IPV6_DST_ADDR,		 "V6 dst addr",		_16bytes, _16bytes, move128, zero128, COMMON_BLOCK },
 	{ NF9_IPV6_SRC_MASK, 	 	 "V6 src mask",		_1byte,   _1byte,  move8, zero8, EX_MULIPLE },
@@ -785,12 +783,7 @@ size_t				size_required;
 	 * This record is expected in the output stream. If not available
 	 * in the template, assume empty 4 bytes value
 	 */
-	if ( cache.lookup_info[NF_F_INITIATORPACKETS].found ) {
-		PushSequence( table, NF_F_INITIATORPACKETS, &offset, &table->packets, 0);
-		dbg_printf("Push NF_F_INITIATORPACKETS\n");
-	} else {
-		PushSequence( table, NF9_IN_PACKETS, &offset, &table->packets, 0);
-	}
+	PushSequence( table, NF9_IN_PACKETS, &offset, &table->packets, 0);
 	// fix: always have 64bit counters due to possible sampling
 	SetFlag(table->flags, FLAG_PKG_64);
 
@@ -873,12 +866,7 @@ size_t				size_required;
 				PushSequence( table, NF9_OUT_PKTS, &offset, &table->out_packets, 0);
 				break;
 			case EX_OUT_PKG_8:
-				if ( cache.lookup_info[NF_F_RESPONDERPACKETS].found ) {
-					PushSequence( table, NF_F_RESPONDERPACKETS, &offset, &table->out_packets, 0);
-					dbg_printf("Push NF_F_RESPONDERPACKETS\n");
-				} else {
-					PushSequence( table, NF9_OUT_PKTS, &offset, &table->out_packets, 0);
-				}
+				PushSequence( table, NF9_OUT_PKTS, &offset, &table->out_packets, 0);
 				break;
 			case EX_OUT_BYTES_4:
 				if ( cache.lookup_info[NF_F_REV_FLOW_DELTA_BYTES].found ) {

bin/netflow_v9.h

@@ -290,11 +290,6 @@ typedef struct common_header_s {
 #define NF_F_XLATE_DST_PORT_84      40004
 #define NF_F_FW_EVENT_84            40005
 
-// ASA 9.x packet counters: initiatorPackets and responderPackets
-// see https://www.iana.org/assignments/ipfix/ipfix.xhtml
-#define NF_F_INITIATORPACKETS		298
-#define NF_F_RESPONDERPACKETS		299
-
 // Cisco ASR 1000 series NEL extension - Nat Event Logging
 #define NF_N_NAT_EVENT				230
 #define NF_N_INGRESS_VRFID			234

bin/nf_common.c

@@ -658,7 +658,7 @@ char *Get_fwd_status_name(uint32_t id) {
 
 } // End of Get_fwd_status_name
 
-void format_file_block_header(void *header, char **s, int tag) {
+void format_file_block_header(void *header, char ** s, int tag) {
 data_block_header_t *h = (data_block_header_t *)header;
 	
 	snprintf(data_string,STRINGSIZE-1 ,""
@@ -673,7 +673,7 @@ data_block_header_t *h = (data_block_header_t *)header;
 
 } // End of format_file_block_header
 
-void format_file_block_record(void *record, char **s, int tag) {
+void format_file_block_record(void *record, char ** s, int tag) {
 char 		*_s, as[IP_STRING_LEN], ds[IP_STRING_LEN], datestr1[64], datestr2[64], datestr3[64], flags_str[16];
 char		s_snet[IP_STRING_LEN], s_dnet[IP_STRING_LEN], s_proto[32];
 int			i, id;

bin/nfcapd.c

@@ -146,7 +146,7 @@ static void daemonize(void);
 
 static void SetPriv(char *userid, char *groupid );
 
-static void run(packet_function_t receive_packet, int socket, repeater_t *repeater, 
+static void run(packet_function_t receive_packet, int socket, send_peer_t peer, 
 	time_t twin, time_t t_begin, int report_seq, int use_subdirs, char *time_extension, int compress);
 
 /* Functions */
@@ -166,7 +166,7 @@ static void usage(char *name) {
 					"-H Add port histogram data to flow file.(default 'no')\n"
 					"-n Ident,IP,logdir\tAdd this flow source - multiple streams\n" 
 					"-P pidfile\tset the PID file\n"
-					"-R IP[/port]\tRepeat incoming packets to IP address/port. Max 8 repeaters.\n"
+					"-R IP[/port]\tRepeat incoming packets to IP address/port\n"
 					"-s rate\tset default sampling rate (default 1)\n"
 					"-x process\tlaunch process after a new file becomes available\n"
 					"-z\t\tLZO compress flows in output file.\n"
@@ -358,7 +358,7 @@ int		err;
 #include "nffile_inline.c"
 #include "collector_inline.c"
 
-static void run(packet_function_t receive_packet, int socket, repeater_t *repeater, 
+static void run(packet_function_t receive_packet, int socket, send_peer_t peer, 
 	time_t twin, time_t t_begin, int report_seq, int use_subdirs, char *time_extension, int compress) {
 common_flow_header_t	*nf_header;
 FlowSource_t			*fs;
@@ -422,7 +422,6 @@ srecord_t	*commbuff;
 	 */
 	while ( 1 ) {
 		struct timeval tv;
-		int i;
 
 		/* read next bunch of data into beginn of input buffer */
 		if ( !done) {
@@ -444,15 +443,12 @@ srecord_t	*commbuff;
 				continue;
 			}
 
-			i = 0;
-			while ( repeater[i].hostname && (i < MAX_REPEATERS)) {
+			if ( peer.hostname ) {
 				ssize_t len;
-				len = sendto(repeater[i].sockfd, in_buff, cnt, 0, 
-						(struct sockaddr *)&(repeater[i].addr), repeater[i].addrlen);
+				len = sendto(peer.sockfd, in_buff, cnt, 0, (struct sockaddr *)&(peer.addr), peer.addrlen);
 				if ( len < 0 ) {
 					LogError("ERROR: sendto(): %s", strerror(errno));
 				}
-				i++;
 			}
 		}
 
@@ -749,14 +745,14 @@ char	*userid, *groupid, *checkptr, *listenport, *mcastgroup, *extension_tags;
 char	*Ident, *dynsrcdir, *time_extension, pidfile[MAXPATHLEN];
 struct stat fstat;
 packet_function_t receive_packet;
-repeater_t repeater[MAX_REPEATERS];
+send_peer_t  peer;
 FlowSource_t *fs;
 struct sigaction act;
 int		family, bufflen;
 time_t 	twin, t_start;
 int		sock, synctime, do_daemonize, expire, spec_time_extension, report_sequence;
 int		subdir_index, sampling_rate, compress;
-int		c, i;
+int		c;
 #ifdef PCAP
 char	*pcap_file;
  
@@ -784,10 +780,8 @@ char	*pcap_file;
 	expire			= 0;
 	sampling_rate	= 1;
 	compress		= NOT_COMPRESSED;
-	memset((void *)&repeater, 0, sizeof(repeater));
-	for ( i = 0; i < MAX_REPEATERS; i++ ) {
-		repeater[i].family = AF_UNSPEC;
-	}
+	memset((void *)&peer, 0, sizeof(send_peer_t));
+	peer.family		= AF_UNSPEC;
 	Ident			= "none";
 	FlowSource		= NULL;
 	extension_tags	= DefaultExtensions;
@@ -892,23 +886,14 @@ char	*pcap_file;
 				pidfile[MAXPATHLEN-1] = 0;
 				break;
 			case 'R': {
-				char *port, *hostname;
 				char *p = strchr(optarg, '/');
-				int i = 0;
 				if ( p ) { 
 					*p++ = '\0';
-					port = strdup(p);
+					peer.port = strdup(p);
 				} else {
-					port = DEFAULTCISCOPORT;
+					peer.port = DEFAULTCISCOPORT;
 				}
-				hostname = strdup(optarg);
-				while ( repeater[i].hostname && (i < MAX_REPEATERS) ) i++;
-				if ( i == MAX_REPEATERS ) {
-					fprintf(stderr, "Too many packet repeaters! Max: %i repeaters allowed.\n", MAX_REPEATERS);
-					exit(255);
-				}
-				repeater[i].hostname = hostname;
-				repeater[i].port 	 = port;
+				peer.hostname = strdup(optarg);
 
 				break; }
 			case 'r':
@@ -1055,14 +1040,12 @@ char	*pcap_file;
 		exit(255);
 	}
 
-	i = 0;
-	while ( repeater[i].hostname && (i < MAX_REPEATERS) ) {
-		repeater[i].sockfd = Unicast_send_socket (repeater[i].hostname, repeater[i].port, repeater[i].family, bufflen, 
-											&repeater[i].addr, &repeater[i].addrlen );
-		if ( repeater[i].sockfd <= 0 )
+	if ( peer.hostname ) {
+		peer.sockfd = Unicast_send_socket (peer.hostname, peer.port, peer.family, bufflen, 
+											&peer.addr, &peer.addrlen );
+		if ( peer.sockfd <= 0 )
 			exit(255);
-		LogInfo("Replay flows to host: %s port: %s", repeater[i].hostname, repeater[i].port);
-		i++;
+		LogInfo("Replay flows to host: %s port: %s", peer.hostname, peer.port);
 	}
 
 	if ( sampling_rate < 0 ) {
@@ -1222,7 +1205,7 @@ char	*pcap_file;
 	sigaction(SIGCHLD, &act, NULL);
 
 	LogInfo("Startup.");
-	run(receive_packet, sock, repeater, twin, t_start, report_sequence, subdir_index, 
+	run(receive_packet, sock, peer, twin, t_start, report_sequence, subdir_index, 
 		time_extension, compress);
 	close(sock);
 	kill_launcher(launcher_pid);

bin/nfdump.c

@@ -348,11 +348,11 @@ char 		bps_str[NUMBER_STRING_SIZE], pps_str[NUMBER_STRING_SIZE], bpp_str[NUMBER_
 			(long long unsigned)stat_record->numpackets, (long long unsigned)bps, 
 			(long long unsigned)pps, (long long unsigned)bpp );
 	} else {
-		format_number(stat_record->numbytes, byte_str, DO_SCALE_NUMBER, VAR_LENGTH);
-		format_number(stat_record->numpackets, packet_str, DO_SCALE_NUMBER, VAR_LENGTH);
-		format_number(bps, bps_str, DO_SCALE_NUMBER, VAR_LENGTH);
-		format_number(pps, pps_str, DO_SCALE_NUMBER, VAR_LENGTH);
-		format_number(bpp, bpp_str, DO_SCALE_NUMBER, VAR_LENGTH);
+		format_number(stat_record->numbytes, byte_str, DONT_SCALE_NUMBER, VAR_LENGTH);
+		format_number(stat_record->numpackets, packet_str, DONT_SCALE_NUMBER, VAR_LENGTH);
+		format_number(bps, bps_str, DONT_SCALE_NUMBER, VAR_LENGTH);
+		format_number(pps, pps_str, DONT_SCALE_NUMBER, VAR_LENGTH);
+		format_number(bpp, bpp_str, DONT_SCALE_NUMBER, VAR_LENGTH);
 		printf("Summary: total flows: %llu, total bytes: %s, total packets: %s, avg bps: %s, avg pps: %s, avg bpp: %s\n",
 		(unsigned long long)stat_record->numflows, byte_str, packet_str, bps_str, pps_str, bpp_str );
 	}

bin/nfnet.c

@@ -178,11 +178,12 @@ int 			error, p, sockfd;
 int Unicast_send_socket (const char *hostname, const char *sendport, int family, 
 		unsigned int wmem_size, struct sockaddr_storage *addr, int *addrlen) {
 struct addrinfo hints, *res, *ressave;
-int error, sockfd;
+int n, sockfd;
 unsigned int wmem_actual;
 socklen_t optlen;
 
 	if ( !hostname || !sendport ) {
+        fprintf(stderr, "hostname and listen port required!\n");
         LogError("hostname and listen port required!");
 		return -1;
 	}
@@ -193,9 +194,10 @@ socklen_t optlen;
     hints.ai_family   = family;
     hints.ai_socktype = SOCK_DGRAM; 
     
-    error = getaddrinfo(hostname, sendport, &hints, &res);
-    if ( error ) {
-        LogError("getaddrinfo() error: %s", gai_strerror(error));
+    n = getaddrinfo(hostname, sendport, &hints, &res);
+
+    if ( n < 0 ) {
+        fprintf(stderr, "getaddrinfo error: [%s]\n", strerror(errno));
         return -1;
     }
 
@@ -203,28 +205,27 @@ socklen_t optlen;
     sockfd  = -1;
     while (res) {
         sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
-        if ( sockfd < 0 ) {
-        	LogError("socket() error: could not open the requested socket: %s", strerror (errno));
-		} else {
+
+        if ( !(sockfd < 0) ) {
 			// socket call was successsful
-            if (connect(sockfd, res->ai_addr, res->ai_addrlen) < 0) { 
-				// unsuccessful connect :(
-        		LogError("connect() error: could not open the requested socket: %s", strerror (errno));
-            	close(sockfd);
-            	sockfd = -1;
-			} else {
+            if (connect(sockfd, res->ai_addr, res->ai_addrlen) == 0) {
 				// connect successful - we are done
             	close(sockfd);
 				// ok - we need now an unconnected socket
         		sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
                 break;
             }
+			// unsuccessful connect :(
+            close(sockfd);
+            sockfd = -1;
         }
         res=res->ai_next;
     }
 
     if (sockfd < 0) {
         freeaddrinfo(ressave);
+        fprintf(stderr, "Send socket error: could not open the requested socket: %s\n", strerror (errno));
+        LogError("Send socket error: could not open the requested socket: %s", strerror (errno));
         return -1;
     }
 

bin/nfnet.h

@@ -57,17 +57,6 @@ typedef struct send_peer_s {
 	void		*endp;
 } send_peer_t;
 
-typedef struct repeater_s {
-	char	*hostname;
-	char	*port;
-	struct sockaddr_storage addr;
-	int		addrlen;
-	int		family;
-	int		sockfd;
-} repeater_t;
-
-#define MAX_REPEATERS 8
-
 /* Function prototypes */
 
 int Unicast_receive_socket(const char *bindhost, const char *listenport, int family, int sockbuflen );

bin/nfreplay.c

@@ -108,7 +108,7 @@ static void usage(char *name);
 static void send_blast(unsigned int delay );
 
 static void send_data(char *rfile, time_t twin_start, time_t twin_end, uint32_t count, 
-				unsigned int delay,  int confirm, int netflow_version, int distribution);
+				unsigned int delay,  int confirm, int netflow_version);
 
 static int FlushBuffer(int confirm);
 
@@ -133,7 +133,6 @@ static void usage(char *name) {
 					"-r <input>\tread from file. default: stdin\n"
 					"-f <filter>\tfilter syntaxfile\n"
 					"-v <version>\tUse netflow version to send flows. Either 5 or 9\n"
-					"-z <distribution>\tSimulate real time distribution with coefficient\n"
 					"-t <time>\ttime window for sending packets\n"
 					"\t\tyyyy/MM/dd.hh:mm:ss[-yyyy/MM/dd.hh:mm:ss]\n"
 					, name);
@@ -205,18 +204,13 @@ double 					fps;
 } // End of send_blast
 
 static void send_data(char *rfile, time_t twin_start, 
-			time_t twin_end, uint32_t count, unsigned int delay, int confirm, int netflow_version, int distribution) {
+			time_t twin_end, uint32_t count, unsigned int delay, int confirm, int netflow_version) {
 master_record_t	master_record;
 common_record_t	*flow_record;
 nffile_t		*nffile;
 int 			i, done, ret, again;
 uint32_t		numflows, cnt;
 
-	// z-parameter variables
-	struct timeval todayTime, currentTime;
-	double first, last, now, today = 0, reftime = 0;
-	int reducer = 0;
-
 #ifdef COMPAT15
 int	v1_map_done = 0;
 #endif
@@ -413,31 +407,6 @@ int	v1_map_done = 0;
 					LogError("Skip unknown record type %i\n", flow_record->type);
 				}
 			}
-
-			// z-parameter
-			//first and last are line (tstart and tend) timestamp with milliseconds
-			first = (double) flow_record->first + ((double)flow_record->msec_first / 1000);
-			last = (double) flow_record->last + ((double)flow_record->msec_last / 1000);
-
-			gettimeofday(&currentTime, NULL);
-			now =  (double)currentTime.tv_sec + (double)currentTime.tv_usec / 1000000;
-
-			// remove incoherent values
-			if (reftime == 0 && last > 1000000000 && last < 2000000000){
-				reftime = last;
-				gettimeofday(&todayTime, NULL);
-	 			today =  (double)todayTime.tv_sec + (double)todayTime.tv_usec / 1000000;
-			}
-
-			// Reducer avoid to have too much computation: It takes 1 over 3 line to regulate sending time
-			if (reducer % 3 == 0 && distribution != 0 && reftime != 0 && last > 1000000000){
-				while (last - reftime > distribution * (now - today)){
-					gettimeofday(&currentTime, NULL);
-					now =  (double)currentTime.tv_sec + (double)currentTime.tv_usec / 1000000;
-				}
-			}
-			reducer++;
-
 			// Advance pointer by number of bytes for netflow record
 			flow_record = (common_record_t *)((pointer_addr_t)flow_record + flow_record->size);	
 
@@ -469,7 +438,7 @@ int	v1_map_done = 0;
 int main( int argc, char **argv ) {
 struct stat stat_buff;
 char *rfile, *ffile, *filter, *tstring;
-int c, confirm, ffd, ret, blast, netflow_version, distribution;
+int c, confirm, ffd, ret, blast, netflow_version;
 unsigned int delay, count, sockbuff_size;
 time_t t_start, t_end;
 
@@ -489,8 +458,7 @@ time_t t_start, t_end;
 	blast			= 0;
 	verbose			= 0;
 	confirm			= 0;
-	distribution	= 0;
-	while ((c = getopt(argc, argv, "46BhH:i:K:L:p:d:c:b:j:r:f:t:v:z:VY")) != EOF) {
+	while ((c = getopt(argc, argv, "46BhH:i:K:L:p:d:c:b:j:r:f:t:v:VY")) != EOF) {
 		switch (c) {
 			case 'h':
 				usage(argv[0]);
@@ -556,9 +524,6 @@ time_t t_start, t_end;
 			case 'r':
 				rfile = optarg;
 				break;
-			case 'z':
-				distribution = atoi(optarg);
-				break;
 			case '4':
 				if ( peer.family == AF_UNSPEC )
 					peer.family = AF_INET;
@@ -646,7 +611,7 @@ time_t t_start, t_end;
 			exit(255);
 	}
 
-	send_data(rfile, t_start, t_end, count, delay, confirm, netflow_version,distribution);
+	send_data(rfile, t_start, t_end, count, delay, confirm, netflow_version);
 
 	FreeExtensionMaps(extension_map_list);
 

bin/sfcapd.c

@@ -1,5 +1,4 @@
 /*
- *  Copyright (c) 2018, Peter Haag
  *  Copyright (c) 2017, Peter Haag
  *  Copyright (c) 2016, Peter Haag
  *  Copyright (c) 2014, Peter Haag
@@ -125,7 +124,7 @@ static void daemonize(void);
 
 static void SetPriv(char *userid, char *groupid );
 
-static void run(packet_function_t receive_packet, int socket, repeater_t *repeater,
+static void run(packet_function_t receive_packet, int socket, send_peer_t peer, 
 	time_t twin, time_t t_begin, int report_seq, int use_subdirs, char *time_extension, int compress);
 
 /* Functions */
@@ -145,7 +144,7 @@ static void usage(char *name) {
 					"-H Add port histogram data to flow file.(default 'no')\n"
 					"-n Ident,IP,logdir\tAdd this flow source - multiple streams\n" 
 					"-P pidfile\tset the PID file\n"
-					"-R IP[/port]\tRepeat incoming packets to IP address/port. Max 8 repeaters\n"
+					"-R IP[/port]\tRepeat incoming packets to IP address/port\n"
 					"-x process\tlaunch process after a new file becomes available\n"
 					"-z\t\tLZO compress flows in output file.\n"
 					"-y\t\tLZ4 compress flows in output file.\n"
@@ -333,7 +332,7 @@ int		err;
 #include "nffile_inline.c"
 #include "collector_inline.c"
 
-static void run(packet_function_t receive_packet, int socket, repeater_t *repeater,
+static void run(packet_function_t receive_packet, int socket, send_peer_t peer, 
 	time_t twin, time_t t_begin, int report_seq, int use_subdirs, char *time_extension, int compress) {
 FlowSource_t			*fs;
 struct sockaddr_storage sf_sender;
@@ -394,7 +393,6 @@ srecord_t	*commbuff;
 	 */
 	while ( 1 ) {
 		struct timeval tv;
-		int i;
 
 		/* read next bunch of data into beginn of input buffer */
 		if ( !done) {
@@ -417,15 +415,12 @@ srecord_t	*commbuff;
 				continue;
 			}
 
-			i = 0;
-			while ( repeater[i].hostname && (i < MAX_REPEATERS)) {
+			if ( peer.hostname ) {
 				ssize_t len;
-				len = sendto(repeater[i].sockfd, in_buff, cnt, 0, 
-						(struct sockaddr *)&(repeater[i].addr), repeater[i].addrlen);
+				len = sendto(peer.sockfd, in_buff, cnt, 0, (struct sockaddr *)&(peer.addr), peer.addrlen);
 				if ( len < 0 ) {
 					LogError("ERROR: sendto(): %s", strerror(errno));
 				}
-				i++;
 			}
 		}
 
@@ -663,14 +658,14 @@ char	*userid, *groupid, *checkptr, *listenport, *mcastgroup, *extension_tags;
 char	*Ident, *pcap_file, *time_extension, pidfile[MAXPATHLEN];
 struct stat fstat;
 packet_function_t receive_packet;
-repeater_t repeater[MAX_REPEATERS];
+send_peer_t  peer;
 FlowSource_t *fs;
 struct sigaction act;
 int		family, bufflen;
 time_t 	twin, t_start;
 int		sock, synctime, do_daemonize, expire, spec_time_extension, report_sequence;
 int		subdir_index, compress;
-int		c, i;
+int	c;
 
 	receive_packet 	= recvfrom;
 	verbose = synctime = do_daemonize = 0;
@@ -692,10 +687,8 @@ int		c, i;
 	expire			= 0;
 	spec_time_extension = 0;
 	compress		= NOT_COMPRESSED;
-	memset((void *)&repeater, 0, sizeof(repeater));
-	for ( i = 0; i < MAX_REPEATERS; i++ ) {
-		repeater[i].family = AF_UNSPEC;
-	}
+	memset((void *)&peer, 0, sizeof(send_peer_t));
+	peer.family		= AF_UNSPEC;
 	Ident			= "none";
 	FlowSource		= NULL;
 	extension_tags	= DefaultExtensions;
@@ -801,23 +794,14 @@ int		c, i;
 				pidfile[MAXPATHLEN-1] = 0;
 				break;
 			case 'R': {
-				char *port, *hostname;
 				char *p = strchr(optarg, '/');
-				int i = 0;
 				if ( p ) { 
 					*p++ = '\0';
-					port = strdup(p);
+					peer.port = strdup(p);
 				} else {
-					port = DEFAULTSFLOWPORT;
+					peer.port = DEFAULTSFLOWPORT;
 				}
-				hostname = strdup(optarg);
-				while ( repeater[i].hostname && (i < MAX_REPEATERS) ) i++;
-				if ( i == MAX_REPEATERS ) {
-					fprintf(stderr, "Too many packet repeaters! Max: %i repeaters allowed.\n", MAX_REPEATERS);
-					exit(255);
-				}
-				repeater[i].hostname = hostname;
-				repeater[i].port 	 = port;
+				peer.hostname = strdup(optarg);
 
 				break; }
 			case 'r':
@@ -930,14 +914,11 @@ int		c, i;
 		exit(255);
 	}
 
-	i = 0;
-	while ( repeater[i].hostname && (i < MAX_REPEATERS) ) {
-		repeater[i].sockfd = Unicast_send_socket (repeater[i].hostname, repeater[i].port, repeater[i].family, bufflen, 
-											&repeater[i].addr, &repeater[i].addrlen );
-		if ( repeater[i].sockfd <= 0 )
+	if ( peer.hostname ) {
+		peer.sockfd = Unicast_send_socket (peer.hostname, peer.port, peer.family, bufflen, 
+											&peer.addr, &peer.addrlen );
+		if ( peer.sockfd <= 0 )
 			exit(255);
-		LogInfo("Replay flows to host: %s port: %s", repeater[i].hostname, repeater[i].port);
-		i++;
 	}
 
 	SetPriv(userid, groupid);
@@ -1090,7 +1071,7 @@ int		c, i;
 	sigaction(SIGCHLD, &act, NULL);
 
 	LogInfo("Startup.");
-	run(receive_packet, sock, repeater, twin, t_start, report_sequence, subdir_index, 
+	run(receive_packet, sock, peer, twin, t_start, report_sequence, subdir_index, 
 		time_extension, compress);
 	close(sock);
 	kill_launcher(launcher_pid);

configure.ac

@@ -104,7 +104,7 @@ fi
 )
 
 AC_ARG_WITH(pcappath,
-[  --with-pcappath=PATH      Expect libpcap installed in PATH; default /usr/local],
+[  --with-pcappath=PATH      Expect RRD installed in PATH; default /usr/local],
 if test "x$with_pcappath" = "xyes" ; then
 	CPPFLAGS="${CPPFLAGS} -I/usr/local/include"
 	LDFLAGS="${LDFLAGS} -L/usr/local/lib"
@@ -242,7 +242,7 @@ AC_ARG_ENABLE(nfpcapd,
 cat >>config.h <<_ACEOF
 #define HAVE_LIBPCAP 1
 _ACEOF
-PCAP_LIBS="-lpcap"
+RRD_LIBS="-lpcap"
 AC_SUBST(PCAP_LIBS)
 ]
 , AC_MSG_ERROR(Can not link libpcap. Please specify --with-pcappath=.. configure failed! ))

man/nfcapd.1

@@ -65,7 +65,7 @@ Join the specified IPv4 or IPv6 multicast group for listening.
 Enable packet repeater. Send all incoming packets to another \fIhost\fR and \fIport\fR.
 \fIhost\fR is either a valid IPv4/IPv6 address, or a valid symbolic hostname, which resolves to 
 a IPv6 or IPv4 address. \fIport\fR may be omitted and defaults to port 9995. Note: Due to IPv4/IPv6
-accepted addresses the port separator is '/'. Up to 8 repeaters my be defined.
+accepted addresses the port separator is '/'.
 .TP 3
 .B -I \fIIdentString ( capital letter i )
 Specifies an ident string, which describes the source e.g. the 

man/nfreplay.1

@@ -57,11 +57,6 @@ the time spec may be omitted e.g YYYY/MM/dd expands to
 YYYY/MM/dd.00:00:00\-YYYY/MM/dd.23:59:59 and sends all flow from a 
 given day.
 .TP 3
-.B -z \fInum
-Flows are sent with their "real distribution" acrross time (with a speed coefficient)
--z 1 : 5 minutes of records will be sent in 5 minutes.
--z 20 : 5 minutes of record will be sent in 5/20 = 0.25 minutes.
-.TP 3
 .B -c \fInum
 Limit number of records to send to the first \fInum\fR flows.
 .TP 3

man/sfcapd.1

@@ -42,7 +42,7 @@ Join the specified IPv6 or IPv6 multicast group for listening.
 Enable packet repeater. Send all incoming packets to another \fIhost\fR and \fIport\fR.
 \fIhost\fR is either a valid IPv4/IPv6 address, or a valid simbolic hostname, which resolves to 
 a IPv6 or IPv4 address. \fIport\fR may be omitted and defaults to port 6343. Note: Due to IPv4/IPv6
-accepted addresses the port separator is '/'. Up to 8 repeaters my be defined.
+accepted addresses the port separator is '/'.
 .TP 3
 .B -I \fIIdentString ( capital letter i )
 Specifies an ident string, which describes the source e.g. the