rc.35 - ArgusGetIndicatorString() still incomplete

Philipp E. Letschert phil at uni-koblenz.de
Fri Dec 1 10:59:42 EST 2006 

The ra man page gives the following possibilities for the proto indicator flag:

            T          -  Time Corrected/Adjusted
            M          -  Multiple physical layer paths
             m         -  MPLS encapsulated flow
             p         -  PPP over Enternet encapsulated flow
              v        -  VLAN encapsulations/tags
               G       -  GRE encapsulations/tags
                I      -  ICMP events mapped to this flow
                U      -  ICMP Unreachable event mapped to this flow
                R      -  ICMP Redirect event mapped to this flow
                T      -  ICMP Time Exceeded mapped to this flow
                 V     -  Fragment overlap seen
                 f     -  Partial Fragment
                 F     -  Fragments seen
                 O     -  multiple IP options set
                 S     -  IP option Strict Source Route
                 L     -  IP option Loose Source Route
                 T     -  IP option Time Stamp
                 +     -  IP option Security
                 R     -  IP option Record Route
                 A     -  IP option Router Alert
                 U     -  unknown IP options set
                  *    -  Both Src and Dst TCP retransmissions
                  s    -  Src TCP packet retransmissions
                  d    -  Dst TCP packet retransmissions
                  &    -  Both Src and Dst packet out of order
                  i    -  Src TCP packets out of order
                  r    -  Dst TCP packets out of order
                   @   -  Both Src and Dst Window Closure
                   S   -  Src TCP Window Closure
                   D   -  Dst TCP Window Closure
                    E  -  Both Src and Dst ECN
                    x  -  Src TCP Explicit Congestion Notification
                    t  -  Dst TCP ECN

Than I observed some transactions, that do not fit into this scheme. By looking
at the code that generates this flags in rc.35, the scheme of possible flags
looks like this:

            T
            m
             v
              &
              i
              r
              *
              s
              d
               E
               x
               t
               @
               S
               D
                F

Because this is fewer flags than in the man page and in ra 2.0.6, and the 9char
buffer never gets filled, I guessed that the code in argus_util.c is not
finished yet and I moved the positions of the flags that are there, to the
positions they should have according to documentation.

So either documentation or code is wrong. Or am I missing something?


Regards, Philipp

On Fri, Dec 01, 2006 at 03:05:33PM +0000, carter at qosient.com wrote:
> What is the problem that you are fixing?
> Carter
> 
> Carter Bullard
> QoSient LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax  
> 
> -----Original Message-----
> From: "Philipp E. Letschert" <phil at uni-koblenz.de>
> Date: Fri, 1 Dec 2006 02:22:11 
> To:argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] rc.35 - ArgusGetIndicatorString() still incomplete
> 
> Hi,
> 
> this is QA again ;)
> 
> attached is a tiny little patch to fix the offsets of the proto indicator flags.
> >From what I've seen, there is still a lot of flag generation code missing. I've
> not started to fill the gaps, because I don't know if there is already ongoing
> work on that. 
> 
> Cheers, Phil
> 
>

More information about the argus mailing list