rc.35 - ArgusGetIndicatorString() still incomplete

Carter Bullard carter at qosient.com
Mon Dec 11 13:07:04 EST 2006 

Hey Phillipp,
Hmmmm, the comments in the code and documentation are what we're  
working towards.
I'll beef them up now.
Carter


On Dec 1, 2006, at 10:59 AM, Philipp E. Letschert wrote:

> The ra man page gives the following possibilities for the proto  
> indicator flag:
>
>             T          -  Time Corrected/Adjusted
>             M          -  Multiple physical layer paths
>              m         -  MPLS encapsulated flow
>              p         -  PPP over Enternet encapsulated flow
>               v        -  VLAN encapsulations/tags
>                G       -  GRE encapsulations/tags
>                 I      -  ICMP events mapped to this flow
>                 U      -  ICMP Unreachable event mapped to this flow
>                 R      -  ICMP Redirect event mapped to this flow
>                 T      -  ICMP Time Exceeded mapped to this flow
>                  V     -  Fragment overlap seen
>                  f     -  Partial Fragment
>                  F     -  Fragments seen
>                  O     -  multiple IP options set
>                  S     -  IP option Strict Source Route
>                  L     -  IP option Loose Source Route
>                  T     -  IP option Time Stamp
>                  +     -  IP option Security
>                  R     -  IP option Record Route
>                  A     -  IP option Router Alert
>                  U     -  unknown IP options set
>                   *    -  Both Src and Dst TCP retransmissions
>                   s    -  Src TCP packet retransmissions
>                   d    -  Dst TCP packet retransmissions
>                   &    -  Both Src and Dst packet out of order
>                   i    -  Src TCP packets out of order
>                   r    -  Dst TCP packets out of order
>                    @   -  Both Src and Dst Window Closure
>                    S   -  Src TCP Window Closure
>                    D   -  Dst TCP Window Closure
>                     E  -  Both Src and Dst ECN
>                     x  -  Src TCP Explicit Congestion Notification
>                     t  -  Dst TCP ECN
>
> Than I observed some transactions, that do not fit into this  
> scheme. By looking
> at the code that generates this flags in rc.35, the scheme of  
> possible flags
> looks like this:
>
>             T
>             m
>              v
>               &
>               i
>               r
>               *
>               s
>               d
>                E
>                x
>                t
>                @
>                S
>                D
>                 F
>
> Because this is fewer flags than in the man page and in ra 2.0.6,  
> and the 9char
> buffer never gets filled, I guessed that the code in argus_util.c  
> is not
> finished yet and I moved the positions of the flags that are there,  
> to the
> positions they should have according to documentation.
>
> So either documentation or code is wrong. Or am I missing something?
>
>
> Regards, Philipp
>
> On Fri, Dec 01, 2006 at 03:05:33PM +0000, carter at qosient.com wrote:
>> What is the problem that you are fixing?
>> Carter
>>
>> Carter Bullard
>> QoSient LLC
>> 150 E. 57th Street Suite 12D
>> New York, New York 10022
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>>
>> -----Original Message-----
>> From: "Philipp E. Letschert" <phil at uni-koblenz.de>
>> Date: Fri, 1 Dec 2006 02:22:11
>> To:argus-info at lists.andrew.cmu.edu
>> Subject: [ARGUS] rc.35 - ArgusGetIndicatorString() still incomplete
>>
>> Hi,
>>
>> this is QA again ;)
>>
>> attached is a tiny little patch to fix the offsets of the proto  
>> indicator flags.
>>> From what I've seen, there is still a lot of flag generation code  
>>> missing. I've
>> not started to fill the gaps, because I don't know if there is  
>> already ongoing
>> work on that.
>>
>> Cheers, Phil
>>
>>
>

More information about the argus mailing list