rc.35 - ArgusGetIndicatorString() still incomplete

Carter Bullard carter at qosient.com
Mon Dec 11 14:52:44 EST 2006 

OK, so I implemented this list, and I'll update the ra.1 man page for  
it.
Moved some columns around so that the important stuff (encaps,  
icmp,loss,
flow control) are more on the left.

See any problems, holler.
Carter

/*
     01234567
     T        -  Time Corrected/Adjusted
      M       -  Multiple layer 2 paths
      m       -  MPLS encapsulated flow
      p       -  PPP over Enternet encapsulated flow
      v       -  VLAN encapsulations/tags
      G       -  GRE enscapsulation
       I      -  ICMP events mapped to this flow
       U      -  ICMP Unreachable event mapped to this flow
       R      -  ICMP Redirect event mapped to this flow
       T      -  ICMP Time Exceeded mapped to this flow
        *     -  Both Src and Dst loss/retransmission
        s     -  Src loss/retransmissions
        d     -  Dst loss/retransmissions
        &     -  Both Src and Dst packet out of order
        i     -  Src packets out of order
        r     -  Dst packets out of order
         @    -  Both Src and Dst Window Closure
         S    -  Src TCP Window Closure
         D    -  Dst TCP Window Closure
          E   -  Both Src and Dst ECN
          x   -  Src Explicit Congestion Notification
          t   -  Dst ECN
           V  -  Fragment overlap seen
           f  -  Partial Fragment
           F  -  Fragments seen
            O  -  multiple IP options set
            S  -  IP option Strict Source Route
            L  -  IP option Loose Source Route
            T  -  IP option Time Stamp
            +  -  IP option Security
            R  -  IP option Record Route
            A  -  IP option Router Alert
            U  -  unknown IP options set
*/

On Dec 1, 2006, at 10:59 AM, Philipp E. Letschert wrote:

> The ra man page gives the following possibilities for the proto  
> indicator flag:
>
>             T          -  Time Corrected/Adjusted
>             M          -  Multiple physical layer paths
>              m         -  MPLS encapsulated flow
>              p         -  PPP over Enternet encapsulated flow
>               v        -  VLAN encapsulations/tags
>                G       -  GRE encapsulations/tags
>                 I      -  ICMP events mapped to this flow
>                 U      -  ICMP Unreachable event mapped to this flow
>                 R      -  ICMP Redirect event mapped to this flow
>                 T      -  ICMP Time Exceeded mapped to this flow
>                  V     -  Fragment overlap seen
>                  f     -  Partial Fragment
>                  F     -  Fragments seen
>                  O     -  multiple IP options set
>                  S     -  IP option Strict Source Route
>                  L     -  IP option Loose Source Route
>                  T     -  IP option Time Stamp
>                  +     -  IP option Security
>                  R     -  IP option Record Route
>                  A     -  IP option Router Alert
>                  U     -  unknown IP options set
>                   *    -  Both Src and Dst TCP retransmissions
>                   s    -  Src TCP packet retransmissions
>                   d    -  Dst TCP packet retransmissions
>                   &    -  Both Src and Dst packet out of order
>                   i    -  Src TCP packets out of order
>                   r    -  Dst TCP packets out of order
>                    @   -  Both Src and Dst Window Closure
>                    S   -  Src TCP Window Closure
>                    D   -  Dst TCP Window Closure
>                     E  -  Both Src and Dst ECN
>                     x  -  Src TCP Explicit Congestion Notification
>                     t  -  Dst TCP ECN
>
> Than I observed some transactions, that do not fit into this  
> scheme. By looking
> at the code that generates this flags in rc.35, the scheme of  
> possible flags
> looks like this:
>
>             T
>             m
>              v
>               &
>               i
>               r
>               *
>               s
>               d
>                E
>                x
>                t
>                @
>                S
>                D
>                 F
>
> Because this is fewer flags than in the man page and in ra 2.0.6,  
> and the 9char
> buffer never gets filled, I guessed that the code in argus_util.c  
> is not
> finished yet and I moved the positions of the flags that are there,  
> to the
> positions they should have according to documentation.
>
> So either documentation or code is wrong. Or am I missing something?
>
>
> Regards, Philipp
>
> On Fri, Dec 01, 2006 at 03:05:33PM +0000, carter at qosient.com wrote:
>> What is the problem that you are fixing?
>> Carter
>>
>> Carter Bullard
>> QoSient LLC
>> 150 E. 57th Street Suite 12D
>> New York, New York 10022
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>>
>> -----Original Message-----
>> From: "Philipp E. Letschert" <phil at uni-koblenz.de>
>> Date: Fri, 1 Dec 2006 02:22:11
>> To:argus-info at lists.andrew.cmu.edu
>> Subject: [ARGUS] rc.35 - ArgusGetIndicatorString() still incomplete
>>
>> Hi,
>>
>> this is QA again ;)
>>
>> attached is a tiny little patch to fix the offsets of the proto  
>> indicator flags.
>>> From what I've seen, there is still a lot of flag generation code  
>>> missing. I've
>> not started to fill the gaps, because I don't know if there is  
>> already ongoing
>> work on that.
>>
>> Cheers, Phil
>>
>>
>

More information about the argus mailing list