Flow aggregation..
s442755 at mindlessproductions.com
s442755 at mindlessproductions.com
Fri Oct 6 19:45:27 EDT 2006
>
> Hey Rick,
> Application specific configuration files use the "-f conf.file" option.
> The "-F ra.rc.like.conf" option is used for the general ra* client
> configuration. So for racluster(), you should use the "-f conf.file"
> option.
yea sorry.. i noticed that afterwards :(
>
> Ok, so I need to fix a few things including my brain. The
> filter syntax
> for networks and masks that I suggested was way off. For the filter,
> the correct syntax is:
>
> "net x.y.z.w mask x.y.z.a"
yep that's got it :) thanks :) (sorry, i should have read the code)
that behaviour also matches the 'filter expression' on the end :)
>
> saddr/[digit | ipv4 | ipv6]
>
> so examples could be:
>
> saddr/18
> saddr/67
> saddr/255.255.0.255
> saddr/ffff::ffff
>
nice.. particularly on the v6 :)
i just tested with special case of [sd]addrlen == 0:
model="daddr/0 proto port"
which causes a segfault :(
model="daddr/1 proto port"
works as expected so just the special 0 case not handled..
> The saddrlen and daddrlen variables are for the address mask length,
> and so an 'int' can handle it no problem (actually I've changed it to
> a short
> since you pointed it out).
>
that was how it appeared i just couldn't see where you were putting address
in that case but if it was removed then that'll be why :)
to be pedantic :(, could prolly get away with an unsigned char or uint8_t
(to be slightly less standard :().. it should probably be range checked
where it parsed so can spit usage() before processing data for hours and
potentially yielding unexpected values.. else unsigned at least?
> I'll have a new set of code up on monday that implements this.
>
Many thanks. :)
More information about the argus
mailing list