1RCS file: ./RCS/README,v 22005-09-28 16:07:18-05 3revision 1.11 4updated build instructions for argus. As of 2.0.6 it's split into two 5packages (argus and argus-clients), so we now build in the contrib dir 6of argus-clients 7================================================================================ 8RCS file: ./RCS/Cflow.pm,v 92005-09-28 10:58:01-05 10revision 1.53 11updated POD to mention using binmode to setup the filehandle to use 12the ":bytes" PerlIO Layer. This is necessary to keep UTF-8 support from 13screwing up the output if you write $Cflow::raw or $Cflow::reraw. 14================================================================================ 15RCS file: ./RCS/flowdumper.PL,v 162005-09-28 09:49:25-05 17revision 1.46 18used binmode to setup STDOUT to use the ":bytes" PerlIO Layer if -r or -R 19is used. This is necessary to keep UTF-8 support from screwing up the 20output. 21================================================================================ 22RCS file: ./RCS/flowdumper.PL,v 232005-04-19 11:23:19-05 24revision 1.45 25syntax change only ("||" to "or") 26================================================================================ 27RCS file: ./RCS/flowdumper.PL,v 282005-04-08 11:00:25-05 29revision 1.44 30added ENCODE_SRC and ENCODE_DST routines so that user can selectively 31encode just source or destination addresses 32================================================================================ 33RCS file: ./RCS/Makefile.PL,v 342003-05-10 11:31:21-05 35revision 1.11 36RedHat Linux likes to put pcap.h in /usr/include/pcap, so add that to the 37list of include directories for argus 38================================================================================ 39RCS file: ./RCS/Cflow.pm,v 402002-08-28 16:12:09-05 41revision 1.52 42added KludgeSecs and KludgeMsecs 43(I have no recollection of whether or not this is working... I'm checking 44it in Sep 28, 2005) 45================================================================================ 46RCS file: ./RCS/flowdumper.PL,v 472002-01-31 00:08:06-06 48revision 1.43 49used `defined' to test some protocol-specific fields when using the 50"long" format, to prevent "Use of uninitialized value" errors 51================================================================================ 52RCS file: ./RCS/Cflow.xs,v 532002-01-31 00:06:30-06 54revision 1.24 55initialize $tcp_flags to zero when processing argus ICMP flows 56(for flowdumper, now that it considers warnings to be fatal) 57================================================================================ 58RCS file: ./RCS/Cflow.xs,v 592002-01-30 23:43:14-06 60revision 1.23 61Be sure that NetFlow v5 fields are initialized even if the flow source 62was flow-tools or argus, which don't always have those fields. 63This is necessary now that flowdumper reports warnings in the perl 64expressions supplied as arguments, and treats them as fatal. 65================================================================================ 66RCS file: ./RCS/Cflow.pm,v 672002-01-30 19:07:19-06 68revision 1.51 69fixed a problem with the FETCH method in package Cflow::SymbolicICMPTypeCode 70that caused it to produce errors when processing ICMP flows now that 71warnings are treated as fatal (with the "-e" expression) 72================================================================================ 73RCS file: ./RCS/flowdumper.PL,v 742002-01-30 19:06:36-06 75revision 1.42 76fixed some typos in examples in the POD that caused them not to work 77================================================================================ 78RCS file: ./RCS/flowdumper.PL,v 792002-01-30 18:25:00-06 80revision 1.41 81treated warnings as fatal if the occur because of the "-I" or "-E" 82expressions. 83(this makes it much easier to detect typos since the will often now 84produce the message "Use of uninitialized value") 85================================================================================ 86RCS file: ./RCS/flowdumper.PL,v 872002-01-30 18:14:16-06 88revision 1.40 89treated warnings as fatal if the occur because of the "-e expression" 90(this makes it much easier to detect typos since the will often now 91produce the message "Use of uninitialized value") 92================================================================================ 93RCS file: ./RCS/Cflow.pm,v 942002-01-30 18:11:58-06 95revision 1.50 96fixed a typo that was causing the URGent TCP flag not to be shown in 97the $symbolic_tcp_flags due to the use of an uninitialized value 98================================================================================ 99RCS file: ./RCS/warning,v 1002002-01-30 17:22:37-06 101revision 1.1 locked by: dplonka; 102Initial revision 103================================================================================ 104RCS file: ./RCS/Cflow.pm,v 1052002-01-15 10:01:13-06 106revision 1.49 107added "ARGUS NOTES" section 108================================================================================ 109RCS file: ./RCS/Cflow.xs,v 1102002-01-14 11:17:30-06 111revision 1.22 112updated includes 113 114added copyright info 115================================================================================ 116RCS file: ./RCS/Cflow.pm,v 1172002-01-11 21:58:40-06 118revision 1.48 119upped Revision number in prep for release 120================================================================================ 121RCS file: ./RCS/Cflow.xs,v 1222002-01-11 21:57:17-06 123revision 1.21 124ifdef ARGUS, include <sys/socket.h> and <net/if.h>. This got things 125to go with perl 5.004_04 under Solaris 2.6. (I suspect that newer 126perls include those already which is why I didn't notice it with perl 127version 5.6.1 under Linux.) 128================================================================================ 129RCS file: ./RCS/README,v 1302002-01-11 16:48:51-06 131revision 1.10 132updated for argus 133================================================================================ 134RCS file: ./RCS/Cflow.pm,v 1352002-01-11 16:34:44-06 136revision 1.47 137updated date and argus info 138================================================================================ 139RCS file: ./RCS/Makefile.PL,v 1402002-01-11 16:23:26-06 141revision 1.10 142changed tests for argus and flow-tools so that flow-tools will be 143looked for, if argus is not found 144================================================================================ 145RCS file: ./RCS/Cflow.xs,v 1462002-01-11 16:22:41-06 147revision 1.20 148converted argus ether-byte counts into NetFlow-like IP-byte counts 149(ifdef ARGUS) 150================================================================================ 151RCS file: ./RCS/Cflow.xs,v 1522002-01-11 16:12:58-06 153revision 1.19 154added initialization of ArgusProgramName so that it will be reported with 155any argus error messages 156 157conditioned out the argus initialization that should have been ifdef ARGUS 158================================================================================ 159RCS file: ./RCS/Cflow.xs,v 1602002-01-11 15:40:14-06 161revision 1.18 162added milliseconds and duration stuff ifdef ARGUS 163================================================================================ 164RCS file: ./RCS/Cflow.xs,v 1652002-01-11 14:44:43-06 166revision 1.17 167worked on the Argus code a bit more. This revision works pretty well. 168================================================================================ 169RCS file: ./RCS/Cflow.xs,v 1702002-01-10 19:54:45-06 171revision 1.16 172added support for argus-2 173(not everything is working yet though) 174================================================================================ 175RCS file: ./RCS/Cflow.pm,v 1762002-01-10 19:54:45-06 177revision 1.46 178added support for argus-2 179(not everything is working yet though) 180================================================================================ 181RCS file: ./RCS/Makefile.PL,v 1822002-01-10 19:54:45-06 183revision 1.9 184added support for argus-2 185(not everything is working yet though) 186================================================================================ 187RCS file: ./RCS/README,v 1882001-11-14 12:47:18-06 189revision 1.9 190updated flow-tools URL and some other stuff 191================================================================================ 192RCS file: ./RCS/Cflow.pm,v 1932001-11-14 12:47:00-06 194revision 1.45 195updated flow-tools URL 196================================================================================ 197RCS file: ./RCS/flowdumper.PL,v 1982001-11-14 12:38:58-06 199revision 1.39 200fixed a POD typo 201================================================================================ 202RCS file: ./RCS/Cflow.pm,v 2032001-11-14 12:15:54-06 204revision 1.44 205forced increment of Revision number 206================================================================================ 207RCS file: ./RCS/flowdumper.PL,v 2082001-11-14 12:14:54-06 209revision 1.38 210used File::Basename to fix a bug in the previous revisions which caused 211"-o" to fail if the input file was not in the current directory 212 213added some usage info and POD 214================================================================================ 215RCS file: ./RCS/Cflow.pm,v 2162001-11-14 08:11:03-06 217revision 1.43 218added "-o output_file" option so that the output file name can be a function 219of the input file name (and therefore there can be multiple seperate output 220files, one for each input file. e.g. "flowdumper -s -o /tmp/%s.txt *.cflow") 221================================================================================ 222RCS file: ./RCS/flowdumper.PL,v 2232001-11-14 08:11:03-06 224revision 1.37 225added "-o output_file" option so that the output file name can be a function 226of the input file name (and therefore there can be multiple seperate output 227files, one for each input file. e.g. "flowdumper -s -o /tmp/%s.txt *.cflow") 228================================================================================ 229RCS file: ./RCS/flowdumper.PL,v 2302001-11-14 07:43:51-06 231revision 1.36 232used Net::ParseRouteTable rather than ParseBGPDump so that we can parse 233the output of JunOS "show route protocol bgp terse", which Michael added 234to Net::ParseRouteTable 235================================================================================ 236RCS file: ./RCS/Cflow.pm,v 2372001-11-14 07:43:10-06 238revision 1.42 239updated some POD 240================================================================================ 241RCS file: ./RCS/flowdumper.PL,v 2422001-07-22 14:35:14-05 243revision 1.35 244fixed the printing of pkts and bytes as unsigned values. 245Previously they would sometimes show negative values unless you used "-s". 246Thanks to Mark Fullmer <maf@eng.oar.net> for this bug report. 247================================================================================ 248RCS file: ./RCS/flowdumper.PL,v 2492001-07-22 14:26:02-05 250revision 1.34 251modified ASPathRef::FETCH return value to produce an ARRAYREF 252(Jun 23) 253================================================================================ 254RCS file: ./RCS/flowdumper.PL,v 2552001-06-23 11:51:29-05 256revision 1.33 257added the "-B" option to load a file containing Cisco "show ip bgp" output. 258This then allows the user to refer to the following variables to examine 259the AS path: 260 $dst_as_path_arrayref, $dst_origin_as, and $dst_peer_as 261 $src_as_path_arrayref, $src_origin_as, and $src_peer_as 262This option requires ParseBGPDump and Net::Patricia to be loadable at 263run-time. 264================================================================================ 265RCS file: ./RCS/Cflow.pm,v 2662001-06-23 11:49:14-05 267revision 1.41 268in Cflow::InetNtoA, added a level of indirection when blessing the object 269so that I can make other classes that are based on references to the Cflow 270address flow variables (like $Cflow::srcaddr, $Cflow::dstaddr, etc.) 271================================================================================ 272RCS file: ./RCS/Cflow.pm,v 2732001-06-15 14:07:09-05 274revision 1.40 275forced check-in to up the revision number 276(a changes was made to "Cflow.xs") 277================================================================================ 278RCS file: ./RCS/Cflow.xs,v 2792001-06-15 14:05:47-05 280revision 1.15 281fixed a malformed comment in the previous revision that caused Cflow-1.039 282not to build 283================================================================================ 284RCS file: ./RCS/README,v 2852001-06-15 04:14:56-05 286revision 1.8 287attempted to clarify flow-tools build instructions 288================================================================================ 289RCS file: ./RCS/Cflow.pm,v 2902001-06-11 11:18:55-05 291revision 1.39 292reformatted some POD 293================================================================================ 294RCS file: ./RCS/flowdumper.PL,v 2952001-06-11 11:18:09-05 296revision 1.32 297corrected usage and POD re: "-r" and "-R" options 298================================================================================ 299RCS file: ./RCS/flowdumper.PL,v 3002001-06-11 10:47:31-05 301revision 1.31 302added the "-p" option to encode the IP addresses according to mappings 303defined in the specified file 304 305added the "-R" option to facillitate the writing of raw flow files after 306they are encoded (by using the "-p" option or some other method) 307 308added some POD 309================================================================================ 310RCS file: ./RCS/Cflow.pm,v 3112001-06-11 10:44:50-05 312revision 1.38 313added $Cflow::reraw which is like $Cflow::raw except that it is repacked 314when referenced therefore it enables the user to modify the flow variables 315beforehand 316 317added some POD to the BUGS section 318================================================================================ 319RCS file: ./RCS/Cflow.xs,v 3202001-06-11 09:00:08-05 321revision 1.14 322fixed a bug that, ifdef OSU, that caused undefined behavior with regard 323to whether or not the values of $src_as, $dst_as, $src_mask, $dst_mask, 324$engine_type, and $engine_id where properly set when reading flow-tools 325flow files for NetFlow versions 5, 6, and 7 326================================================================================ 327RCS file: ./RCS/Cflow.pm,v 3282001-06-11 08:56:31-05 329revision 1.37 330fixed an innocuous typo 331================================================================================ 332RCS file: ./RCS/Makefile.PL,v 3332001-05-18 17:55:37-05 334revision 1.8 335when linking for OSU flow-tools, specify "-lft" before "-lz" 336as suggested by John Roman <jrr@wustl.edu> 337================================================================================ 338RCS file: ./RCS/flowdumper.PL,v 3392001-05-18 08:27:32-05 340revision 1.30 341fixed some POD typos 342================================================================================ 343RCS file: ./RCS/Cflow.xs,v 3442001-05-14 22:14:13-05 345revision 1.13 346fixed a bug introduce with the flow-tools changes that was causing 347flowdumper to report 'open "-": No such file or directory' when 348doing something like 'flow-cat oeb3.flows | flowdumper'. 349Reported by Mark Fullmer <maf@eng.oar.net> 350================================================================================ 351RCS file: ./RCS/README,v 3522001-05-14 21:47:01-05 353revision 1.7 354updated for support of NetFlow versions 1, 6, and 7 with flow-tools 355================================================================================ 356RCS file: ./RCS/Cflow.pm,v 3572001-05-14 21:46:28-05 358revision 1.36 359updated POD for support of NetFlow versions 1, 6, and 7 with flow-tools 360================================================================================ 361RCS file: ./RCS/Cflow.xs,v 3622001-05-14 21:45:44-05 363revision 1.12 364added support for NetFlow versions 1, 6, and 7 when using flow-tools 365================================================================================ 366RCS file: ./RCS/README,v 3672001-05-10 16:29:23-05 368revision 1.6 369updated for OSU flow-tools and lfapd 370================================================================================ 371RCS file: ./RCS/Cflow.pm,v 3722001-05-10 16:29:08-05 373revision 1.35 374updated the URL for lfapd 375================================================================================ 376RCS file: ./RCS/flowdumper.PL,v 3772001-05-10 16:11:18-05 378revision 1.29 379allowed "-r" even if "-e" is not specified since this is theoretically 380now useful to convert raw flow files from OSU flow-tools format to 381cflowd format 382 383rearranged the examples in order of increasing complexity 384 385added some complicated examples which use Net::Patricia 386================================================================================ 387RCS file: ./RCS/Makefile.PL,v 3882001-05-10 16:09:00-05 389revision 1.7 390In the find_flow_tools subroutine: took out all the goofy stuff which 391looks for the OSU flow-tools source directory and just hard-wired it 392to check in "../..". (This means that this package should be placed 393in the "perl" sub-directory of the flow-tools distribution for it to 394enable flow-tools compatibility.) 395================================================================================ 396RCS file: ./RCS/Cflow.xs,v 3972001-05-10 16:07:40-05 398revision 1.11 399added support for $Cflow::raw when processing OSU flow-tools files 400(Currently this can only be used to convert from flow-tools to cflowd 401raw flow file format.) 402================================================================================ 403RCS file: ./RCS/Cflow.pm,v 4042001-05-10 16:07:10-05 405revision 1.34 406added "SEE ALSO" to POD 407================================================================================ 408RCS file: ./RCS/Cflow.xs,v 4092001-05-10 15:04:58-05 410revision 1.10 411handled times with milliseconds with OSU flow-tools 412 413fixed a bug which was causing ICMP flows to be mishandled with flow-tools 414 415Introduced the duration flow variables 416 417(May 3) 418================================================================================ 419RCS file: ./RCS/Cflow.pm,v 4202001-05-10 11:52:16-05 421revision 1.33 422updated POD 423================================================================================ 424RCS file: ./RCS/flowdumper.PL,v 4252001-05-10 11:52:16-05 426revision 1.28 427updated POD 428================================================================================ 429RCS file: ./RCS/Cflow.pm,v 4302001-05-10 11:14:30-05 431revision 1.32 432updated POD for flow-tools 433================================================================================ 434RCS file: ./RCS/Makefile.PL,v 4352001-04-27 13:42:56-05 436revision 1.6 437various goofiness added to attempt to discover where OSU flow-tools 438is built or installed (so that we can build against it) 439 440(Mar 23) 441================================================================================ 442RCS file: ./RCS/Cflow.xs,v 4432001-04-27 13:41:30-05 444revision 1.9 445defined OSU in Makefile.PL 446 447ifdef OSU, included "config.h" and worked around macro collisions with perl 448 449(Mar 23) 450================================================================================ 451RCS file: ./RCS/Cflow.xs,v 4522001-03-23 14:37:08-06 453revision 1.8 454added support for OSU flow-tools 455(This revision pretty much works... some things are missing such as 456$Cflow::raw, $Cflow::nexthop, some of the start/stop times, etc.) 457================================================================================ 458RCS file: ./RCS/Makefile.PL,v 4592001-03-23 14:37:08-06 460revision 1.5 461added support for OSU flow-tools 462(This revision pretty much works... some things are missing such as 463$Cflow::raw, $Cflow::nexthop, some of the start/stop times, etc.) 464================================================================================ 465RCS file: ./RCS/Cflow.pm,v 4662001-03-23 14:35:34-06 467revision 1.31 468upped the revision number 469================================================================================ 470RCS file: ./RCS/Cflow.pm,v 4712001-02-21 12:12:03-06 472revision 1.30 473moved stuff that was used for verification of entry mask to "Cflow.xs" 474================================================================================ 475RCS file: ./RCS/Cflow.xs,v 4762001-02-21 12:11:29-06 477revision 1.7 478added verification of entry mask 479================================================================================ 480RCS file: ./RCS/cflow5.h,v 4812001-02-21 12:07:29-06 482revision 1.2 483fixed mask bit specifications 484================================================================================ 485RCS file: ./RCS/Cflow.pm,v 4862001-02-21 11:04:33-06 487revision 1.29 488updated copyright date 489 490added more POD 491================================================================================ 492RCS file: ./RCS/Cflow.xs,v 4932001-02-21 11:01:08-06 494revision 1.6 495improved the argument checking to find() 496 497included <arpa/inet.h> rather than <netinet/in.h> for ntohl, ntohs 498since it seems to be portable between Linux and Solaris (at least) 499================================================================================ 500RCS file: ./RCS/Cflow.xs,v 5012001-02-17 18:11:26-06 502revision 1.5 503fixed a big problem with the previous revisions which were causing the 504process size to grow incredibly large because temporaries weren't being 505freed until after all flows in all files were processed. In practive 506this made flowdumper all but unusuable if you specified many file names 507as the arguments because it would grow to 100s of megabytes and die wit 508"out of memory" 509================================================================================ 510RCS file: ./RCS/Cflow.xs,v 5112001-02-17 18:10:21-06 512revision 1.4 513Feb 16 514================================================================================ 515RCS file: ./RCS/Cflow.xs,v 5162001-02-14 12:39:30-06 517revision 1.3 518fixed a bug in the previous revision... I wasn't allowing the filename 519to be "-" to mean standard input 520================================================================================ 521RCS file: ./RCS/test.pl,v 5222001-02-14 07:55:54-06 523revision 1.2 524added a test, pretty much just for my own personal use 525================================================================================ 526RCS file: ./RCS/Cflow.xs,v 5272001-02-14 07:52:07-06 528revision 1.2 529used POSIX PATH_MAX 530================================================================================ 531RCS file: ./RCS/flowdumper.PL,v 5322001-02-14 01:13:23-06 533revision 1.27 534updated the copyright date and upped the required Cflow version 535================================================================================ 536RCS file: ./RCS/cflow5.h,v 5372001-02-14 01:13:04-06 538revision 1.1 539Initial revision 540================================================================================ 541RCS file: ./RCS/MANIFEST,v 5422001-02-14 01:12:50-06 543revision 1.4 544added the XS and header files 545================================================================================ 546RCS file: ./RCS/Cflow.pm,v 5472001-02-14 01:11:45-06 548revision 1.28 549replaced the find sub with an XSUB 550 551(This also fixed a bug where the $engine_type and $engine_id where always 552zero because of a typo in the previous revisions.) 553================================================================================ 554RCS file: ./RCS/Cflow.xs,v 5552001-02-14 01:11:18-06 556revision 1.1 557Initial revision 558================================================================================ 559RCS file: ./RCS/flowdumper.PL,v 5602001-02-14 00:27:51-06 561revision 1.26 562added an example of how to use flowdumper to get the head of a file 563(Feb 8) 564================================================================================ 565RCS file: ./RCS/flowdumper.PL,v 5662001-02-08 12:24:20-06 567revision 1.25 568prototyped various functions hoping it might speed things up 569(Aug 10) 570================================================================================ 571RCS file: ./RCS/Cflow.pm,v 5722001-02-08 11:22:18-06 573revision 1.27 574initialized $total and $count because Cflow.pm would cause perl to report 575the warning "Use of uninitialized value in addition (+)" if the user's 576"wanted" function never returned non-zero. 577This was reported by "Brett L. Hawn" <brett.hawn@rcn.com> 578================================================================================ 579RCS file: ./RCS/Cflow.pm,v 5802001-02-08 11:17:57-06 581revision 1.26 582stopped using inet_ntoa since a direct unpack was found to be faster 583(I may have copied this method from Socket.pm - I don't recall.) 584(Aug 27) 585================================================================================ 586RCS file: ./RCS/Cflow.pm,v 5872000-07-31 07:48:32-05 588revision 1.25 589upped the revision number for release after modification to flowdumper 590================================================================================ 591RCS file: ./RCS/flowdumper.PL,v 5922000-07-31 07:47:27-05 593revision 1.24 594fixed a typo in an example (regarding shifting a value over by the number 595of bits in the $mask) 596 597removed the VERSION POD section - it doesn't make sense in a script 598================================================================================ 599RCS file: ./RCS/flowdumper.PL,v 6002000-07-30 17:37:12-05 601revision 1.23 602fixed some comments and added POD in preparation for release 603================================================================================ 604RCS file: ./RCS/Cflow.pm,v 6052000-07-30 17:30:11-05 606revision 1.24 607changed some comments in prep for release 608================================================================================ 609RCS file: ./RCS/flowdumper.PL,v 6102000-07-29 23:32:54-05 611revision 1.22 612imported tcpflags, icmptypes, and icmpcodes which were introduced in 613Cflow-1.023 614================================================================================ 615RCS file: ./RCS/Cflow.pm,v 6162000-07-29 23:31:56-05 617revision 1.23 618added $ICMPType and $ICMPCode flow variables to make it more convenient 619to test these 620 621added symbolic tcpflags, icmptypes, and icmpcodes variables, also as 622a convenience when testing $tcpflags, $ICMPType, and $ICMPCode 623================================================================================ 624RCS file: ./RCS/flowdumper.PL,v 6252000-07-29 22:26:13-05 626revision 1.21 627added "-r" option to produce a raw flow file as output 628(Primarily the intention of this option is to select flows to be redirected 629into a file, or perhaps piped into another command for processing of raw 630flows. It would be ideal to use for preserving a subset of the flows from 631a raw flow file into another file.) 632================================================================================ 633RCS file: ./RCS/flowdumper.PL,v 6342000-07-29 22:13:46-05 635revision 1.20 636added "-I" and "-E" options to define an initial and ending expression 637to be evaluated, in addtion to that specified with "-e". This allows 638one to use this script for more complicated tasks which require 639initialization before the flows are processed and results to be printed 640afterwards. 641================================================================================ 642RCS file: ./RCS/README,v 6432000-07-17 15:26:22-05 644revision 1.5 645updated the URL for cflowd 646================================================================================ 647RCS file: ./RCS/Cflow.pm,v 6482000-07-17 09:02:37-05 649revision 1.22 650reformatted POD a bit so that it will won't wrap on an 80-column screen 651================================================================================ 652RCS file: ./RCS/Cflow.pm,v 6532000-07-17 08:59:47-05 654revision 1.21 655added pod to document the $TCPFlags and $ICMPTypeCode variables introduced 656in an earlier revision 657================================================================================ 658RCS file: ./RCS/Cflow.pm,v 6592000-07-17 08:38:27-05 660revision 1.20 661got rid of some unnecessary white-space in $TCPFlags 662================================================================================ 663RCS file: ./RCS/flowdumper.PL,v 6642000-07-14 15:39:32-05 665revision 1.19 666changed "-s" output a bit (got rid of extra whitespace) 667 668used new $ICMPTypeCode and $TCPFlags variables introduced in Cflow-1.019 669 670added "-S" option for use with scripts or whatever that break due to the 671introduction of the new $ICMPTypeCode and $TCPFlags info in the short 672output format 673================================================================================ 674RCS file: ./RCS/Cflow.pm,v 6752000-07-14 15:30:32-05 676revision 1.19 677added symbolic $TCPFlags and ICMPTypeCode to interpret $tcp_flags and 678$dstport for TCP and ICMP, respectively 679================================================================================ 680RCS file: ./RCS/MANIFEST,v 6812000-03-16 17:25:20-06 682revision 1.3 683added "Changes" file 684================================================================================ 685RCS file: ./RCS/flowdumper.PL,v 6862000-03-16 17:12:56-06 687revision 1.18 688be sure we have Cflow 1.018 to avoid the bug with 1.017 which caused 689the time not to be printed when invoking this script with "-s" 690================================================================================ 691RCS file: ./RCS/Cflow.pm,v 6922000-03-16 17:09:23-06 693revision 1.18 694fixed a long time bug that was causing $engine_type, $engine_id, $localtime, 695$raw, $Bps, and $pps to not be exported when the user said they wanted 696to import 'flowvars' 697 698This was causing "flowdumper -s" to not print the time when used with the 699previous revision of this module. 700================================================================================ 701RCS file: ./RCS/Cflow.pm,v 7022000-03-10 17:07:18-06 703revision 1.17 704added Bps (Bytes-per-second) and pps (packets-per-second) flow variables 705 706fixed return value from find() so that it contains a proper "hit ratio" 707 708updated POD regarding "hit ratio" return value from find() 709================================================================================ 710RCS file: ./RCS/Cflow.pm,v 7111999-10-28 14:57:48-05 712revision 1.16 713fixed some typos in error messages 714 715added $Cflow::raw variable which contains the "raw" flow as read from 716the input file 717 718fixed up return value from "wanted" so that it would have the proper 719syntax even when $count or $total are zero 720 721(Sep 21) 722================================================================================ 723RCS file: ./RCS/flowdumper.PL,v 7241999-03-21 17:26:14-06 725revision 1.17 726bug fix - previously the flow would be printed when "-n" was used without 727"-e" 728================================================================================ 729RCS file: ./RCS/MANIFEST,v 7301999-03-21 17:25:48-06 731revision 1.2 732removed "flowpdu.ph" from distribution 733================================================================================ 734RCS file: ./RCS/Makefile.PL,v 7351999-03-21 17:25:24-06 736revision 1.4 737removed "flowpdu.ph" from distribution 738================================================================================ 739RCS file: ./RCS/MANIFEST,v 7401999-03-21 17:16:02-06 741revision 1.1 742Initial revision 743================================================================================ 744RCS file: ./RCS/flowdumper.PL,v 7451999-03-21 16:54:38-06 746revision 1.16 747added "-s" and "-c" options to print flows in short format and to print 748a count of # of flows "wanted" and processed, respectively. (The "-c" 749option requires Cflow 1.015.) 750 751Changed the default format to that of CAIDA's flowdump(1) that is 752distributed with cflowd. 753================================================================================ 754RCS file: ./RCS/Cflow.pm,v 7551999-03-21 16:50:25-06 756revision 1.15 757added Cflow::InetNtoA and Cflow::LocalTime packages so that I could tie 758various flow variables. This dramatically improves the performance of 759this package by deferring the calls any calls to strftime(3) and 760inet_ntoa(3) until the user refers to the resulting values. In my 761tests, this caused Cflow::find to execute in about 1/6 the time that 762it took before. 763 764had Cflow::find return a string containing a ratio of (# of wanted flows)/ 765(# of processed flows). (This depends on the wanted function returning 766a useful value indicating whether or not the given flow was "wanted" or 767not.) 768================================================================================ 769RCS file: ./RCS/Cflow.pm,v 7701999-03-20 09:51:07-06 771revision 1.14 772added index and exporter to flowvars 773(Mar 17) 774================================================================================ 775RCS file: ./RCS/Cflow.pm,v 7761999-03-17 15:13:07-06 777revision 1.13 778added $Cflow::exporter and $Cflow::exporterip variables 779================================================================================ 780RCS file: ./RCS/README,v 7811999-03-17 09:57:27-06 782revision 1.4 783updated URL and cflowd references 784================================================================================ 785RCS file: ./RCS/Cflow.pm,v 7861999-03-17 09:55:18-06 787revision 1.12 788lots of changes to understand the raw flow files produced by cflowd 2.0 789rather than cflowd 1.3b2 which was what we handled previously. 790(In this revision, the older flow file format is no longer handled.) 791================================================================================ 792RCS file: ./RCS/flowdumper.PL,v 7931999-03-16 09:49:07-06 794revision 1.15 795added "\" where appropriate 796(previously) some of the info in the usage didn't display correctly.) 797================================================================================ 798RCS file: ./RCS/Makefile.PL,v 7991998-11-23 14:26:01-06 800revision 1.3 801added PM so that "flowpdu.ph" will be installed 802================================================================================ 803RCS file: ./RCS/test.pl,v 8041998-11-23 14:24:22-06 805revision 1.1 806Initial revision 807================================================================================ 808RCS file: ./RCS/flowdumper.PL,v 8091998-11-23 14:13:49-06 810revision 1.14 811fixed up the usage info (some things needed to be "escaped") 812================================================================================ 813RCS file: ./RCS/README,v 8141998-11-23 13:59:24-06 815revision 1.3 816removed some old stuff 817================================================================================ 818RCS file: ./RCS/Makefile.PL,v 8191998-11-23 13:58:45-06 820revision 1.2 821added stuff to handle "flowdumper" script 822================================================================================ 823RCS file: ./RCS/flowdumper.PL,v 8241998-11-23 13:57:43-06 825revision 1.13 826simplified the code since we don't need to substitute and Config values 827================================================================================ 828RCS file: ./RCS/flowdumper.PL,v 8291998-11-23 13:54:29-06 830revision 1.12 831added code to produce script as output 832================================================================================ 833RCS file: ./RCS/flowdumper.PL,v 8341998-11-23 10:59:22-06 835revision 1.11 836renamed to have ".in" extension 837(the Makefile.PL script, like config.sub, will do substitutions) 838 839specified the path to perl using $Config{perlpath} 840================================================================================ 841RCS file: ./RCS/Cflow.pm,v 8421998-11-23 10:41:48-06 843revision 1.11 844fixed VERSION to work with MakeMaker's VERSION_FROM feature 845added POD 846================================================================================ 847RCS file: ./RCS/flowpdu.ph,v 8481998-11-23 10:40:58-06 849revision 1.2 850added comment about how this file was created 851================================================================================ 852RCS file: ./RCS/flowpdu.ph,v 8531998-11-23 10:39:51-06 854revision 1.1 855Initial revision 856================================================================================ 857RCS file: ./RCS/Makefile.PL,v 8581998-11-23 10:27:53-06 859revision 1.1 860Initial revision 861================================================================================ 862RCS file: ./RCS/flowdumper.PL,v 8631998-11-23 10:21:54-06 864revision 1.10 865added "-e" and "-n" options to allow query to be specified on the 866command line (similarly to what can be done with flowdump) 867================================================================================ 868RCS file: ./RCS/Cflow.pm,v 8691998-11-20 15:43:00-06 870revision 1.10 871added the handling of an optional "per-file" code ref being passed 872to "find" after the "wanted" argument 873================================================================================ 874RCS file: ./RCS/Cflow.pm,v 8751998-11-17 09:42:03-06 876revision 1.9 877added srcip, dstip, and nexthopip as a convenience so that the caller 878does not have to convert the network ordered long themselves (with 879inet_ntoa) 880================================================================================ 881RCS file: ./RCS/README,v 8821998-10-09 11:01:55-05 883revision 1.2 884fixed a typo 885================================================================================ 886RCS file: ./RCS/README,v 8871998-10-09 11:01:22-05 888revision 1.1 889Initial revision 890================================================================================ 891RCS file: ./RCS/flowdumper.PL,v 8921998-10-08 15:39:40-05 893revision 1.9 894fixed up usage info and comments a bit 895 896added RCS Id keyword 897================================================================================ 898RCS file: ./RCS/flowdumper.PL,v 8991998-10-08 15:22:07-05 900revision 1.8 901imported :flowvars and used $FindBin::Script to clean things up a bit 902================================================================================ 903RCS file: ./RCS/Cflow.pm,v 9041998-10-08 15:21:29-05 905revision 1.8 906changed the example in the POD a bit 907================================================================================ 908RCS file: ./RCS/Cflow.pm,v 9091998-10-08 14:59:47-05 910revision 1.7 911added Exporter stuff so that user can request that :flowvars be 912exported to their namespace (for convenience) 913 914added more POD 915================================================================================ 916RCS file: ./RCS/flowdumper.PL,v 9171998-10-01 13:19:06-05 918revision 1.7 919used FindBin rather than $ENV{'CFLOWDPERLDIR'} to find modules/headers 920================================================================================ 921RCS file: ./RCS/flowdumper.PL,v 9221998-10-01 13:14:17-05 923revision 1.6 924added "-v" (verbose) option 925================================================================================ 926RCS file: ./RCS/flowdumper.PL,v 9271998-09-30 15:59:18-05 928revision 1.5 929used Cflow 1.006 which has the $Cflow::localtime variable containing 930the formatted date/time 931 932added Getopts stuff and "-a" option to print all flows. 933(The printing of the flow was split out into a separate sub-routine.) 934================================================================================ 935RCS file: ./RCS/Cflow.pm,v 9361998-09-30 15:57:39-05 937revision 1.6 938fixed a misnamed reference (left over from a cut-and-paste) 939================================================================================ 940RCS file: ./RCS/Cflow.pm,v 9411998-09-30 15:55:33-05 942revision 1.5 943added $Cflow::localtime as a convenience so that the caller doesn't 944have to convert from a time_t ($Cflow::unix_secs) themselves. 945================================================================================ 946RCS file: ./RCS/flowdumper.PL,v 9471998-09-30 09:08:39-05 948revision 1.4 949pulled a bunch of code from here and organized it into "Cflow.pm". 950================================================================================ 951RCS file: ./RCS/Cflow.pm,v 9521998-09-30 09:06:00-05 953revision 1.4 954fixed a problem with the previous revisions which caused it to give up 955on the rest of the flow files as soon as it warned "Invalid flow data file." 956Now it will just move on to the next flow file. 957 958reformatted some if-elsif blocks to a more switch-like structure after 959reading the "perlsyn" man page. 960================================================================================ 961RCS file: ./RCS/Cflow.pm,v 9621998-09-30 08:29:35-05 963revision 1.3 964added verbose subroutine and only issued warnings if verbose is non-zero 965================================================================================ 966RCS file: ./RCS/Cflow.pm,v 9671998-09-28 14:23:15-05 968revision 1.2 969added pod 970 971changed text of some warnings 972================================================================================ 973RCS file: ./RCS/Cflow.pm,v 9741998-09-24 15:52:25-05 975revision 1.1 976Initial revision 977================================================================================ 978RCS file: ./RCS/flowdumper.PL,v 9791998-09-22 12:13:21-05 980revision 1.3 981used "flowpdu.ph" rather than pasting the perl version of the macros 982defined there-in right in this file 983 984checked that $index in the flow header had the right magic number. 985Previously I didn't perform this test because cflowd erroneously always 986puts 0xff in $index (even though as of this writing the correct value 987would be 31.) This validation is to be sure that someone isn't trying 988to run this util on some flow file format that it doesn't understand. 989 990added various comments, such as those describing which portions of the 991cflowd sources where use to determine the formats used here. 992================================================================================ 993RCS file: ./RCS/flowdumper.PL,v 9941998-09-18 15:41:03-05 995revision 1.2 996made some changes in an attempt to speed things up 997 998changed the validation code a bit to skip flows involving reserved ports 999and to cache TCP flows on ports 12345 and 12346 1000================================================================================ 1001RCS file: ./RCS/flowdumper.PL,v 10021998-09-17 16:57:42-05 1003revision 1.1 1004Initial revision 1005================================================================================ 1006