--- flow-tools-0.68.orig/contrib/Cflow-debian.diff +++ flow-tools-0.68/contrib/Cflow-debian.diff @@ -0,0 +1,35 @@ +This patch is needed to compile the program on stupid systems like Hurd +which lack a PATH_MAX constant. + + +--- libcflow-perl-1.051.orig/Cflow.xs ++++ libcflow-perl-1.051/Cflow.xs +@@ -41,7 +41,6 @@ + + #include /* errno, ENOENT */ + #include /* fcntl, open, O_RDONLY */ +-#include /* PATH_MAX */ + #include /* FILE, stderr, fdopen, fread, fclose, sprintf */ + #include /* strncpy, strcmp, strerror */ + #include /* size_t */ +@@ -637,8 +636,7 @@ + + for (; arg < items; arg++) { + size_t len; +- char *namep; +- char name[PATH_MAX]; ++ char *name; + FILE *fp = (FILE *)0; + int fd; + +@@ -646,9 +644,7 @@ + croak("Usage: find(CODEREF, [CODEREF], FILE [...])"); + } + +- namep = SvPV(ST(arg), len); +- strncpy(name, namep, len); +- name[len] = '\0'; ++ name = SvPV(ST(arg), len); + + if (0 == strcmp("-", name)) { + fd = STDIN_FILENO; --- flow-tools-0.68.orig/contrib/Cflow-ccflags.diff +++ flow-tools-0.68/contrib/Cflow-ccflags.diff @@ -0,0 +1,36 @@ +Description: Adds $Config{ccflags} to the build environment. + This fixes "Compilation failed in require." error at runtime + while try to load module using perl 5.14. +Author: Dominic Hargreaves +Bug-Debian: http://bugs.debian.org/660041 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/936170 + +--- Cflow-1.051/Makefile.PL.orig 2002-01-11 22:23:52.000000000 +0000 ++++ Cflow-1.051/Makefile.PL 2012-02-15 22:26:33.000000000 +0000 +@@ -3,7 +3,7 @@ + + require 5.003; # for INSTALLSCRIPT + +-# use Config; ++use Config; + use ExtUtils::MakeMaker; + # See lib/ExtUtils/MakeMaker.pm for details of how to influence + # the contents of the Makefile that is written. +@@ -49,7 +49,7 @@ + } + if ("$libdir") { + print "Found flow-tools... using \"-DOSU $incdir $libdir -lft -lz\".\n"; +- return { CCFLAGS => '-DOSU', ++ return { CCFLAGS => "-DOSU $Config{ccflags}", + INC => join(' ', $incdir), + LIBS => [ join(' ', $libdir, '-lnsl -lft -lz') ] } + } +@@ -66,7 +66,7 @@ + } + if ("$libdir") { + print "Found argus... using \"-DARGUS $incdir $dir/argus_common.a $dir/argus_parse.a\".\n"; +- return { CCFLAGS => '-DARGUS', ++ return { CCFLAGS => "-DARGUS $Config{ccflags}", + INC => join(' ', $incdir), + LIBS => [ join(' ', $libdir, '-lnsl', '-lm') ], + LDFROM => "\$(OBJECT) $dir/argus_common.a $dir/argus_parse.a" } --- flow-tools-0.68.orig/debian/copyright +++ flow-tools-0.68/debian/copyright @@ -0,0 +1,45 @@ +Debian package created by Anibal Monsalve Salazar + +It was downloaded from: +ftp://ftp.eng.oar.net/pub/flow-tools/ + +Web page on 19 December 2003: +http://www.splintered.net/sw/flow-tools/ + +Upstream Author: +Mark Fullmer + +Copyright (c) 2001 Mark Fullmer and The Ohio State University +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Upstream Author of Cflow: +Dave Plonka + +Copyright (C) 1998-2002 Dave Plonka + +You are free to distribute this software under the terms of the GNU General +Public License. On Debian systems, the complete text of the GNU General +Public License can be found in /usr/share/common-licenses/GPL file. + --- flow-tools-0.68.orig/debian/compat +++ flow-tools-0.68/debian/compat @@ -0,0 +1 @@ +4 --- flow-tools-0.68.orig/debian/control +++ flow-tools-0.68/debian/control @@ -0,0 +1,51 @@ +Source: flow-tools +Section: net +Priority: optional +Maintainer: Radu Spineanu +Uploaders: Ernesto Nadir Crespo Avila +Build-Depends: debhelper (>= 4), zlib1g-dev (>= 1.0.2), flex, bison, libwrap0-dev, libmysqlclient15-dev | libmysqlclient-dev, dpatch, libpq-dev, docbook-to-man +Standards-Version: 3.7.3 + +Package: flow-tools +Architecture: any +Depends: ${shlibs:Depends}, python +Suggests: fprobe +Homepage: http://www.splintered.net/sw/flow-tools/ +Description: collects and processes NetFlow data + Flow-tools is library and a collection of programs used to collect, + send, process, and generate reports from NetFlow data. The tools can be + used together on a single server or distributed to multiple servers for + large deployments. The flow-tools library provides an API for + development of custom applications for NetFlow export versions 1,5,6 and + the 14 currently defined version 8 subversions. A Perl and Python + interface have been contributed and are included in the package. + . + A NetFlow is network traffic information exported (via UDP) to an external + machine. The external machine processes such information to produce network + traffic accounting, network billing, network monitoring, etc. + +Package: flow-tools-dev +Architecture: any +Section: libdevel +Depends: flow-tools (= ${binary:Version}), libc6-dev | libc-dev +Homepage: http://www.splintered.net/sw/flow-tools/ +Description: development files for flow-tools + Flow-tools is library and a collection of programs used to collect, + send, process, and generate reports from NetFlow data. The tools can be + used together on a single server or distributed to multiple servers for + large deployments. The flow-tools library provides an API for + development of custom applications for NetFlow export versions 1,5,6 and + the 14 currently defined version 8 subversions. A Perl and Python + interface have been contributed and are included in the package. + . + This package contains the flow-tools libraries and headers. + +Package: libcflow-perl +Section: perl +Architecture: any +Depends: ${shlibs:Depends}, ${perl:Depends} +Recommends: libnet-patricia-perl +Homepage: http://www.splintered.net/sw/flow-tools/ +Description: perl module for analyzing raw IP flow files written by cflowd + This Perl module implements an API for analyzing flows in raw IP flow files + written by cflowd, a package used to collect Cisco NetFlow data. --- flow-tools-0.68.orig/debian/rules +++ flow-tools-0.68/debian/rules @@ -0,0 +1,104 @@ +#!/usr/bin/make -f +# Copyright 2003-2005 Anibal Monsalve Salazar + +export DH_VERBOSE=1 + +CURDIR := $(shell pwd) +D := $(CURDIR)/debian/flow-tools +DCF := $(CURDIR)/debian/libcflow-perl +CF := contrib/Cflow-1.051 +DEV := $(CURDIR)/debian/flow-tools-dev + +CFLAGS := -g -Wall +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +CCFLAGS := -g +# Include dpatch +include /usr/share/dpatch/dpatch.make + + +ifndef PERL +PERL := /usr/bin/perl +endif + + +clean: clean1 unpatch + +clean1: + dh_testroot + dh_testdir + dh_clean + rm -rf configure-stamp build-stamp confdefs.h $(CF) + [ ! -f Makefile ] || $(MAKE) distclean + +unpack-cflow: $(CF)/Cflow.xs +$(CF)/Cflow.xs: contrib/Cflow-1.051.tar.gz + cd contrib/ && tar xzmf Cflow-1.051.tar.gz + cd $(CF) && patch -p1 < ../Cflow-debian.diff + cd $(CF) && patch -p1 < ../Cflow-ccflags.diff + +configure: config-stamp +configure-stamp: $(CF)/Cflow.xs + dh_testdir + ./configure --prefix=/usr --exec-prefix=\$${prefix} \ + --mandir=\$${prefix}/share/man --sysconfdir=/etc/flow-tools \ + --localstatedir=/etc/flow-tools \ + --with-mysql --with-pgsql CFLAGS="$(CFLAGS)" + cd $(CF) && $(PERL) Makefile.PL INSTALLDIRS=vendor + touch $@ + +build: patch build-stamp +build-stamp: configure-stamp + dh_testdir + $(MAKE) + cd $(CF) && $(PERL) Makefile.PL INSTALLDIRS=vendor + cd $(CF) && $(MAKE) OPTIMIZE="$(CFLAGS)" + touch $@ + +install: build + dh_testroot + dh_testdir + dh_clean + + $(MAKE) install DESTDIR=$D + +# rm -rf $D/usr/lib/ $D/usr/include/ + mkdir -p $(DEV)/usr/ + mv $D/usr/lib/ $(DEV)/usr/ + mv $D/usr/include/ $(DEV)/usr/ + + cd $(CF) && $(MAKE) install DESTDIR=$(DCF) PREFIX=/usr + + # As this is an architecture dependent package, we are not supposed + # to install stuff to /usr/share/perl5. MakeMaker creates the + # directories, we delete them from the deb. + [ ! -d $(DCF)/usr/share/perl5 ] || rmdir --ignore-fail-on-non-empty --parents --verbose $(DCF)/usr/share/perl5 + + cp debian/flow-capture.conf $D/etc/flow-tools/ + +binary-arch: install + dh_installinit --name=flow-capture + dh_installdocs --package=flow-tools SECURITY TODO + dh_installdocs --package=flow-tools-dev + dh_installdocs --package=libcflow-perl $(CF)/README + dh_installchangelogs --package=flow-tools ChangeLog + dh_installchangelogs --package=flow-tools-dev ChangeLog + dh_installchangelogs --package=libcflow-perl $(CF)/Changes +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + dh_strip +endif + dh_compress + dh_fixperms + dh_perl + dh_shlibdeps + dh_gencontrol + dh_installdeb + dh_builddeb + +binary: binary-arch + +.PHONY: clean build install binary-indep binary-arch binary patch unpatch --- flow-tools-0.68.orig/debian/README.Debian +++ flow-tools-0.68/debian/README.Debian @@ -0,0 +1,171 @@ +README +====== + +flow-tools is a set of programs for processing and managing NetFlow exports +from Cisco and Juniper routers. The software was originally written by +Mark Fullmer while working at Ohio State University. Steve Romig and the +OSU network security group have added documentation, functionality, and +provided feedback. OARnet and the Ohio ITEC have recently funded my +time to add version 8 PDU support and various other features. + +If you are using flow-tools please subscribe to the mailing list by +sending a message to flow-tools-request@splintered.net + +flow-tools is currently available at http://www.splintered.net/sw/flow-tools + +Mark Fullmer +maf@splintered.net + + +Flow-capture configuration +-------------------------- + +The flow capturing utility of flow-tools, flow-capture, needs some +configuration in /etc/flow-tools/flow-capture.conf. I cannot at this moment +guess what you want in there, so you will have to edit that file manually. +Comments in the file will help you on your way. + +After editing /etc/flow-tools/flow-capture.conf you can start +receiving flows by running '/etc/init.d/flow-capture start'. + +You may also need to edit the files in /etc/flow-tools/{cfg,sym}. + + +CONFIGURING THE ROUTER +---------------------------- + +! enable cef +ip cef +ip cef distributed + +!Turn on flow accounting for each input interface with the interface command + +interface Fddi3/0 + ip route-cache flow + +interface atm3/0/0 + ip route-cache flow + +... + +Verify the router is generating flow stats with the command +'show ip cache flow'. Note that for routers with distributed switching +(GSR's, 75XX's) the RP cli will only show flows that made it up to the RP. +To see flows on the individual linecards use the 'attach' or 'if-con' command +and issue the 'sh ip ca fl' on each LC. + +IP packet size distribution (36242M total packets): + 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 + .002 .340 .084 .021 .020 .012 .009 .009 .008 .007 .006 .007 .004 .003 .004 + + 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 + .002 .004 .035 .077 .338 .000 .000 .000 .000 .000 .000 + +IP Flow Switching Cache, 4456704 bytes + 4139 active, 61397 inactive, 712344771 added + 871670181 ager polls, 0 flow alloc failures + last clearing of statistics never +Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) +-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow +TCP-Telnet 1572735 0.3 58 127 21.4 27.0 14.8 +TCP-FTP 6193502 1.4 24 746 35.3 3.6 9.0 +TCP-FTPD 1458042 0.3 1534 833 520.9 42.4 4.2 +TCP-WWW 93403998 21.7 19 633 432.9 4.9 6.3 +TCP-SMTP 16123540 3.7 15 431 59.1 3.4 6.4 +TCP-X 687228 0.1 238 276 38.1 20.8 14.3 +TCP-BGP 1116819 0.2 3 45 0.7 5.3 16.0 +TCP-NNTP 1455156 0.3 1102 176 373.4 106.1 11.9 +TCP-Frag 3244 0.0 4 636 0.0 2.8 16.3 +TCP-other 188162587 43.8 118 733 5204.5 11.1 6.9 +UDP-DNS 38042100 8.8 3 84 27.3 3.8 16.4 +UDP-NTP 18760129 4.3 1 76 5.3 1.3 16.3 +UDP-TFTP 665 0.0 4 76 0.0 7.9 16.4 +UDP-Frag 13111 0.0 2121 1108 6.4 366.8 13.5 +UDP-other 195556237 45.5 35 343 1632.5 5.8 16.3 +ICMP 149285440 34.7 2 64 72.9 0.9 16.5 +IGMP 15315 0.0 167 32 0.5 1660.6 3.9 +IPINIP 15112 0.0 35 52 0.1 275.3 14.2 +GRE 127489 0.0 3 109 0.1 16.9 16.1 +IP-other 348604 0.0 56 447 4.5 21.5 16.2 +Total: 712341053 165.8 50 620 8436.8 6.2 12.2 + +SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts +AT4/0.1 128.146.225.194 AT1/0.2 128.194.203.23 06 0019 2CAF 15 +AT2/0.10 129.22.250.148 AT1/0.2 129.2.226.43 06 04BA 1A20 1266 +AT2/0.11 130.108.110.48 AT1/0.2 170.140.89.100 06 0923 10A3 436 +AT1/0.2 170.140.89.100 AT2/0.11 130.108.110.48 06 10A3 0923 462 + + +! Enable the exports of flows with the global commands + ip flow-export version 5 origin-as + ip flow-export 10.0.0.1 9990 + +! Enable the AS aggregation cache and export the aggregated flows to +! 10.0.0.1 port 9991 +ip flow-aggregation cache as + export destination 10.0.0.1 9991 + enabled + +! Create a loopback interface if one does not exist +! +interface Loopback0 + ip address 10.1.1.1 255.255.255.255 + +! +! Configure NetFlow export source address +! +ip flow-export source Loopback0 + + +If you have tcpdump installed on or near the host you're using to capture +flows, the exports can be verified. + +shattered:~% tcpdump -n udp port 9991 +tcpdump: listening on le0 +12:11:29.953100 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.962551 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.975115 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.984444 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.993956 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.003252 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.015483 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.024852 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.034182 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.043545 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.053239 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 + +flow-receive can be used to verify your host is receiving flows: + + ./flow-receive 0/0/9990 | ./flow-print + or + ./flow-receive 0/0/9991 | ./flow-print + +% ./flow-receive 0/0/9990 | ./flow-print | head -10 +Sif SrcIPaddress Dif DstIPaddress Pr SrcP DstP Pkts Octets +60 206.204.84.9 00 10.0.135.63 06 15 5f0 2 88 +00 10.0.135.63 60 206.204.84.9 06 5f0 15 16 787 +60 206.204.84.9 00 10.0.135.63 06 15 5f0 13 1742 +00 10.0.155.25 60 204.62.245.167 06 50 bae5 15 948 +60 204.62.245.167 00 10.0.155.25 06 bae5 50 13 681 +60 206.204.84.20 00 10.0.135.63 06 50 5ed 7 3494 +60 206.204.84.20 00 10.0.135.63 06 50 5ef 6 401 +60 206.204.84.20 00 10.0.135.63 06 50 5eb 11 9413 +00 10.0.135.63 60 206.204.84.20 06 5ed 50 9 637 + +To store the flow exports on disk, use flow capture. The following will +store 15 minute compressed exports in /netflow/oar/krc3.v5 and begin +removing the oldest files after 3Gig of storage has been used. + +mkdir -p /var/netflow/oar/krc3.v5 +./flow-capture -w /var/netflow/oar/krc3.v5 -E3G 0/10.1.1.1/9990 + +The completed exports will begin with 'ft'. The current export file will +begin with 'tmp'. The 'ft' files can now be used with the other tools, ie + +./flow-print < /var/netflow/oar/krc3.v8.1/ft-v08m01.2001-02-09.111502 + +flow-cat, flow-stat, and flow-filter can be combined to produce various +reports such as total bytes in the export period, source/destination +matrixes, per interface totals, etc. + + --- flow-tools-0.68.orig/debian/changelog +++ flow-tools-0.68/debian/changelog @@ -0,0 +1,249 @@ +flow-tools (1:0.68-12.1) unstable; urgency=low + + * Non-maintainer upload. + * Added patch to fix error loading module with perl 5.14 + (closes: 660041, LP: #936170). + + -- Leo Iannacone Tue, 21 Feb 2012 00:35:51 +0100 + +flow-tools (1:0.68-12) unstable; urgency=low + + * Added a patch so that flow-send compiled with gcc4 won't fail + sending flows. (closes: #426244) + * Lintian warnings: + + Fixed "-$(MAKE) distclean" warning. + + Modified the comments in the patches to start with DP:. + + Moved Homepage header from the extended description to a regular + field. + * Bumped Standards Version. + * Nothing to Acknowledge for the NMU, bugs where closed. + Thanks Marc. + + -- Radu Spineanu Tue, 03 Jun 2008 17:31:56 +0300 + +flow-tools (1:0.68-11.1) unstable; urgency=low + + * Non-maintainer upload. + * debian/rules: + + Use dh_perl to generate the needed perlapi dep (Closes: #463085) + + Don't fail when perl is smart enough to not create an empty + /usr/share/perl5 (Closes: #467045) + * flow-tools.flow-capture.init: Don't try to stop in runlevel S. (Closes: + #471098) + * debian/control: Replace deprecated Source-Version substvar by + binary:Version (which does the same) + + -- Marc 'HE' Brockschmidt Thu, 27 Mar 2008 16:04:35 +0100 + +flow-tools (1:0.68-11) unstable; urgency=low + + * Fixed restarting in the flow-capture init script. + (closes: #406631) + * (flow-capture) Write the pid file only after a successful + bind to the socket so it doesn't interfere with an already + running process. (closes: #413346) + + -- Radu Spineanu Mon, 16 Apr 2007 15:53:17 +0300 + +flow-tools (1:0.68-10) unstable; urgency=low + + * Fixes ip-destination-address/source-tag report. + Big thanks to Ilya Anfimov for the patch. (closes: #375976) + * Fix a spelling mistake in the package description. + (closes: #363416) + * Removed an extra zlib1g-dev build dependency. + * Added a LSB keyword function to the init script. + * Updated Standards Version. + + -- Radu Spineanu Fri, 17 Nov 2006 01:24:15 +0200 + +flow-tools (1:0.68-9+b2) unstable; urgency=low + + * Binary-only non-maintainer upload for i386; no source changes. + * Rebuild it again, actually linking to the correct library. + + -- Radu Spineanu Mon, 29 May 2006 18:29:30 +0300 + +flow-tools (1:0.68-9+b1) unstable; urgency=low + + * Binary-only non-maintainer upload for i386; no source changes. + * Rebuild against libmysqlclient15off (closes: #366749) + + -- Radu Spineanu Thu, 11 May 2006 02:17:01 +0300 + +flow-tools (1:0.68-9) unstable; urgency=low + + * Updated libmysqlclient depedency (closes: #343780) + + -- Radu Spineanu Mon, 16 Jan 2006 15:54:15 +0200 + +flow-tools (1:0.68-8) unstable; urgency=low + + * Postgresql fixes in flow-export + * Clarifies the -m argument in the flow-export manpage + and fixes an example given for it (closes: #340493) + * New maintainers address + + -- Radu Spineanu Mon, 28 Nov 2005 23:07:55 +0200 + +flow-tools (1:0.68-7) unstable; urgency=low + + * And another amd64 fix, incorrect print of capture times in + flow-print and flow-report. Thanks to Oleg Milaenko . + (closes: #330951) + + -- Radu Spineanu Tue, 1 Nov 2005 14:37:54 +0200 + +flow-tools (1:0.68-6) unstable; urgency=low + + * Another amd64 fix, incorrect print of capture times in flow-header. + Thanks to Oleg Milaenko . (closes: #330163) + + -- Radu Spineanu Tue, 27 Sep 2005 17:42:10 +0300 + +flow-tools (1:0.68-5) unstable; urgency=low + + * Actually fix building of cflow-perl with flow-tools support + (closes: #327367, #163227, #239744) + * Build libft with -fPIC to link cflow-perl correctly + (thanks to Matt Zimmerman for the help) + * Fixed a minor error in the flow-nfilter manpage (closes: #327713) + + -- Radu Spineanu Sun, 11 Sep 2005 15:45:04 +0300 + +flow-tools (1:0.68-4) unstable; urgency=low + + * Fixes directory creation problem on amd64 (closes: #320998) + Thanks to Kurt Roeckx for the patch + + -- Radu Spineanu Fri, 12 Aug 2005 16:33:26 +0300 + +flow-tools (1:0.68-3) unstable; urgency=low + + * Change build-dep from postgresql-dev to libpq-dev and + modified the old pgsql patch to use pg_config (closes: #319564) + * Policy bumped to 3.6.2, no changes. + + -- Radu Spineanu Sat, 23 Jul 2005 13:55:12 +0300 + +flow-tools (1:0.68-2) unstable; urgency=low + + * Fixed a bashism in init script (closes: #311568) + + -- Radu Spineanu Thu, 2 Jun 2005 20:12:57 +0300 + +flow-tools (1:0.68-1) unstable; urgency=low + + * New upstream release + + (closes: #217211) should link dynamically to it's own library + * Removed stager patch since it was included upstream + * Added build-dependency to docbook-to-man + * flow-tools now depends on python + + -- Radu Spineanu Wed, 25 May 2005 14:48:24 +0300 + +flow-tools (1:0.67-9) unstable; urgency=low + + * New development package that contains flow-tools libraries and headers + (closes: #291214) + * Added patch to properly build with modified sgmls (closes: #300992) + * Changed maintainer to Radu Spineanu and removed Anibal Monsalve Salazar on + his request + + -- Radu Spineanu Sat, 30 Apr 2005 15:22:23 +0300 + +flow-tools (1:0.67-8) unstable; urgency=low + + * Changed build-depends to libmysqlclient12-dev (closes: #299177) + + -- Radu Spineanu Sat, 12 Mar 2005 12:16:25 +0200 + +flow-tools (1:0.67-7) unstable; urgency=low + + * New co-maintainers + * Added patch that enables flow-tools to build on amd64 with gcc4 + (thanks to Andreas Jochens) (closes: #285948) + * Added postgresql support to flow-export (thanks to Chris Stromsoe) + (closes: #244161, #245097) + * Included a patch that enables filtering based on exporter address in flow-filter. + This patch is needed by Stager (closes: #278858) + * Changed the init script to properly shutdown flow-capture + + -- Radu Spineanu Fri, 25 Feb 2005 17:36:58 +0200 + +flow-tools (1:0.67-6) unstable; urgency=low + + * FTBFS with gcc-3.4: label at end of compound statement (Closes: #258842). + Patch provided by Andreas Jochens + + -- Anibal Monsalve Salazar Sun, 12 Sep 2004 22:53:46 +1000 + +flow-tools (1:0.67-5) unstable; urgency=low + + * Now this source package generates the libcflow-perl package too. + This allows it to have flow-tools support. (Closes: #163227) + * Added an epoch to have a version number more recent than the last + standalone libcflow-perl package. + * Removed the remaining traces of debconf. + * Do not provide a reload function in the init script, because it's + not supported by the program. + * Ported the packaging to debhelper, cleaned up debian/rules. + * Really use the $CFLAGS value set in debian/rules. + * Do not install another copy of the config files in the examples directory. + + -- Marco d'Itri Thu, 9 Sep 2004 00:58:53 +0200 + +flow-tools (0.67-4) unstable; urgency=low + + * Flow collector daemon is not restarted on package upgrade (closes: #234266). + Changed debian/postinst. + * Please drop debconf note (closes: #234858). + Created README.Debian using parts from the debconf note and the original README and INSTALL files. + Removed debconf note. + + -- Anibal Monsalve Salazar Sat, 13 Mar 2004 09:23:13 +1100 + +flow-tools (0.67-3) unstable; urgency=low + + * prerm script pukes; error with init script (closes: #233479). + Fixed syntax error when /etc/init.d/flow-capture is run under /bin/dash. + + -- Anibal Monsalve Salazar Sat, 21 Feb 2004 19:24:20 +1100 + +flow-tools (0.67-2) unstable; urgency=low + + * Problem with initscript: /etc/init.d/flow-capture (closes: #224703). + Patch provided by Andrzej Oszer . + * Please finish the switch to gettext-based debconf templates (closes: #233112). + Patch provided by Martin Quinson . + + -- Anibal Monsalve Salazar Tue, 17 Feb 2004 12:50:24 +1100 + +flow-tools (0.67-1) unstable; urgency=low + + * Should link dynamically to its own library (closes: #217211). + Patch provided by Oliver Kurth . + + -- Anibal Monsalve Salazar Fri, 19 Dec 2003 23:20:16 +1100 + +flow-tools (0.66-3) unstable; urgency=low + + * Added "Build-Depends: po-debconf" (closes: #220524). + + -- Anibal Monsalve Salazar Thu, 13 Nov 2003 19:43:30 +1100 + +flow-tools (0.66-2) unstable; urgency=low + + * Added support for mysql (closes: #202371). + * Added /etc/init.d/flow-capture and /etc/flow-tools/flow-capture.conf (closes: #202372). + Example configuration files are already in /usr/share/doc/flow-tools/examples/ + * Description includes an idea of what a NetFlow is (closes: #202584). + * Changed localstatedir from /var to /etc/flow-tools (closes: #203383). + + -- Anibal Monsalve Salazar Sat, 25 Oct 2003 00:46:15 +1000 + +flow-tools (0.66-1) unstable; urgency=low + + * Initial Release (closes: #197217) + + -- Anibal Monsalve Salazar Tue, 17 Jun 2003 07:46:52 +1000 --- flow-tools-0.68.orig/debian/flow-tools.flow-capture.init +++ flow-tools-0.68/debian/flow-tools.flow-capture.init @@ -0,0 +1,67 @@ +#!/bin/sh -e +# +# flow-capture Captures flow PDU's from a Cisco router. +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by +# Ian Murdock and +# Anibal Monsalve Salazar + +### BEGIN INIT INFO +# Provides: flow-capture +# Required-Start: $local_fs $remote_fs $syslog $network $time +# Required-Stop: $local_fs $remote_fs $syslog $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: collects NetFlow data +### END INIT INFO + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/flow-capture +CONFIG=/etc/flow-tools/flow-capture.conf +NAME=flow-capture +DESC=flow-capture + +test -f $DAEMON || exit 0 +test -f $CONFIG || exit 0 + +case "$1" in + start) + pid=`pidof $DAEMON` || true + + if [ "$pid" ]; then + echo "Sorry, flow-capture is already running." + exit 0 + fi + + IFS=' +' + lines=`grep -E " |\t" /etc/flow-tools/flow-capture.conf | grep -v "^#"` + echo -n "Starting $DESC: " + for args in $lines; do + IFS=' ' + $DAEMON ${args} + done + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + pid=`pidof $DAEMON` || true + if [ "$pid" ]; then + kill -TERM $pid >/dev/null 2>&1 + fi + echo "$NAME." + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- flow-tools-0.68.orig/debian/flow-capture.conf +++ flow-tools-0.68/debian/flow-capture.conf @@ -0,0 +1,25 @@ +# Configuration for flow-capture +# +# Robin Elfrink +# +# Every line is basically just the options to flow-capture, see +# flow-capture(1) for explanation. + + +# Example 1: +# Capture flows from router at 10.1.1.10, listening at port 3000. +# Store flows in /var/flow/myrouter. +-w /var/flow/myrouter 0/10.1.1.10/3000 + + +# Example 2: +# Capture flows from router at 10.3.2.6, listening at port 3002. +# Store flows in /var/flow/mysecondrouter. Rotate files every +# 5 minutes. +-w /var/flow/mysecondrouter -n 275 0/10.3.2.6/3002 + +# Example 3: +# Same as above, but only listen at address 10.3.2.5, and store +# files under 'YYYY/YYYY-MM/YYYY-MM-DD' directories. +-w /var/flow/mysecondrouter -n 275 -N 3 10.3.2.5/10.3.2.6/3002 + --- flow-tools-0.68.orig/debian/patches/04_docbook +++ flow-tools-0.68/debian/patches/04_docbook @@ -0,0 +1,56 @@ +#! /bin/sh -e +## 04_docbook done by Paul Hampson +## DP: build system: Fix paths for jade rebuilding documentation. + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68/docs/Makefile.am flow-tools-0.68.new/docs/Makefile.am +--- flow-tools-0.68/docs/Makefile.am 2005-05-11 03:26:20.000000000 +0300 ++++ flow-tools-0.68.new/docs/Makefile.am 2005-05-25 14:54:16.993086480 +0300 +@@ -19,10 +19,10 @@ + docbook-to-man $*.sgml > $*.1.in + + .sgml.html: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html + + .sgml.html.in: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in + + all-am: Makefile $(man_MANSIN) $(man_HTMLS) + +diff -Naur flow-tools-0.68/docs/Makefile.in flow-tools-0.68.new/docs/Makefile.in +--- flow-tools-0.68/docs/Makefile.in 2005-05-11 17:20:18.000000000 +0300 ++++ flow-tools-0.68.new/docs/Makefile.in 2005-05-25 14:54:40.286545336 +0300 +@@ -340,10 +340,10 @@ + docbook-to-man $*.sgml > $*.1.in + + .sgml.html: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html + + .sgml.html.in: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in + + all-am: Makefile $(man_MANSIN) $(man_HTMLS) + # Tell versions [3.59,3.63) of GNU make to not export all variables. --- flow-tools-0.68.orig/debian/patches/14_flow_send_gcc4 +++ flow-tools-0.68/debian/patches/14_flow_send_gcc4 @@ -0,0 +1,36 @@ +#! /bin/sh -e +## 14_flow_send_gcc4 done by Radu Spineanu +## DP: Make sure flow-send works when compiled with gcc4 + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools.old/src/flow-send.c flow-tools/src/flow-send.c +--- flow-tools.old/src/flow-send.c 2007-05-27 17:04:37.687107392 +0300 ++++ flow-tools/src/flow-send.c 2007-05-27 17:04:51.943998396 +0300 +@@ -76,7 +76,7 @@ + u_int32 privacy_mask; + unsigned int v1, v2, one; + int i, n, ret, tx_delay, udp_sock; +- int src_ip_spoof, hdr_len; ++ int src_ip_spoof, hdr_len = 0; + void *rec; + + /* init fterr */ --- flow-tools-0.68.orig/debian/patches/06_time_t +++ flow-tools-0.68/debian/patches/06_time_t @@ -0,0 +1,76 @@ +#! /bin/sh -e +## 06_time_t done by Kurt Roeckx +## DP: Fixes directory creation problem on amd64 + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +--- flow-tools-0.68/lib/ftfile.c.old 2005-08-06 16:01:18.228015904 +0200 ++++ flow-tools-0.68/lib/ftfile.c 2005-08-06 16:04:55.087048320 +0200 +@@ -410,7 +410,7 @@ + * + */ + void ftfile_pathname(char *buf, int bsize, int nest, struct ftver ftv, +- int done, u_int32 ftime) ++ int done, time_t ftime) + { + struct tm *tm; + char *prefix, dbuf[64]; +@@ -418,7 +418,7 @@ + char gmt_sign; + int tm_gmtoff; + +- if (!(tm = localtime ((time_t*)&ftime))) { ++ if (!(tm = localtime (&ftime))) { + snprintf(buf, bsize, "."); + } + +@@ -499,7 +499,7 @@ + * returns -1 on error + * + */ +-int ftfile_mkpath(u_int32 ftime, int nest) ++int ftfile_mkpath(time_t ftime, int nest) + { + struct tm *tm; + char buf[32]; +@@ -512,7 +512,7 @@ + if ((nest > 3) || (nest < -3)) + return -1; + +- if (!(tm = localtime ((time_t*)&ftime))) ++ if (!(tm = localtime (&ftime))) + return -1; + + if (nest == -1) +--- flow-tools-0.68/lib/ftlib.h.old 2005-08-06 16:06:19.836164496 +0200 ++++ flow-tools-0.68/lib/ftlib.h 2005-08-06 16:05:47.261116656 +0200 +@@ -2710,9 +2710,9 @@ + int ftfile_dump(struct ftfile_entries *fte); + struct ftfile_entry *ftfile_entry_new(int len); + void ftfile_entry_free(struct ftfile_entry *entry); +-int ftfile_mkpath(u_int32 ftime, int nest); ++int ftfile_mkpath(time_t ftime, int nest); + void ftfile_pathname(char *buf, int bsize, int nest, struct ftver ftv, +- int done, u_int32 ftime); ++ int done, time_t ftime); + + + --- flow-tools-0.68.orig/debian/patches/05_python +++ flow-tools-0.68/debian/patches/05_python @@ -0,0 +1,51 @@ +#! /bin/sh -e +## 05_python done by Radu Spineanu +## DP: Change python path from /usr/local/bin to /usr/bin + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68/bin/flow-log2rrd flow-tools-0.68.new/bin/flow-log2rrd +--- flow-tools-0.68.old/bin/flow-log2rrd 2005-05-25 15:44:00.079588400 +0300 ++++ flow-tools-0.68/bin/flow-log2rrd 2005-05-10 19:53:16.000000000 +0300 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python + + import getopt + import os +diff -Naur flow-tools-0.68/bin/flow-rpt2rrd flow-tools-0.68.new/bin/flow-rpt2rrd +--- flow-tools-0.68.old/bin/flow-rpt2rrd 2005-05-25 15:44:04.449924008 +0300 ++++ flow-tools-0.68/bin/flow-rpt2rrd 2005-05-11 03:11:29.000000000 +0300 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python + + import getopt + import os +diff -Naur flow-tools-0.68/bin/flow-rptfmt flow-tools-0.68.new/bin/flow-rptfmt +--- flow-tools-0.68.old/bin/flow-rptfmt 2005-05-25 15:44:09.680128896 +0300 ++++ flow-tools-0.68/bin/flow-rptfmt 2005-05-11 15:38:37.000000000 +0300 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python + + import sys + import string --- flow-tools-0.68.orig/debian/patches/08_nfilter_doc +++ flow-tools-0.68/debian/patches/08_nfilter_doc @@ -0,0 +1,36 @@ +#! /bin/sh -e +## 08_nfilter_doc done by Radu Spineanu +## DP: Fixes a small error in the manpage + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur ft-old/docs/flow-nfilter.1.in flow-tools-0.68/docs/flow-nfilter.1.in +--- ft-old/docs/flow-nfilter.1.in 2004-01-02 23:26:22.000000000 +0200 ++++ flow-tools-0.68/docs/flow-nfilter.1.in 2005-09-14 22:37:31.584703632 +0300 +@@ -66,7 +66,7 @@ + using the selected primitives\&. A definition may contain the invert + command which will invert the result of the evaluation\&. + .PP +-Words in the configuration file of the form @VAR or @{VAR:default} will be ++Words in the configuration file of the form @VAR or @{VAR:-default} will be + expanded at run-time by setting variable names with the -v option\&. + .PP + Filter primitives begin with the filter-primitive keyword followed by --- flow-tools-0.68.orig/debian/patches/07_libft_PIC +++ flow-tools-0.68/debian/patches/07_libft_PIC @@ -0,0 +1,36 @@ +#! /bin/sh -e +## 07_libft_PIC done by Radu Spineanu +## DP: Compiles libft with -fPIC to work ok with libcflow-perl + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur ft-old/lib/Makefile.in flow-tools-0.68/lib/Makefile.in +--- ft-old/lib/Makefile.in 2005-05-11 17:16:15.000000000 +0300 ++++ flow-tools-0.68/lib/Makefile.in 2005-09-14 22:25:31.476176768 +0300 +@@ -91,7 +91,7 @@ + + #AM_CFLAGS=-g -Wall -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs + #AM_CFLAGS=-O2 +-AM_CFLAGS = -g -Wall ++AM_CFLAGS = -g -Wall -fPIC + + DEFS = -I. -I$(srcdir)/lib + --- flow-tools-0.68.orig/debian/patches/09_ftio_amd64 +++ flow-tools-0.68/debian/patches/09_ftio_amd64 @@ -0,0 +1,197 @@ +#! /bin/sh -e +## 09_ftio_amd64 done by Oleg Milaenko +## DP: Fixes incorrect print of time in flow-header + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -Naur ft-old/lib/ftio.c flow-tools-0.68/lib/ftio.c +--- ft-old/lib/ftio.c 2003-02-24 02:51:47.000000000 +0200 ++++ flow-tools-0.68/lib/ftio.c 2005-09-27 17:40:52.962355776 +0300 +@@ -1605,6 +1605,7 @@ + u_int32 flags, fields; + u_long period; + int n, streaming2; ++ time_t t; + + fth = &ftio->fth; + +@@ -1639,17 +1640,21 @@ + } + + if (!streaming2) +- if (fields & FT_FIELD_CAP_START) ++ if (fields & FT_FIELD_CAP_START) { ++ t = fth->cap_start; + fprintf(std, "%c capture start: %s", cc, +- ctime((time_t*)&fth->cap_start)); ++ ctime(&t)); ++ } + + if (!streaming2) { + + if ((flags & FT_HEADER_FLAG_DONE) || (flags & FT_HEADER_FLAG_PRELOADED)) { + +- if (fields & FT_FIELD_CAP_END) ++ if (fields & FT_FIELD_CAP_END) { ++ t = fth->cap_end; + fprintf(std, "%c capture end: %s", cc, +- ctime((time_t*)&fth->cap_end)); ++ ctime(&t)); ++ } + + period = fth->cap_end - fth->cap_start; + if ((fields & FT_FIELD_CAP_END) && (fields & FT_FIELD_CAP_START)) +--- flow-tools-0.68.orig/src/flow-print.c ++++ flow-tools-0.68/src/flow-print.c +@@ -298,6 +298,7 @@ + u_long bpp; + char fmt_buf1[64], fmt_buf2[64]; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -351,14 +352,16 @@ + (u_long)*cur.dPkts, (u_long)*cur.dOctets); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf(" %-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, + (int)tm->tm_min, (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + active_secs = (*cur.Last - *cur.First) / 1000; + active_msecs = (*cur.Last - *cur.First) % 1000; +@@ -398,6 +401,7 @@ + u_long active_secs, active_msecs; + u_long bpp; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -465,14 +469,16 @@ + (u_long)*cur.dPkts, (u_long)*cur.dOctets); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf(" %-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, (int)tm->tm_min, + (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + active_secs = (*cur.Last - *cur.First) / 1000; + active_msecs = (*cur.Last - *cur.First) % 1000; +@@ -675,6 +681,7 @@ + struct ftver ftv; + char fmt_buf1[64], fmt_buf2[64]; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -711,14 +718,16 @@ + cur.tcp_flags = ((u_int8*)(rec+fo.tcp_flags)); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf("%-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, + (int)tm->tm_min, (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf("%-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, +@@ -2173,6 +2182,7 @@ + u_long bpp; + char fmt_buf1[64], fmt_buf2[64], fmt_buf3[64], fmt_buf4[64], fmt_buf5[64], fmt_buf6[64]; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -2239,14 +2249,16 @@ + (u_long)*cur.dPkts, (u_long)*cur.dOctets); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf(" %-4.4d-%-2.2d-%-2.2d %-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_year+1900, (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, + (int)tm->tm_min, (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + active_secs = (*cur.Last - *cur.First) / 1000; + active_msecs = (*cur.Last - *cur.First) % 1000; +--- flow-tools-0.68.orig/lib/ftstat.c ++++ flow-tools-0.68/lib/ftstat.c +@@ -12363,7 +12363,7 @@ + { + int comma, sort_field; + char *buf, fmt_buf[32]; +- time_t now; ++ time_t now, time_flow; + + /* shortcut */ + if (!(rpt->out->options & FT_STAT_OPT_HEADER)) +@@ -12619,11 +12619,13 @@ + fprintf(fp, "# records_shown: %s\n", fmt_buf); + } + ++ time_flow = rpt->time_start; + fprintf(fp, "# first-flow: %lu %s", +- (unsigned long)rpt->time_start, ctime((time_t*)&rpt->time_start)); ++ (unsigned long)rpt->time_start, ctime(&time_flow)); + ++ time_flow = rpt->time_end; + fprintf(fp, "# last-flow: %lu %s", +- (unsigned long)rpt->time_end, ctime((time_t*)&rpt->time_end)); ++ (unsigned long)rpt->time_end, ctime(&time_flow)); + + now = time((time_t*)0L); + --- flow-tools-0.68.orig/debian/patches/13_pid_file +++ flow-tools-0.68/debian/patches/13_pid_file @@ -0,0 +1,50 @@ +#! /bin/sh -e +## 12_pid_file done by Radu Spineanu +## DP: Write the pid file only after binding the socket (#413346) + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68.old/src/flow-capture.c flow-tools-0.68/src/flow-capture.c +--- flow-tools-0.68.old/src/flow-capture.c 2004-01-05 19:56:50.000000000 +0200 ++++ flow-tools-0.68/src/flow-capture.c 2007-03-04 15:33:12.000000000 +0200 +@@ -443,9 +443,7 @@ + if ((pid = fork()) == -1) { + fterr_err(1, "fork()"); + } else if (pid) { +- if (pidfile) +- write_pidfile(pid, pidfile, ftnet.dst_port); +- exit (0); /* parent */ ++ exit (0); /* parent */ + } + + if (!preserve_umask) +@@ -613,6 +611,10 @@ + if (!(ftch = ftchash_new(256, sizeof (struct ftchash_rec_exp), 12, 1))) + fterr_errx(1, "ftchash_new(): failed"); + ++ /* If we bind to the socket we are running and can write the pidfile */ ++ if (pidfile) ++ write_pidfile(getpid(), pidfile, ftnet.dst_port); ++ + /* init msg block */ + ftnet.iov[0].iov_len = sizeof ftpdu.buf; + ftnet.iov[0].iov_base = (char*)&ftpdu.buf; + --- flow-tools-0.68.orig/debian/patches/11_export_manpage +++ flow-tools-0.68/debian/patches/11_export_manpage @@ -0,0 +1,49 @@ +#! /bin/sh -e +## 11_export_manpage done by Radu Spineanu +## DP: Fixes an incorrect example in the manpage, and adds a clarification +## DP: to the -m argument + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68.old/docs/flow-export.1 flow-tools-0.68/docs/flow-export.1 +--- flow-tools-0.68.old/docs/flow-export.1 2005-11-28 22:56:49.446403656 +0200 ++++ flow-tools-0.68/docs/flow-export.1 2005-11-28 23:05:07.801642144 +0200 +@@ -75,8 +75,9 @@ + .IP "-h" 10 + Display help\&. + .IP "-m\fI mask_fields\fP" 10 +-Select fields for MySQL, PostgresSQL, cflowd, and ASCII formats\&. The +-\fImask_fields\fP is built from a bitwise OR of the following: ++Select fields for MySQL, PostgresSQL, cflowd, and ASCII formats\&. ++Add the mask arguments in the order shown below. The \fImask_fields\fP ++is built from a bitwise OR of the following: + .IP "" 10 + .PP + .nf +@@ -183,7 +184,7 @@ + Export the flow-tools file \fBflows\fP to an MySQL Database\&. + Include only SRCADDR, DSTADDR and DOCTETS\&. + .PP +- \fBflow-export -f3 -mSRCADDR,DSTADDR,DOCTETS -u "user:password:host:port:name:table" < flows \fP ++ \fBflow-export -f3 -mDOCTETS,SRCADDR,DSTADDR -u "user:password:host:port:name:table" < flows \fP + .SH "BUGS" + .PP + The pcap format is a hack\&. --- flow-tools-0.68.orig/debian/patches/02_postgre +++ flow-tools-0.68/debian/patches/02_postgre @@ -0,0 +1,44 @@ +#! /bin/sh -e +## 02_postgre done by Chris Stromsoe +## DP: This patch adds postgresql support to flow-tools + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -Naur flow-tools.old/configure flow-tools-0.68/configure +--- flow-tools.old/configure 2005-05-11 17:15:55.000000000 +0300 ++++ flow-tools-0.68/configure 2005-07-23 13:48:17.000000000 +0300 +@@ -3345,7 +3345,7 @@ + + + if test "x$WHERE_PGSQL" != "x"; then +- LIBS="-L$WHERE_PGSQL/lib/pgsql" ++ LIBS="-L`pg_config --libdir`" + echo "$as_me:$LINENO: checking for PQsetdbLogin in -lpq" >&5 + echo $ECHO_N "checking for PQsetdbLogin in -lpq... $ECHO_C" >&6 + if test "${ac_cv_lib_pq_PQsetdbLogin+set}" = set; then +@@ -3402,7 +3402,7 @@ + echo "${ECHO_T}$ac_cv_lib_pq_PQsetdbLogin" >&6 + if test $ac_cv_lib_pq_PQsetdbLogin = yes; then + +- PGSQLCFLAGS="-L$WHERE_PGSQL/lib -I$WHERE_PGSQL/include/pgsql" ++ PGSQLCFLAGS="-L` pg_config --libdir` -I` pg_config --includedir`" + PGSQLLIB="-lpq" + cat >>confdefs.h <<\_ACEOF + #define HAVE_PGSQL 1 --- flow-tools-0.68.orig/debian/patches/01_gcc4_amd64 +++ flow-tools-0.68/debian/patches/01_gcc4_amd64 @@ -0,0 +1,175 @@ +#! /bin/sh -e +## 01_gcc4_amd64 done by Andreas Jochens +## DP: This patch enables flow-tool to build on amd64 + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -Naur flow-tools-0.68/lib/ftchash.c flow-tools-0.68.new/lib/ftchash.c +--- flow-tools-0.68/lib/ftchash.c 2003-08-12 21:04:25.000000000 +0300 ++++ flow-tools-0.68.new/lib/ftchash.c 2005-05-25 14:35:14.122829168 +0300 +@@ -326,7 +326,8 @@ + (char*)ftch->traverse_chunk->base+ftch->traverse_chunk->next) { + + ret = ftch->traverse_rec; +- (char*)ftch->traverse_rec += ftch->d_size; ++ ftch->traverse_rec = (char*)ftch->traverse_rec + ftch->d_size; ++ + return ret; + + } else { +diff -Naur flow-tools-0.68/lib/ftio.c flow-tools-0.68.new/lib/ftio.c +--- flow-tools-0.68/lib/ftio.c 2003-02-24 02:51:47.000000000 +0200 ++++ flow-tools-0.68.new/lib/ftio.c 2005-05-25 14:38:04.701897208 +0300 +@@ -2267,7 +2267,7 @@ + break; + + nleft -= nread; +- (char*)ptr += nread; ++ ptr = (char*)ptr + nread; + } + return (nbytes - nleft); + } /* readn */ +@@ -2292,7 +2292,7 @@ + return(nwritten); /* error */ + + nleft -= nwritten; +- (char*)ptr += nwritten; ++ ptr = (char*)ptr + nwritten; + } + return(nbytes - nleft); + } /* writen */ +diff -Naur flow-tools-0.68/lib/fttlv.c flow-tools-0.68.new/lib/fttlv.c +--- flow-tools-0.68/lib/fttlv.c 2003-02-13 04:38:43.000000000 +0200 ++++ flow-tools-0.68.new/lib/fttlv.c 2005-05-25 14:41:31.525455248 +0300 +@@ -68,11 +68,11 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&v, buf, 4); + + return 8; +@@ -107,11 +107,11 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&v, buf, 2); + + return 6; +@@ -145,11 +145,11 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; ++ buf = (char*)buf + 2; + + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&v, buf, 1); + + return 5; +@@ -183,10 +183,10 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; ++ buf = (char*)buf + 2; + + bcopy(&len, buf, 2); +- (char*)buf+= 2; ++ buf = (char*)buf + 2; + + bcopy(v, buf, len); + +@@ -230,17 +230,17 @@ + return -1; + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&ip, buf, 4); +- (char*)buf += 4; +- ++ buf = (char*)buf + 2; ++ + bcopy(&ifIndex, buf, 2); +- (char*)buf += 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(name, buf, n); + + return 4+len2; +@@ -287,20 +287,20 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&ip, buf, 4); +- (char*)buf += 4; ++ buf = (char*)buf + 2; + + bcopy(&entries, buf, 2); +- (char*)buf += 2; ++ buf = (char*)buf + 2; + + bcopy(ifIndex_list, buf, esize); +- (char*)buf += esize; +- ++ buf = (char*)buf + esize; ++ + bcopy(name, buf, n); + + return 4+len2; --- flow-tools-0.68.orig/debian/patches/12_source_tag +++ flow-tools-0.68/debian/patches/12_source_tag @@ -0,0 +1,40 @@ +#! /bin/sh -e +## 12_source_tag done by Ilya Anfimov +## DP: Fixes ip-destination-address/source-tag + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68.old/lib/ftstat.c flow-tools-0.68/lib/ftstat.c +--- flow-tools-0.68.old/lib/ftstat.c 2006-11-17 01:18:44.676788250 +0200 ++++ flow-tools-0.68/lib/ftstat.c 2006-11-17 01:21:05.785607000 +0200 +@@ -11673,10 +11673,10 @@ + ftch_recprefix_tag, ftch_recprefix_tagp); + + FT_RECGET_DSTADDR(cur,rec,*fo); +- FT_RECGET_DST_TAG(cur,rec,*fo); ++ FT_RECGET_SRC_TAG(cur,rec,*fo); + + ftch_recprefix_tag.prefix = cur.dstaddr; +- ftch_recprefix_tag.tag = cur.dst_tag; ++ ftch_recprefix_tag.tag = cur.src_tag; + + /* only use mask if option set */ + if (rpt->options & (FT_STAT_OPT_DST_PREFIX_MASK|FT_STAT_OPT_DST_PREFIX_LEN)) { --- flow-tools-0.68.orig/debian/patches/00list +++ flow-tools-0.68/debian/patches/00list @@ -0,0 +1,13 @@ +01_gcc4_amd64 +02_postgre +04_docbook +05_python +06_time_t +07_libft_PIC +08_nfilter_doc +09_ftio_amd64 +10_export_postgre +11_export_manpage +12_source_tag +13_pid_file +14_flow_send_gcc4 --- flow-tools-0.68.orig/debian/patches/10_export_postgre +++ flow-tools-0.68/debian/patches/10_export_postgre @@ -0,0 +1,108 @@ +#! /bin/sh -e +## 10_export_postgre following #340493 by Alexey Bestchiokov +## DP: See #340493 + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68.old/src/flow-export.c flow-tools-0.68/src/flow-export.c +--- flow-tools-0.68.old/src/flow-export.c 2005-11-28 22:56:49.810348328 +0200 ++++ flow-tools-0.68/src/flow-export.c 2005-11-28 22:59:57.148868544 +0200 +@@ -892,7 +892,7 @@ + db_name = strsep(&tmp, ":"); + db_table = strsep(&tmp, ":"); + +- if (!db_user || !db_pwd || !db_host || !db_tmp || !db_name || !db_table) { ++ if (!db_user || !db_pwd || !db_host || !db_port || !db_name || !db_table) { + fterr_warnx("Missing field in dbaseURI, expecting user:pwd:host:port:name:table."); + return -1; + } +@@ -1200,10 +1200,10 @@ + + if (xfields & FT_XFIELD_EXADDR) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->exaddr)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + +@@ -1258,28 +1258,28 @@ + + if (xfields & FT_XFIELD_SRCADDR) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->srcaddr)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + + if (xfields & FT_XFIELD_DSTADDR) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->dstaddr)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + + if (xfields & FT_XFIELD_NEXTHOP) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->nexthop)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + +@@ -1376,19 +1376,19 @@ + + if (xfields & FT_XFIELD_PEER_NEXTHOP) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\"'; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->peer_nexthop)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + + if (xfields & FT_XFIELD_ROUTER_SC) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->router_sc)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + --- flow-tools-0.68.orig/docs/flow-receive.1.in +++ flow-tools-0.68/docs/flow-receive.1.in @@ -0,0 +1,87 @@ +.TH "\fBflow-receive\fP" "1" +.SH "NAME" +\fBflow-receive\fP \(em Receive flow data with the NetFlow protocol. +.SH "SYNOPSIS" +.PP +\fBflow-receive\fR [\-h] [\-b\fI big|little\fR] [\-C\fI comment\fR] [\-d\fI debug_level\fR] [\-o\fI output_file\fR] [\-S\fI stat_interval\fR] [\-V\fI pdu_version\fR] [\-z\fI z_level\fR] \fIlocalip/remoteip/port\fR +.SH "DESCRIPTION" +.PP +The \fBflow-receive\fR utility is used to receive flows in NetFlow +format. When the \fIremoteip\fR is configured only flows +from that exporter will be processed, this is the most secure and recommended +configuration. When the \fIlocalip\fR is configured +\fBflow-receive\fR will only process flows +sent to the \fI localip\fR IP address. If +\fIremoteip\fR is 0 (not configured) flows from any +source IP address are accepted. Multiple non aggregated PDU versions may +be accepted at once to support Cisco's Catalyst 6500 NetFlow +implementation which exports from both the supervisor and MSFC with the +same IP address and same port but different export versions. In this case +the exports will be stored in the format specified by the \-V flag or +whichever export type is received first. + +.SH "OPTIONS" +.IP "\-b\fI big\fR|\fIlittle\fR" 10 +Byte order of output. +.IP "\-C\fI Comment\fR" 10 +Add a comment. +.IP "\-d\fI debug_level\fR" 10 +Enable debugging. +.IP "\-h" 10 +Display help. +.IP "\-o\fI file\fR" 10 +Write to \fBfile\fP instead of the standard out. +.IP "\-S\fI stat_interval\fR" 10 +When configured \fBflow-receive\fR will emit a timestamped +message on stderr every \fIstat_interval\fR minutes +indicating counters such as the number of flows received, packets processed, +and lost flows. +.IP "\-V\fI pdu_version\fR" 10 +Use \fIpdu_version\fR format output. +.PP +.nf +1 NetFlow version 1 (No sequence numbers, AS, or mask) +5 NetFlow version 5 +6 NetFlow version 6 (5+ Encapsulation size) +7 NetFlow version 7 (Catalyst switches) +8.1 NetFlow AS Aggregation +8.2 NetFlow Proto Port Aggregation +8.3 NetFlow Source Prefix Aggregation +8.4 NetFlow Destination Prefix Aggregation +8.5 NetFlow Prefix Aggregation +8.6 NetFlow Destination (Catalyst switches) +8.7 NetFlow Source Destination (Catalyst switches) +8.8 NetFlow Full Flow (Catalyst switches) +8.9 NetFlow ToS AS Aggregation +8.10 NetFlow ToS Proto Port Aggregation +8.11 NetFlow ToS Source Prefix Aggregation +8.12 NetFlow ToS Destination Prefix Aggregation +8.13 NetFlow ToS Prefix Aggregation +8.14 NetFlow ToS Prefix Port Aggregation +1005 Flow-Tools tagged version 5 +.fi +.IP "\-z\fI z_level\fR" 10 +Configure compression level to \fI z_level\fR. 0 is +disabled (no compression), 9 is highest compression. +.SH "EXAMPLES" +.PP +Listen on port 9800 on any local interface for exports from IP address +10.0.0.1, store the exports in \fBflows\fP +.PP +\fBflow-receive\fR 0/10.0.0.1/9800 > \fBflows\fP +.PP +Listen on port 9800 on any local interface from any IP address, display +the received flows with flow-print. +.PP +\fBflow-receive\fR 0/0/9800 | \fBflow-print\fR +.SH "BUGS" +.PP +It is not currently possible to convert between the aggregated formats (8.x) +and the non aggregated formats (1,5,6,7). +.SH "AUTHOR" +.PP +Mark Fullmer maf@splintered.net +.SH "SEE ALSO" +.PP +\fBflow-tools\fP(1) +.\" created by instant / docbook-to-man, Wed 25 May 2005, 18:25 --- flow-tools-0.68.orig/src/ftbuild.h +++ flow-tools-0.68/src/ftbuild.h @@ -1 +1 @@ -#define FT_PROG_BUILD "maf@carnage on Wed May 11 10:18:05 EDT 2005" +#define FT_PROG_BUILD "k9@stark on Tue Jun 3 17:35:58 EEST 2008"