Open GoogleCodeExporter opened 8 years ago
What steps will reproduce the problem? 1. run flow-stat on flow capture files that all hit one bucket in the summary. For example, all packets are size 128. What is the expected output? What do you see instead? Should see 100% under 128 in IP packet size distribution. Instead, .000 is displayed. What version of the product are you using? On what operating system? flow-tools-0.68.5.1, linux Please provide any additional information below. ###the following has 12 packets, 10 with 106 bytes and 2 with 234 octets and flow-stat -f0 correctly shows 'IP packet size distribution" percentage's. [jwacase@nickel flow-tools]$ flow-print < ft-v05.2012-03-07.121228-0700 srcIP dstIP prot srcPort dstPort octets packets 10.156.1.2 10.156.8.202 6 42499 307 234 1 10.156.1.2 10.156.8.202 6 273 42528 106 1 10.156.1.2 10.156.8.202 6 546 547 106 1 10.156.1.2 10.156.8.202 6 23879 54468 106 1 10.156.1.2 10.156.8.202 6 34133 48553 106 1 10.156.1.2 10.156.8.202 6 613 614 234 1 10.156.1.2 10.156.8.202 6 35218 27234 106 1 10.156.1.2 10.156.8.202 6 26011 63973 106 1 10.156.1.2 10.156.8.202 6 42937 21264 106 1 10.156.1.2 10.156.8.202 6 17609 13617 106 1 10.156.1.2 10.156.8.202 6 62701 43400 106 1 10.156.1.2 10.156.8.202 6 5628 23491 106 1 jwacase@nickel flow-tools]$ flow-stat < ft-v05.2012-03-07.121228-0700 | grep -A 2 "IP packet size distribution" IP packet size distribution: 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .000 .000 .833 .000 .000 .000 .167 .000 .000 .000 .000 .000 .000 .000 ### the following has all flows as one size. and flow-stat -f0 is all 000's.. assume it is truncating to 3 decimal digits and losing the 1. [jwacase@nickel flow-tools]$ flow-print < ft-v05.2012-03-07.121727-0700srcIP dstIP prot srcPort dstPort octets packets 10.156.1.2 10.156.8.202 6 273 42528 106 1 10.156.1.2 10.156.8.202 6 546 547 106 1 10.156.1.2 10.156.8.202 6 23879 54468 106 1 10.156.1.2 10.156.8.202 6 34133 48553 106 1 10.156.1.2 10.156.8.202 6 35218 27234 106 1 10.156.1.2 10.156.8.202 6 26011 63973 106 1 10.156.1.2 10.156.8.202 6 42937 21264 106 1 10.156.1.2 10.156.8.202 6 17609 13617 106 1 10.156.1.2 10.156.8.202 6 62701 43400 106 1 10.156.1.2 10.156.8.202 6 5628 23491 106 1 10.156.1.2 10.156.8.202 6 2814 35536 106 1 [jwacase@nickel flow-tools]$ flow-stat < ft-v05.2012-03-07.121727-0700 | grep -A 2 "IP packet size distribution" IP packet size distribution: 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 ### modifying ( a poor hack ) function print_3float lib/support.c to void print_3float(float f) { printf("%#4.2f " , f); /* char s[10], *c; sprintf(s, "%-8.4f", f); sprintf(s, "%#0-5.3", f); c = s + 1; printf("%s ", f); */ } /* print_3float */ # gives the following, which alters the output to be d.dd versus .ddd, and thus shows the 100% case [jwacase@fsa flow-tools-0.68.5.1]$ ./src/flow-stat < ft-v05.2012-03-07.121727-0700 | grep -A 2 "IP packet size distribution" IP packet size distribution: 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 0.00 0.00 0.00 1.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Original issue reported on code.google.com by jwaca...@gmail.com on 7 Mar 2012 at 10:35
jwaca...@gmail.com
Original issue reported on code.google.com by
jwaca...@gmail.comon 7 Mar 2012 at 10:35