#!/usr/bin/ruby
require 'Vflow'
require 'socket'
TESTFILE=ARGV[0]
def dumpvflowrec(r)
puts "=============="
print "srcaddr #{IPSocket.getaddress(r.srcaddr)} -> "
puts "dstaddr #{IPSocket.getaddress(r.dstaddr)}"
puts "srcport #{r.srcport} dstport #{r.dstport}"
puts "prot #{r.prot} tos #{r.tos}"
end
x = Vflow.new()
x.open(TESTFILE)
count = 0
x.each() {|r|
dumpvflowrec(r)
count += 1
puts count
}
I guess I found the bug the author mentions on the website.
franz-g4:/tmp mdfranz$ ruby vftest.rb ft-v05.2007-04-30.064501-0500
==============
srcaddr 202.97.238.199 -> dstaddr 24.136.7.235
SNIP
==============
srcaddr 24.136.7.235 -> dstaddr 64.233.163.19
srcport 58911 dstport 443
prot 6 tos 0
197
==============
srcaddr 207.172.3.8 -> dstaddr 24.136.7.235
srcport 53 dstport 57738
prot 17 tos 0
198
ruby(674) malloc: *** Deallocation of a pointer not malloced: 0x320110;
This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
Of course not like I could do any better, I know better than to touch anything in C.
What are the odds the Python flowtools will be more robust.
Pretty good, I reckon.
1 comment:
"mainline" Python flowtools aren't more robust, really. For fedora I maintain heavily patched version which is, indeed, more robust.
Post a Comment