ANNOUNCE: Cflow-1.030 - updated perl module released

From: Dave Plonka (plonka@doit.wisc.edu)
Date: Wed Feb 21 2001 - 19:47:05 PST

  • Next message: Brad Hendrickse: "errors when running cflowdmux"

    cflowd users,

        I've prepared a new release of the Cflow perl module which is used
        to process raw flow files produced by cflowd.

        As in the past, the Cflow distribution also contains the
        `flowdumper' script, which serves as both a flowdump-like "grep"
        utility for flows and as an example of how to use the Cflow
        module.

        Cflow is the perl module on which FlowScan is based.

    Availability

        The Cflow perl module is available under the terms of the GNU
        General Public License at:

           http://net.doit.wisc.edu/~plonka/Cflow/

    Changes

        The current release is Cflow-1.030 and contains these modifications:

         o Reimplemented portions of Cflow as a perl XS extension in C.
           The "unpacking" of flow variables from the records in the raw
           flow files is now done directly in C for improved performance.
           This is perhaps ~10 times faster than before. Note that only
           the file input performance has improved, so this does not mean
           that applications which use Cflow will be that much faster. For
           example, FlowScan might see about ~10% overall performance
           improvement in terms of CPU seconds.

         o Improved the performance for scripts which refer to the IP
           address string-formatted flow variables: $srcip, $dstip,
           $nexthopip, and $exporterip. As in the previous release, the
           translation of IP addresses from integers to ASCII strings
           (inet_ntoa) is deferred until those variables are accessed, but
           now the conversion is slightly faster. Still, if at all
           possible, you should restrict yourself to using only the integer
           representations of IP addresses: $srcaddr, $dstaddr, $nexthop,
           and $exporter because its so much faster to avoid the conversion
           to "dotted decimal" ASCII strings.

         o Fixed a problem that was causing Cflow.pm to warn
           "Use of uninitialized value in addition (+)" if the script's
           "wanted" function never returned a non-zero value.

         o Added more Plain-Old-Documentation to both Cflow and flowdumper,
           including information about how to specify arguments to the
           "wanted" function when calling Cflow::find.

         o Fixed a typo which was causing the Cisco $engine_type and
           $engine_id to always be zero.

    Dave

    -- 
    plonka@doit.wisc.edu  http://net.doit.wisc.edu/~plonka  ARS:N9HZF  Madison, WI
    --
    cflowd mailing list
    cflowd@caida.org
    



    This archive was generated by hypermail 2b29 : Wed Feb 21 2001 - 20:21:22 PST