ANNOUNCE: Cflow-1.030 - updated perl module released

From: Dave Plonka (plonka@doit.wisc.edu)
Date: Wed Feb 21 2001 - 19:47:05 PST

Next message: Brad Hendrickse: "errors when running cflowdmux"

Previous message: Pierre Vander Vorst: "Re: What ifIndex number should netflow stats appear on?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

cflowd users,

I've prepared a new release of the Cflow perl module which is used
to process raw flow files produced by cflowd.

    As in the past, the Cflow distribution also contains the
    `flowdumper' script, which serves as both a flowdump-like "grep"
    utility for flows and as an example of how to use the Cflow
    module.

Cflow is the perl module on which FlowScan is based.

Availability

The Cflow perl module is available under the terms of the GNU
General Public License at:

http://net.doit.wisc.edu/~plonka/Cflow/

Changes

The current release is Cflow-1.030 and contains these modifications:

     o Reimplemented portions of Cflow as a perl XS extension in C.
       The "unpacking" of flow variables from the records in the raw
       flow files is now done directly in C for improved performance.
       This is perhaps ~10 times faster than before. Note that only
       the file input performance has improved, so this does not mean
       that applications which use Cflow will be that much faster. For
       example, FlowScan might see about ~10% overall performance
       improvement in terms of CPU seconds.

     o Improved the performance for scripts which refer to the IP
       address string-formatted flow variables: $srcip, $dstip,
       $nexthopip, and $exporterip. As in the previous release, the
       translation of IP addresses from integers to ASCII strings
       (inet_ntoa) is deferred until those variables are accessed, but
       now the conversion is slightly faster. Still, if at all
       possible, you should restrict yourself to using only the integer
       representations of IP addresses: $srcaddr, $dstaddr, $nexthop,
       and $exporter because its so much faster to avoid the conversion
       to "dotted decimal" ASCII strings.

     o Fixed a problem that was causing Cflow.pm to warn
       "Use of uninitialized value in addition (+)" if the script's
       "wanted" function never returned a non-zero value.

     o Added more Plain-Old-Documentation to both Cflow and flowdumper,
       including information about how to specify arguments to the
       "wanted" function when calling Cflow::find.

o Fixed a typo which was causing the Cisco $engine_type and
$engine_id to always be zero.

Dave

-- 
plonka@doit.wisc.edu  http://net.doit.wisc.edu/~plonka  ARS:N9HZF  Madison, WI
--
cflowd mailing list
cflowd@caida.org

Next message: Brad Hendrickse: "errors when running cflowdmux"
Previous message: Pierre Vander Vorst: "Re: What ifIndex number should netflow stats appear on?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Feb 21 2001 - 20:21:22 PST