--- flow-tools-0.68.orig/contrib/Cflow-debian.diff +++ flow-tools-0.68/contrib/Cflow-debian.diff @@ -0,0 +1,35 @@ +This patch is needed to compile the program on stupid systems like Hurd +which lack a PATH_MAX constant. + + +--- libcflow-perl-1.051.orig/Cflow.xs ++++ libcflow-perl-1.051/Cflow.xs +@@ -41,7 +41,6 @@ + + #include /* errno, ENOENT */ + #include /* fcntl, open, O_RDONLY */ +-#include /* PATH_MAX */ + #include /* FILE, stderr, fdopen, fread, fclose, sprintf */ + #include /* strncpy, strcmp, strerror */ + #include /* size_t */ +@@ -637,8 +636,7 @@ + + for (; arg < items; arg++) { + size_t len; +- char *namep; +- char name[PATH_MAX]; ++ char *name; + FILE *fp = (FILE *)0; + int fd; + +@@ -646,9 +644,7 @@ + croak("Usage: find(CODEREF, [CODEREF], FILE [...])"); + } + +- namep = SvPV(ST(arg), len); +- strncpy(name, namep, len); +- name[len] = '\0'; ++ name = SvPV(ST(arg), len); + + if (0 == strcmp("-", name)) { + fd = STDIN_FILENO; --- flow-tools-0.68.orig/docs/flow-receive.1.in +++ flow-tools-0.68/docs/flow-receive.1.in @@ -0,0 +1,87 @@ +.TH "\fBflow-receive\fP" "1" +.SH "NAME" +\fBflow-receive\fP \(em Receive flow data with the NetFlow protocol. +.SH "SYNOPSIS" +.PP +\fBflow-receive\fR [\-h] [\-b\fI big|little\fR] [\-C\fI comment\fR] [\-d\fI debug_level\fR] [\-o\fI output_file\fR] [\-S\fI stat_interval\fR] [\-V\fI pdu_version\fR] [\-z\fI z_level\fR] \fIlocalip/remoteip/port\fR +.SH "DESCRIPTION" +.PP +The \fBflow-receive\fR utility is used to receive flows in NetFlow +format. When the \fIremoteip\fR is configured only flows +from that exporter will be processed, this is the most secure and recommended +configuration. When the \fIlocalip\fR is configured +\fBflow-receive\fR will only process flows +sent to the \fI localip\fR IP address. If +\fIremoteip\fR is 0 (not configured) flows from any +source IP address are accepted. Multiple non aggregated PDU versions may +be accepted at once to support Cisco's Catalyst 6500 NetFlow +implementation which exports from both the supervisor and MSFC with the +same IP address and same port but different export versions. In this case +the exports will be stored in the format specified by the \-V flag or +whichever export type is received first. + +.SH "OPTIONS" +.IP "\-b\fI big\fR|\fIlittle\fR" 10 +Byte order of output. +.IP "\-C\fI Comment\fR" 10 +Add a comment. +.IP "\-d\fI debug_level\fR" 10 +Enable debugging. +.IP "\-h" 10 +Display help. +.IP "\-o\fI file\fR" 10 +Write to \fBfile\fP instead of the standard out. +.IP "\-S\fI stat_interval\fR" 10 +When configured \fBflow-receive\fR will emit a timestamped +message on stderr every \fIstat_interval\fR minutes +indicating counters such as the number of flows received, packets processed, +and lost flows. +.IP "\-V\fI pdu_version\fR" 10 +Use \fIpdu_version\fR format output. +.PP +.nf +1 NetFlow version 1 (No sequence numbers, AS, or mask) +5 NetFlow version 5 +6 NetFlow version 6 (5+ Encapsulation size) +7 NetFlow version 7 (Catalyst switches) +8.1 NetFlow AS Aggregation +8.2 NetFlow Proto Port Aggregation +8.3 NetFlow Source Prefix Aggregation +8.4 NetFlow Destination Prefix Aggregation +8.5 NetFlow Prefix Aggregation +8.6 NetFlow Destination (Catalyst switches) +8.7 NetFlow Source Destination (Catalyst switches) +8.8 NetFlow Full Flow (Catalyst switches) +8.9 NetFlow ToS AS Aggregation +8.10 NetFlow ToS Proto Port Aggregation +8.11 NetFlow ToS Source Prefix Aggregation +8.12 NetFlow ToS Destination Prefix Aggregation +8.13 NetFlow ToS Prefix Aggregation +8.14 NetFlow ToS Prefix Port Aggregation +1005 Flow-Tools tagged version 5 +.fi +.IP "\-z\fI z_level\fR" 10 +Configure compression level to \fI z_level\fR. 0 is +disabled (no compression), 9 is highest compression. +.SH "EXAMPLES" +.PP +Listen on port 9800 on any local interface for exports from IP address +10.0.0.1, store the exports in \fBflows\fP +.PP +\fBflow-receive\fR 0/10.0.0.1/9800 > \fBflows\fP +.PP +Listen on port 9800 on any local interface from any IP address, display +the received flows with flow-print. +.PP +\fBflow-receive\fR 0/0/9800 | \fBflow-print\fR +.SH "BUGS" +.PP +It is not currently possible to convert between the aggregated formats (8.x) +and the non aggregated formats (1,5,6,7). +.SH "AUTHOR" +.PP +Mark Fullmer maf@splintered.net +.SH "SEE ALSO" +.PP +\fBflow-tools\fP(1) +.\" created by instant / docbook-to-man, Wed 25 May 2005, 18:25 --- flow-tools-0.68.orig/lib/ftxfield.c +++ flow-tools-0.68/lib/ftxfield.c @@ -130,8 +130,9 @@ * specifying these out of order implies they would be displayed as * such which is not the case. */ + if (ftxfield_table[i].val < *xfields) { - fterr_warnx("Out of order field: %s", c); + fterr_warnx("Out of order field: %s: %llu %llu", c, ftxfield_table[i].val, *xfields); goto parse_xfield_out; } --- flow-tools-0.68.orig/src/ftbuild.h +++ flow-tools-0.68/src/ftbuild.h @@ -1 +1 @@ -#define FT_PROG_BUILD "maf@carnage on Wed May 11 10:18:05 EDT 2005" +#define FT_PROG_BUILD "k9@stark on Mon Nov 28 23:11:53 EET 2005" --- flow-tools-0.68.orig/debian/control +++ flow-tools-0.68/debian/control @@ -0,0 +1,54 @@ +Source: flow-tools +Section: net +Priority: optional +Maintainer: Radu Spineanu +Uploaders: Ernesto Nadir Crespo Avila +Build-Depends: debhelper (>= 4), zlib1g-dev (>= 1.0.2), flex, bison, libwrap0-dev, libmysqlclient15-dev | libmysqlclient-dev, zlib1g-dev, dpatch, libpq-dev, docbook-to-man +Standards-Version: 3.6.2 + +Package: flow-tools +Architecture: any +Depends: ${shlibs:Depends}, python +Suggests: fprobe +Description: collects and processes NetFlow data + Flow-tools is library and a collection of programs used to collect, + send, process, and generate reports from NetFlow data. The tools can be + used together on a single server or distributed to multiple servers for + large deployments. The flow-toools library provides an API for + development of custom applications for NetFlow export versions 1,5,6 and + the 14 currently defined version 8 subversions. A Perl and Python + interface have been contributed and are included in the package. + . + A NetFlow is network traffic information exported (via UDP) to an external + machine. The external machine processes such information to produce network + traffic accounting, network billing, network monitoring, etc. + . + Homepage http://www.splintered.net/sw/flow-tools/ + +Package: flow-tools-dev +Architecture: any +Section: libdevel +Depends: flow-tools (= ${Source-Version}), libc6-dev | libc-dev +Description: development files for flow-tools + Flow-tools is library and a collection of programs used to collect, + send, process, and generate reports from NetFlow data. The tools can be + used together on a single server or distributed to multiple servers for + large deployments. The flow-toools library provides an API for + development of custom applications for NetFlow export versions 1,5,6 and + the 14 currently defined version 8 subversions. A Perl and Python + interface have been contributed and are included in the package. + . + This package contains the flow-tools libraries and headers. + . + Homepage http://www.splintered.net/sw/flow-tools/ + +Package: libcflow-perl +Section: perl +Architecture: any +Depends: ${shlibs:Depends}, ${perl:Depends} +Recommends: libnet-patricia-perl +Description: perl module for analyzing raw IP flow files written by cflowd + This Perl module implements an API for analyzing flows in raw IP flow files + written by cflowd, a package used to collect Cisco NetFlow data. + . + Homepage: http://net.doit.wisc.edu/~plonka/Cflow/ --- flow-tools-0.68.orig/debian/flow-capture.conf +++ flow-tools-0.68/debian/flow-capture.conf @@ -0,0 +1,25 @@ +# Configuration for flow-capture +# +# Robin Elfrink +# +# Every line is basically just the options to flow-capture, see +# flow-capture(1) for explanation. + + +# Example 1: +# Capture flows from router at 10.1.1.10, listening at port 3000. +# Store flows in /var/flow/myrouter. +-w /var/flow/myrouter 0/10.1.1.10/3000 + + +# Example 2: +# Capture flows from router at 10.3.2.6, listening at port 3002. +# Store flows in /var/flow/mysecondrouter. Rotate files every +# 5 minutes. +-w /var/flow/mysecondrouter -n 275 0/10.3.2.6/3002 + +# Example 3: +# Same as above, but only listen at address 10.3.2.5, and store +# files under 'YYYY/YYYY-MM/YYYY-MM-DD' directories. +-w /var/flow/mysecondrouter -n 275 -N 3 10.3.2.5/10.3.2.6/3002 + --- flow-tools-0.68.orig/debian/compat +++ flow-tools-0.68/debian/compat @@ -0,0 +1 @@ +4 --- flow-tools-0.68.orig/debian/copyright +++ flow-tools-0.68/debian/copyright @@ -0,0 +1,45 @@ +Debian package created by Anibal Monsalve Salazar + +It was downloaded from: +ftp://ftp.eng.oar.net/pub/flow-tools/ + +Web page on 19 December 2003: +http://www.splintered.net/sw/flow-tools/ + +Upstream Author: +Mark Fullmer + +Copyright (c) 2001 Mark Fullmer and The Ohio State University +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + +Upstream Author of Cflow: +Dave Plonka + +Copyright (C) 1998-2002 Dave Plonka + +You are free to distribute this software under the terms of the GNU General +Public License. On Debian systems, the complete text of the GNU General +Public License can be found in /usr/share/common-licenses/GPL file. + --- flow-tools-0.68.orig/debian/flow-tools.flow-capture.init +++ flow-tools-0.68/debian/flow-tools.flow-capture.init @@ -0,0 +1,57 @@ +#!/bin/sh -e +# +# flow-capture Captures flow PDU's from a Cisco router. +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by +# Ian Murdock and +# Anibal Monsalve Salazar + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/bin/flow-capture +CONFIG=/etc/flow-tools/flow-capture.conf +NAME=flow-capture +DESC=flow-capture + +test -f $DAEMON || exit 0 +test -f $CONFIG || exit 0 + +pid=`pidof $DAEMON` || true + +case "$1" in + start) + if [ "$pid" ]; then + echo "Sorry, flow-capture is already running." + exit 0 + fi + + IFS=' +' + lines=`grep -E " |\t" /etc/flow-tools/flow-capture.conf | grep -v "^#"` + echo -n "Starting $DESC: " + for args in $lines; do + IFS=' ' + $DAEMON ${args} + done + echo "$NAME." + ;; + stop) + echo -n "Stopping $DESC: " + pid=`pidof $DAEMON` || true + if [ "$pid" ]; then + kill -TERM $pid >/dev/null 2>&1 + fi + echo "$NAME." + ;; + restart|force-reload) + $0 stop + $0 start + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- flow-tools-0.68.orig/debian/README.Debian +++ flow-tools-0.68/debian/README.Debian @@ -0,0 +1,171 @@ +README +====== + +flow-tools is a set of programs for processing and managing NetFlow exports +from Cisco and Juniper routers. The software was originally written by +Mark Fullmer while working at Ohio State University. Steve Romig and the +OSU network security group have added documentation, functionality, and +provided feedback. OARnet and the Ohio ITEC have recently funded my +time to add version 8 PDU support and various other features. + +If you are using flow-tools please subscribe to the mailing list by +sending a message to flow-tools-request@splintered.net + +flow-tools is currently available at http://www.splintered.net/sw/flow-tools + +Mark Fullmer +maf@splintered.net + + +Flow-capture configuration +-------------------------- + +The flow capturing utility of flow-tools, flow-capture, needs some +configuration in /etc/flow-tools/flow-capture.conf. I cannot at this moment +guess what you want in there, so you will have to edit that file manually. +Comments in the file will help you on your way. + +After editing /etc/flow-tools/flow-capture.conf you can start +receiving flows by running '/etc/init.d/flow-capture start'. + +You may also need to edit the files in /etc/flow-tools/{cfg,sym}. + + +CONFIGURING THE ROUTER +---------------------------- + +! enable cef +ip cef +ip cef distributed + +!Turn on flow accounting for each input interface with the interface command + +interface Fddi3/0 + ip route-cache flow + +interface atm3/0/0 + ip route-cache flow + +... + +Verify the router is generating flow stats with the command +'show ip cache flow'. Note that for routers with distributed switching +(GSR's, 75XX's) the RP cli will only show flows that made it up to the RP. +To see flows on the individual linecards use the 'attach' or 'if-con' command +and issue the 'sh ip ca fl' on each LC. + +IP packet size distribution (36242M total packets): + 1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 + .002 .340 .084 .021 .020 .012 .009 .009 .008 .007 .006 .007 .004 .003 .004 + + 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 + .002 .004 .035 .077 .338 .000 .000 .000 .000 .000 .000 + +IP Flow Switching Cache, 4456704 bytes + 4139 active, 61397 inactive, 712344771 added + 871670181 ager polls, 0 flow alloc failures + last clearing of statistics never +Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) +-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow +TCP-Telnet 1572735 0.3 58 127 21.4 27.0 14.8 +TCP-FTP 6193502 1.4 24 746 35.3 3.6 9.0 +TCP-FTPD 1458042 0.3 1534 833 520.9 42.4 4.2 +TCP-WWW 93403998 21.7 19 633 432.9 4.9 6.3 +TCP-SMTP 16123540 3.7 15 431 59.1 3.4 6.4 +TCP-X 687228 0.1 238 276 38.1 20.8 14.3 +TCP-BGP 1116819 0.2 3 45 0.7 5.3 16.0 +TCP-NNTP 1455156 0.3 1102 176 373.4 106.1 11.9 +TCP-Frag 3244 0.0 4 636 0.0 2.8 16.3 +TCP-other 188162587 43.8 118 733 5204.5 11.1 6.9 +UDP-DNS 38042100 8.8 3 84 27.3 3.8 16.4 +UDP-NTP 18760129 4.3 1 76 5.3 1.3 16.3 +UDP-TFTP 665 0.0 4 76 0.0 7.9 16.4 +UDP-Frag 13111 0.0 2121 1108 6.4 366.8 13.5 +UDP-other 195556237 45.5 35 343 1632.5 5.8 16.3 +ICMP 149285440 34.7 2 64 72.9 0.9 16.5 +IGMP 15315 0.0 167 32 0.5 1660.6 3.9 +IPINIP 15112 0.0 35 52 0.1 275.3 14.2 +GRE 127489 0.0 3 109 0.1 16.9 16.1 +IP-other 348604 0.0 56 447 4.5 21.5 16.2 +Total: 712341053 165.8 50 620 8436.8 6.2 12.2 + +SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts +AT4/0.1 128.146.225.194 AT1/0.2 128.194.203.23 06 0019 2CAF 15 +AT2/0.10 129.22.250.148 AT1/0.2 129.2.226.43 06 04BA 1A20 1266 +AT2/0.11 130.108.110.48 AT1/0.2 170.140.89.100 06 0923 10A3 436 +AT1/0.2 170.140.89.100 AT2/0.11 130.108.110.48 06 10A3 0923 462 + + +! Enable the exports of flows with the global commands + ip flow-export version 5 origin-as + ip flow-export 10.0.0.1 9990 + +! Enable the AS aggregation cache and export the aggregated flows to +! 10.0.0.1 port 9991 +ip flow-aggregation cache as + export destination 10.0.0.1 9991 + enabled + +! Create a loopback interface if one does not exist +! +interface Loopback0 + ip address 10.1.1.1 255.255.255.255 + +! +! Configure NetFlow export source address +! +ip flow-export source Loopback0 + + +If you have tcpdump installed on or near the host you're using to capture +flows, the exports can be verified. + +shattered:~% tcpdump -n udp port 9991 +tcpdump: listening on le0 +12:11:29.953100 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.962551 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.975115 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.984444 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:29.993956 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.003252 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.015483 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.024852 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.034182 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.043545 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 +12:11:30.053239 10.0.0.1.1868 > 10.0.0.2.9991: udp 1168 + +flow-receive can be used to verify your host is receiving flows: + + ./flow-receive 0/0/9990 | ./flow-print + or + ./flow-receive 0/0/9991 | ./flow-print + +% ./flow-receive 0/0/9990 | ./flow-print | head -10 +Sif SrcIPaddress Dif DstIPaddress Pr SrcP DstP Pkts Octets +60 206.204.84.9 00 10.0.135.63 06 15 5f0 2 88 +00 10.0.135.63 60 206.204.84.9 06 5f0 15 16 787 +60 206.204.84.9 00 10.0.135.63 06 15 5f0 13 1742 +00 10.0.155.25 60 204.62.245.167 06 50 bae5 15 948 +60 204.62.245.167 00 10.0.155.25 06 bae5 50 13 681 +60 206.204.84.20 00 10.0.135.63 06 50 5ed 7 3494 +60 206.204.84.20 00 10.0.135.63 06 50 5ef 6 401 +60 206.204.84.20 00 10.0.135.63 06 50 5eb 11 9413 +00 10.0.135.63 60 206.204.84.20 06 5ed 50 9 637 + +To store the flow exports on disk, use flow capture. The following will +store 15 minute compressed exports in /netflow/oar/krc3.v5 and begin +removing the oldest files after 3Gig of storage has been used. + +mkdir -p /var/netflow/oar/krc3.v5 +./flow-capture -w /var/netflow/oar/krc3.v5 -E3G 0/10.1.1.1/9990 + +The completed exports will begin with 'ft'. The current export file will +begin with 'tmp'. The 'ft' files can now be used with the other tools, ie + +./flow-print < /var/netflow/oar/krc3.v8.1/ft-v08m01.2001-02-09.111502 + +flow-cat, flow-stat, and flow-filter can be combined to produce various +reports such as total bytes in the export period, source/destination +matrixes, per interface totals, etc. + + --- flow-tools-0.68.orig/debian/patches/00list +++ flow-tools-0.68/debian/patches/00list @@ -0,0 +1,10 @@ +01_gcc4_amd64 +02_postgre +04_docbook +05_python +06_time_t +07_libft_PIC +08_nfilter_doc +09_ftio_amd64 +10_export_postgre +11_export_manpage --- flow-tools-0.68.orig/debian/patches/01_gcc4_amd64 +++ flow-tools-0.68/debian/patches/01_gcc4_amd64 @@ -0,0 +1,175 @@ +#! /bin/sh -e +## 01_gcc4_amd64 done by Andreas Jochens +## This patch enables flow-tool to build on amd64 + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -Naur flow-tools-0.68/lib/ftchash.c flow-tools-0.68.new/lib/ftchash.c +--- flow-tools-0.68/lib/ftchash.c 2003-08-12 21:04:25.000000000 +0300 ++++ flow-tools-0.68.new/lib/ftchash.c 2005-05-25 14:35:14.122829168 +0300 +@@ -326,7 +326,8 @@ + (char*)ftch->traverse_chunk->base+ftch->traverse_chunk->next) { + + ret = ftch->traverse_rec; +- (char*)ftch->traverse_rec += ftch->d_size; ++ ftch->traverse_rec = (char*)ftch->traverse_rec + ftch->d_size; ++ + return ret; + + } else { +diff -Naur flow-tools-0.68/lib/ftio.c flow-tools-0.68.new/lib/ftio.c +--- flow-tools-0.68/lib/ftio.c 2003-02-24 02:51:47.000000000 +0200 ++++ flow-tools-0.68.new/lib/ftio.c 2005-05-25 14:38:04.701897208 +0300 +@@ -2267,7 +2267,7 @@ + break; + + nleft -= nread; +- (char*)ptr += nread; ++ ptr = (char*)ptr + nread; + } + return (nbytes - nleft); + } /* readn */ +@@ -2292,7 +2292,7 @@ + return(nwritten); /* error */ + + nleft -= nwritten; +- (char*)ptr += nwritten; ++ ptr = (char*)ptr + nwritten; + } + return(nbytes - nleft); + } /* writen */ +diff -Naur flow-tools-0.68/lib/fttlv.c flow-tools-0.68.new/lib/fttlv.c +--- flow-tools-0.68/lib/fttlv.c 2003-02-13 04:38:43.000000000 +0200 ++++ flow-tools-0.68.new/lib/fttlv.c 2005-05-25 14:41:31.525455248 +0300 +@@ -68,11 +68,11 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&v, buf, 4); + + return 8; +@@ -107,11 +107,11 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&v, buf, 2); + + return 6; +@@ -145,11 +145,11 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; ++ buf = (char*)buf + 2; + + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&v, buf, 1); + + return 5; +@@ -183,10 +183,10 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; ++ buf = (char*)buf + 2; + + bcopy(&len, buf, 2); +- (char*)buf+= 2; ++ buf = (char*)buf + 2; + + bcopy(v, buf, len); + +@@ -230,17 +230,17 @@ + return -1; + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&ip, buf, 4); +- (char*)buf += 4; +- ++ buf = (char*)buf + 2; ++ + bcopy(&ifIndex, buf, 2); +- (char*)buf += 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(name, buf, n); + + return 4+len2; +@@ -287,20 +287,20 @@ + } + + bcopy(&t, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&len, buf, 2); +- (char*)buf+= 2; +- ++ buf = (char*)buf + 2; ++ + bcopy(&ip, buf, 4); +- (char*)buf += 4; ++ buf = (char*)buf + 2; + + bcopy(&entries, buf, 2); +- (char*)buf += 2; ++ buf = (char*)buf + 2; + + bcopy(ifIndex_list, buf, esize); +- (char*)buf += esize; +- ++ buf = (char*)buf + esize; ++ + bcopy(name, buf, n); + + return 4+len2; --- flow-tools-0.68.orig/debian/patches/02_postgre +++ flow-tools-0.68/debian/patches/02_postgre @@ -0,0 +1,44 @@ +#! /bin/sh -e +## 02_postgre done by Chris Stromsoe +## This patch adds postgresql support to flow-tools + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -Naur flow-tools.old/configure flow-tools-0.68/configure +--- flow-tools.old/configure 2005-05-11 17:15:55.000000000 +0300 ++++ flow-tools-0.68/configure 2005-07-23 13:48:17.000000000 +0300 +@@ -3345,7 +3345,7 @@ + + + if test "x$WHERE_PGSQL" != "x"; then +- LIBS="-L$WHERE_PGSQL/lib/pgsql" ++ LIBS="-L`pg_config --libdir`" + echo "$as_me:$LINENO: checking for PQsetdbLogin in -lpq" >&5 + echo $ECHO_N "checking for PQsetdbLogin in -lpq... $ECHO_C" >&6 + if test "${ac_cv_lib_pq_PQsetdbLogin+set}" = set; then +@@ -3402,7 +3402,7 @@ + echo "${ECHO_T}$ac_cv_lib_pq_PQsetdbLogin" >&6 + if test $ac_cv_lib_pq_PQsetdbLogin = yes; then + +- PGSQLCFLAGS="-L$WHERE_PGSQL/lib -I$WHERE_PGSQL/include/pgsql" ++ PGSQLCFLAGS="-L` pg_config --libdir` -I` pg_config --includedir`" + PGSQLLIB="-lpq" + cat >>confdefs.h <<\_ACEOF + #define HAVE_PGSQL 1 --- flow-tools-0.68.orig/debian/patches/04_docbook +++ flow-tools-0.68/debian/patches/04_docbook @@ -0,0 +1,56 @@ +#! /bin/sh -e +## 04_docbook done by Paul Hampson +## build system: Fix paths for jade rebuilding documentation. + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68/docs/Makefile.am flow-tools-0.68.new/docs/Makefile.am +--- flow-tools-0.68/docs/Makefile.am 2005-05-11 03:26:20.000000000 +0300 ++++ flow-tools-0.68.new/docs/Makefile.am 2005-05-25 14:54:16.993086480 +0300 +@@ -19,10 +19,10 @@ + docbook-to-man $*.sgml > $*.1.in + + .sgml.html: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html + + .sgml.html.in: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in + + all-am: Makefile $(man_MANSIN) $(man_HTMLS) + +diff -Naur flow-tools-0.68/docs/Makefile.in flow-tools-0.68.new/docs/Makefile.in +--- flow-tools-0.68/docs/Makefile.in 2005-05-11 17:20:18.000000000 +0300 ++++ flow-tools-0.68.new/docs/Makefile.in 2005-05-25 14:54:40.286545336 +0300 +@@ -340,10 +340,10 @@ + docbook-to-man $*.sgml > $*.1.in + + .sgml.html: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html + + .sgml.html.in: +- openjade -V nochunks -c /usr/local/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in ++ openjade -V nochunks -c /usr/share/sgml/docbook/dsssl/modular/catalog -c /usr/local/share/sgml/docbook/catalog -c /usr/local/share/sgml/jade/catalog -d /usr/local/share/sgml/docbook/dsssl/modular/html/docbook.dsl -t sgml $*.sgml > $*.html.in + + all-am: Makefile $(man_MANSIN) $(man_HTMLS) + # Tell versions [3.59,3.63) of GNU make to not export all variables. --- flow-tools-0.68.orig/debian/patches/05_python +++ flow-tools-0.68/debian/patches/05_python @@ -0,0 +1,51 @@ +#! /bin/sh -e +## 05_python done by Radu Spineanu +## Change python path from /usr/local/bin to /usr/bin + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68/bin/flow-log2rrd flow-tools-0.68.new/bin/flow-log2rrd +--- flow-tools-0.68.old/bin/flow-log2rrd 2005-05-25 15:44:00.079588400 +0300 ++++ flow-tools-0.68/bin/flow-log2rrd 2005-05-10 19:53:16.000000000 +0300 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python + + import getopt + import os +diff -Naur flow-tools-0.68/bin/flow-rpt2rrd flow-tools-0.68.new/bin/flow-rpt2rrd +--- flow-tools-0.68.old/bin/flow-rpt2rrd 2005-05-25 15:44:04.449924008 +0300 ++++ flow-tools-0.68/bin/flow-rpt2rrd 2005-05-11 03:11:29.000000000 +0300 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python + + import getopt + import os +diff -Naur flow-tools-0.68/bin/flow-rptfmt flow-tools-0.68.new/bin/flow-rptfmt +--- flow-tools-0.68.old/bin/flow-rptfmt 2005-05-25 15:44:09.680128896 +0300 ++++ flow-tools-0.68/bin/flow-rptfmt 2005-05-11 15:38:37.000000000 +0300 +@@ -1,4 +1,4 @@ +-#!/usr/local/bin/python ++#!/usr/bin/python + + import sys + import string --- flow-tools-0.68.orig/debian/patches/06_time_t +++ flow-tools-0.68/debian/patches/06_time_t @@ -0,0 +1,76 @@ +#! /bin/sh -e +## 06_time_t done by Kurt Roeckx +## Fixes directory creation problem on amd64 + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +--- flow-tools-0.68/lib/ftfile.c.old 2005-08-06 16:01:18.228015904 +0200 ++++ flow-tools-0.68/lib/ftfile.c 2005-08-06 16:04:55.087048320 +0200 +@@ -410,7 +410,7 @@ + * + */ + void ftfile_pathname(char *buf, int bsize, int nest, struct ftver ftv, +- int done, u_int32 ftime) ++ int done, time_t ftime) + { + struct tm *tm; + char *prefix, dbuf[64]; +@@ -418,7 +418,7 @@ + char gmt_sign; + int tm_gmtoff; + +- if (!(tm = localtime ((time_t*)&ftime))) { ++ if (!(tm = localtime (&ftime))) { + snprintf(buf, bsize, "."); + } + +@@ -499,7 +499,7 @@ + * returns -1 on error + * + */ +-int ftfile_mkpath(u_int32 ftime, int nest) ++int ftfile_mkpath(time_t ftime, int nest) + { + struct tm *tm; + char buf[32]; +@@ -512,7 +512,7 @@ + if ((nest > 3) || (nest < -3)) + return -1; + +- if (!(tm = localtime ((time_t*)&ftime))) ++ if (!(tm = localtime (&ftime))) + return -1; + + if (nest == -1) +--- flow-tools-0.68/lib/ftlib.h.old 2005-08-06 16:06:19.836164496 +0200 ++++ flow-tools-0.68/lib/ftlib.h 2005-08-06 16:05:47.261116656 +0200 +@@ -2710,9 +2710,9 @@ + int ftfile_dump(struct ftfile_entries *fte); + struct ftfile_entry *ftfile_entry_new(int len); + void ftfile_entry_free(struct ftfile_entry *entry); +-int ftfile_mkpath(u_int32 ftime, int nest); ++int ftfile_mkpath(time_t ftime, int nest); + void ftfile_pathname(char *buf, int bsize, int nest, struct ftver ftv, +- int done, u_int32 ftime); ++ int done, time_t ftime); + + + --- flow-tools-0.68.orig/debian/patches/07_libft_PIC +++ flow-tools-0.68/debian/patches/07_libft_PIC @@ -0,0 +1,36 @@ +#! /bin/sh -e +## 07_libft_PIC done by Radu Spineanu +## Compiles libft with -fPIC to work ok with libcflow-perl + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur ft-old/lib/Makefile.in flow-tools-0.68/lib/Makefile.in +--- ft-old/lib/Makefile.in 2005-05-11 17:16:15.000000000 +0300 ++++ flow-tools-0.68/lib/Makefile.in 2005-09-14 22:25:31.476176768 +0300 +@@ -91,7 +91,7 @@ + + #AM_CFLAGS=-g -Wall -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wredundant-decls -Wnested-externs + #AM_CFLAGS=-O2 +-AM_CFLAGS = -g -Wall ++AM_CFLAGS = -g -Wall -fPIC + + DEFS = -I. -I$(srcdir)/lib + --- flow-tools-0.68.orig/debian/patches/08_nfilter_doc +++ flow-tools-0.68/debian/patches/08_nfilter_doc @@ -0,0 +1,36 @@ +#! /bin/sh -e +## 08_nfilter_doc done by Radu Spineanu +## Fixes a small error in the manpage + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur ft-old/docs/flow-nfilter.1.in flow-tools-0.68/docs/flow-nfilter.1.in +--- ft-old/docs/flow-nfilter.1.in 2004-01-02 23:26:22.000000000 +0200 ++++ flow-tools-0.68/docs/flow-nfilter.1.in 2005-09-14 22:37:31.584703632 +0300 +@@ -66,7 +66,7 @@ + using the selected primitives\&. A definition may contain the invert + command which will invert the result of the evaluation\&. + .PP +-Words in the configuration file of the form @VAR or @{VAR:default} will be ++Words in the configuration file of the form @VAR or @{VAR:-default} will be + expanded at run-time by setting variable names with the -v option\&. + .PP + Filter primitives begin with the filter-primitive keyword followed by --- flow-tools-0.68.orig/debian/patches/09_ftio_amd64 +++ flow-tools-0.68/debian/patches/09_ftio_amd64 @@ -0,0 +1,197 @@ +#! /bin/sh -e +## 09_ftio_amd64 done by Oleg Milaenko +## Fixes incorrect print of time in flow-header + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -Naur ft-old/lib/ftio.c flow-tools-0.68/lib/ftio.c +--- ft-old/lib/ftio.c 2003-02-24 02:51:47.000000000 +0200 ++++ flow-tools-0.68/lib/ftio.c 2005-09-27 17:40:52.962355776 +0300 +@@ -1605,6 +1605,7 @@ + u_int32 flags, fields; + u_long period; + int n, streaming2; ++ time_t t; + + fth = &ftio->fth; + +@@ -1639,17 +1640,21 @@ + } + + if (!streaming2) +- if (fields & FT_FIELD_CAP_START) ++ if (fields & FT_FIELD_CAP_START) { ++ t = fth->cap_start; + fprintf(std, "%c capture start: %s", cc, +- ctime((time_t*)&fth->cap_start)); ++ ctime(&t)); ++ } + + if (!streaming2) { + + if ((flags & FT_HEADER_FLAG_DONE) || (flags & FT_HEADER_FLAG_PRELOADED)) { + +- if (fields & FT_FIELD_CAP_END) ++ if (fields & FT_FIELD_CAP_END) { ++ t = fth->cap_end; + fprintf(std, "%c capture end: %s", cc, +- ctime((time_t*)&fth->cap_end)); ++ ctime(&t)); ++ } + + period = fth->cap_end - fth->cap_start; + if ((fields & FT_FIELD_CAP_END) && (fields & FT_FIELD_CAP_START)) +--- flow-tools-0.68.orig/src/flow-print.c ++++ flow-tools-0.68/src/flow-print.c +@@ -298,6 +298,7 @@ + u_long bpp; + char fmt_buf1[64], fmt_buf2[64]; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -351,14 +352,16 @@ + (u_long)*cur.dPkts, (u_long)*cur.dOctets); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf(" %-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, + (int)tm->tm_min, (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + active_secs = (*cur.Last - *cur.First) / 1000; + active_msecs = (*cur.Last - *cur.First) % 1000; +@@ -398,6 +401,7 @@ + u_long active_secs, active_msecs; + u_long bpp; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -465,14 +469,16 @@ + (u_long)*cur.dPkts, (u_long)*cur.dOctets); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf(" %-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, (int)tm->tm_min, + (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + active_secs = (*cur.Last - *cur.First) / 1000; + active_msecs = (*cur.Last - *cur.First) % 1000; +@@ -675,6 +681,7 @@ + struct ftver ftv; + char fmt_buf1[64], fmt_buf2[64]; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -711,14 +718,16 @@ + cur.tcp_flags = ((u_int8*)(rec+fo.tcp_flags)); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf("%-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, + (int)tm->tm_min, (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf("%-2.2d%-2.2d.%-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, +@@ -2173,6 +2182,7 @@ + u_long bpp; + char fmt_buf1[64], fmt_buf2[64], fmt_buf3[64], fmt_buf4[64], fmt_buf5[64], fmt_buf6[64]; + char *rec; ++ time_t time_ftt; + + if (ftio_check_xfield(ftio, FT_XFIELD_DPKTS | + FT_XFIELD_DOCTETS | FT_XFIELD_FIRST | FT_XFIELD_LAST | FT_XFIELD_INPUT | +@@ -2239,14 +2249,16 @@ + (u_long)*cur.dPkts, (u_long)*cur.dOctets); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.First); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + printf(" %-4.4d-%-2.2d-%-2.2d %-2.2d:%-2.2d:%-2.2d.%-3.3lu ", + (int)tm->tm_year+1900, (int)tm->tm_mon+1, (int)tm->tm_mday, (int)tm->tm_hour, + (int)tm->tm_min, (int)tm->tm_sec, (u_long)ftt.msecs); + + ftt = ftltime(*cur.sysUpTime, *cur.unix_secs, *cur.unix_nsecs, *cur.Last); +- tm = localtime((time_t*)&ftt.secs); ++ time_ftt = ftt.secs; ++ tm = localtime(&time_ftt); + + active_secs = (*cur.Last - *cur.First) / 1000; + active_msecs = (*cur.Last - *cur.First) % 1000; +--- flow-tools-0.68.orig/lib/ftstat.c ++++ flow-tools-0.68/lib/ftstat.c +@@ -12363,7 +12363,7 @@ + { + int comma, sort_field; + char *buf, fmt_buf[32]; +- time_t now; ++ time_t now, time_flow; + + /* shortcut */ + if (!(rpt->out->options & FT_STAT_OPT_HEADER)) +@@ -12619,11 +12619,13 @@ + fprintf(fp, "# records_shown: %s\n", fmt_buf); + } + ++ time_flow = rpt->time_start; + fprintf(fp, "# first-flow: %lu %s", +- (unsigned long)rpt->time_start, ctime((time_t*)&rpt->time_start)); ++ (unsigned long)rpt->time_start, ctime(&time_flow)); + ++ time_flow = rpt->time_end; + fprintf(fp, "# last-flow: %lu %s", +- (unsigned long)rpt->time_end, ctime((time_t*)&rpt->time_end)); ++ (unsigned long)rpt->time_end, ctime(&time_flow)); + + now = time((time_t*)0L); + --- flow-tools-0.68.orig/debian/patches/10_export_postgre +++ flow-tools-0.68/debian/patches/10_export_postgre @@ -0,0 +1,108 @@ +#! /bin/sh -e +## 10_export_postgre following #340493 by Alexey Bestchiokov +## See #340493 + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68.old/src/flow-export.c flow-tools-0.68/src/flow-export.c +--- flow-tools-0.68.old/src/flow-export.c 2005-11-28 22:56:49.810348328 +0200 ++++ flow-tools-0.68/src/flow-export.c 2005-11-28 22:59:57.148868544 +0200 +@@ -892,7 +892,7 @@ + db_name = strsep(&tmp, ":"); + db_table = strsep(&tmp, ":"); + +- if (!db_user || !db_pwd || !db_host || !db_tmp || !db_name || !db_table) { ++ if (!db_user || !db_pwd || !db_host || !db_port || !db_name || !db_table) { + fterr_warnx("Missing field in dbaseURI, expecting user:pwd:host:port:name:table."); + return -1; + } +@@ -1200,10 +1200,10 @@ + + if (xfields & FT_XFIELD_EXADDR) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->exaddr)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + +@@ -1258,28 +1258,28 @@ + + if (xfields & FT_XFIELD_SRCADDR) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->srcaddr)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + + if (xfields & FT_XFIELD_DSTADDR) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->dstaddr)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + + if (xfields & FT_XFIELD_NEXTHOP) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->nexthop)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + +@@ -1376,19 +1376,19 @@ + + if (xfields & FT_XFIELD_PEER_NEXTHOP) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\"'; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->peer_nexthop)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + + if (xfields & FT_XFIELD_ROUTER_SC) { + if (comma) fmt_buf[len++] = ','; +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + len += fmt_ipv4(fmt_buf+len, *((u_int32*)(rec+fo->router_sc)), + FMT_JUST_LEFT); +- if (quote) fmt_buf[len++] = '"'; ++ if (quote) fmt_buf[len++] = '\''; + comma = 1; + } + --- flow-tools-0.68.orig/debian/patches/11_export_manpage +++ flow-tools-0.68/debian/patches/11_export_manpage @@ -0,0 +1,49 @@ +#! /bin/sh -e +## 11_export_manpage done by Radu Spineanu +## Fixes an incorrect example in the manpage, and adds a clarification +## to the -m argument + + +if [ $# -lt 1 ]; then + echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" + exit 1 +fi +case "$1" in + -patch) patch -f --no-backup-if-mismatch -p1 < $0;; + + -unpatch) patch -f --no-backup-if-mismatch -R -p1 < $0;; + + *) + echo >&2 \ + "`basename $0`: script expects -patch|-unpatch as argument" + exit 1;; +esac + +exit 0 + + +@DPATCH@ +diff -Naur flow-tools-0.68.old/docs/flow-export.1 flow-tools-0.68/docs/flow-export.1 +--- flow-tools-0.68.old/docs/flow-export.1 2005-11-28 22:56:49.446403656 +0200 ++++ flow-tools-0.68/docs/flow-export.1 2005-11-28 23:05:07.801642144 +0200 +@@ -75,8 +75,9 @@ + .IP "-h" 10 + Display help\&. + .IP "-m\fI mask_fields\fP" 10 +-Select fields for MySQL, PostgresSQL, cflowd, and ASCII formats\&. The +-\fImask_fields\fP is built from a bitwise OR of the following: ++Select fields for MySQL, PostgresSQL, cflowd, and ASCII formats\&. ++Add the mask arguments in the order shown below. The \fImask_fields\fP ++is built from a bitwise OR of the following: + .IP "" 10 + .PP + .nf +@@ -183,7 +184,7 @@ + Export the flow-tools file \fBflows\fP to an MySQL Database\&. + Include only SRCADDR, DSTADDR and DOCTETS\&. + .PP +- \fBflow-export -f3 -mSRCADDR,DSTADDR,DOCTETS -u "user:password:host:port:name:table" < flows \fP ++ \fBflow-export -f3 -mDOCTETS,SRCADDR,DSTADDR -u "user:password:host:port:name:table" < flows \fP + .SH "BUGS" + .PP + The pcap format is a hack\&. --- flow-tools-0.68.orig/debian/rules +++ flow-tools-0.68/debian/rules @@ -0,0 +1,102 @@ +#!/usr/bin/make -f +# Copyright 2003-2005 Anibal Monsalve Salazar + +export DH_VERBOSE=1 + +CURDIR := $(shell pwd) +D := $(CURDIR)/debian/flow-tools +DCF := $(CURDIR)/debian/libcflow-perl +CF := contrib/Cflow-1.051 +DEV := $(CURDIR)/debian/flow-tools-dev + +CFLAGS := -g -Wall +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +CCFLAGS := -g +# Include dpatch +include /usr/share/dpatch/dpatch.make + + +ifndef PERL +PERL := /usr/bin/perl +endif + + +clean: clean1 unpatch + +clean1: + dh_testroot + dh_testdir + dh_clean + rm -rf configure-stamp build-stamp confdefs.h $(CF) + -$(MAKE) distclean + +unpack-cflow: $(CF)/Cflow.xs +$(CF)/Cflow.xs: contrib/Cflow-1.051.tar.gz + cd contrib/ && tar xzmf Cflow-1.051.tar.gz + cd $(CF) && patch -p1 < ../Cflow-debian.diff + +configure: config-stamp +configure-stamp: $(CF)/Cflow.xs + dh_testdir + ./configure --prefix=/usr --exec-prefix=\$${prefix} \ + --mandir=\$${prefix}/share/man --sysconfdir=/etc/flow-tools \ + --localstatedir=/etc/flow-tools \ + --with-mysql --with-pgsql CFLAGS="$(CFLAGS)" + cd $(CF) && $(PERL) Makefile.PL INSTALLDIRS=vendor + touch $@ + +build: patch build-stamp +build-stamp: configure-stamp + dh_testdir + $(MAKE) + cd $(CF) && $(PERL) Makefile.PL INSTALLDIRS=vendor + cd $(CF) && $(MAKE) OPTIMIZE="$(CFLAGS)" + touch $@ + +install: build + dh_testroot + dh_testdir + dh_clean + + $(MAKE) install DESTDIR=$D + +# rm -rf $D/usr/lib/ $D/usr/include/ + mkdir -p $(DEV)/usr/ + mv $D/usr/lib/ $(DEV)/usr/ + mv $D/usr/include/ $(DEV)/usr/ + + cd $(CF) && $(MAKE) install DESTDIR=$(DCF) PREFIX=/usr + + # As this is an architecture dependent package, we are not supposed + # to install stuff to /usr/share/perl5. MakeMaker creates the + # directories, we delete them from the deb. + rmdir --ignore-fail-on-non-empty --parents $(DCF)/usr/share/perl5 + + cp debian/flow-capture.conf $D/etc/flow-tools/ + +binary-arch: install + dh_installinit --name=flow-capture --no-restart-on-upgrade + dh_installdocs --package=flow-tools SECURITY TODO + dh_installdocs --package=flow-tools-dev + dh_installdocs --package=libcflow-perl $(CF)/README + dh_installchangelogs --package=flow-tools ChangeLog + dh_installchangelogs --package=flow-tools-dev ChangeLog + dh_installchangelogs --package=libcflow-perl $(CF)/Changes +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + dh_strip +endif + dh_compress + dh_fixperms + dh_shlibdeps + dh_gencontrol + dh_installdeb + dh_builddeb + +binary: binary-arch + +.PHONY: clean build install binary-indep binary-arch binary patch unpatch --- flow-tools-0.68.orig/debian/changelog +++ flow-tools-0.68/debian/changelog @@ -0,0 +1,176 @@ +flow-tools (1:0.68-9) unstable; urgency=low + + * Updated libmysqlclient depedency (closes: #343780) + + -- Radu Spineanu Mon, 16 Jan 2006 15:54:15 +0200 + +flow-tools (1:0.68-8) unstable; urgency=low + + * Postgresql fixes in flow-export + * Clarifies the -m argument in the flow-export manpage + and fixes an example given for it (closes: #340493) + * New maintainers address + + -- Radu Spineanu Mon, 28 Nov 2005 23:07:55 +0200 + +flow-tools (1:0.68-7) unstable; urgency=low + + * And another amd64 fix, incorrect print of capture times in + flow-print and flow-report. Thanks to Oleg Milaenko . + (closes: #330951) + + -- Radu Spineanu Tue, 1 Nov 2005 14:37:54 +0200 + +flow-tools (1:0.68-6) unstable; urgency=low + + * Another amd64 fix, incorrect print of capture times in flow-header. + Thanks to Oleg Milaenko . (closes: #330163) + + -- Radu Spineanu Tue, 27 Sep 2005 17:42:10 +0300 + +flow-tools (1:0.68-5) unstable; urgency=low + + * Actually fix building of cflow-perl with flow-tools support + (closes: #327367, #163227, #239744) + * Build libft with -fPIC to link cflow-perl correctly + (thanks to Matt Zimmerman for the help) + * Fixed a minor error in the flow-nfilter manpage (closes: #327713) + + -- Radu Spineanu Sun, 11 Sep 2005 15:45:04 +0300 + +flow-tools (1:0.68-4) unstable; urgency=low + + * Fixes directory creation problem on amd64 (closes: #320998) + Thanks to Kurt Roeckx for the patch + + -- Radu Spineanu Fri, 12 Aug 2005 16:33:26 +0300 + +flow-tools (1:0.68-3) unstable; urgency=low + + * Change build-dep from postgresql-dev to libpq-dev and + modified the old pgsql patch to use pg_config (closes: #319564) + * Policy bumped to 3.6.2, no changes. + + -- Radu Spineanu Sat, 23 Jul 2005 13:55:12 +0300 + +flow-tools (1:0.68-2) unstable; urgency=low + + * Fixed a bashism in init script (closes: #311568) + + -- Radu Spineanu Thu, 2 Jun 2005 20:12:57 +0300 + +flow-tools (1:0.68-1) unstable; urgency=low + + * New upstream release + + (closes: #217211) should link dynamically to it's own library + * Removed stager patch since it was included upstream + * Added build-dependency to docbook-to-man + * flow-tools now depends on python + + -- Radu Spineanu Wed, 25 May 2005 14:48:24 +0300 + +flow-tools (1:0.67-9) unstable; urgency=low + + * New development package that contains flow-tools libraries and headers + (closes: #291214) + * Added patch to properly build with modified sgmls (closes: #300992) + * Changed maintainer to Radu Spineanu and removed Anibal Monsalve Salazar on + his request + + -- Radu Spineanu Sat, 30 Apr 2005 15:22:23 +0300 + +flow-tools (1:0.67-8) unstable; urgency=low + + * Changed build-depends to libmysqlclient12-dev (closes: #299177) + + -- Radu Spineanu Sat, 12 Mar 2005 12:16:25 +0200 + +flow-tools (1:0.67-7) unstable; urgency=low + + * New co-maintainers + * Added patch that enables flow-tools to build on amd64 with gcc4 + (thanks to Andreas Jochens) (closes: #285948) + * Added postgresql support to flow-export (thanks to Chris Stromsoe) + (closes: #244161, #245097) + * Included a patch that enables filtering based on exporter address in flow-filter. + This patch is needed by Stager (closes: #278858) + * Changed the init script to properly shutdown flow-capture + + -- Radu Spineanu Fri, 25 Feb 2005 17:36:58 +0200 + +flow-tools (1:0.67-6) unstable; urgency=low + + * FTBFS with gcc-3.4: label at end of compound statement (Closes: #258842). + Patch provided by Andreas Jochens + + -- Anibal Monsalve Salazar Sun, 12 Sep 2004 22:53:46 +1000 + +flow-tools (1:0.67-5) unstable; urgency=low + + * Now this source package generates the libcflow-perl package too. + This allows it to have flow-tools support. (Closes: #163227) + * Added an epoch to have a version number more recent than the last + standalone libcflow-perl package. + * Removed the remaining traces of debconf. + * Do not provide a reload function in the init script, because it's + not supported by the program. + * Ported the packaging to debhelper, cleaned up debian/rules. + * Really use the $CFLAGS value set in debian/rules. + * Do not install another copy of the config files in the examples directory. + + -- Marco d'Itri Thu, 9 Sep 2004 00:58:53 +0200 + +flow-tools (0.67-4) unstable; urgency=low + + * Flow collector daemon is not restarted on package upgrade (closes: #234266). + Changed debian/postinst. + * Please drop debconf note (closes: #234858). + Created README.Debian using parts from the debconf note and the original README and INSTALL files. + Removed debconf note. + + -- Anibal Monsalve Salazar Sat, 13 Mar 2004 09:23:13 +1100 + +flow-tools (0.67-3) unstable; urgency=low + + * prerm script pukes; error with init script (closes: #233479). + Fixed syntax error when /etc/init.d/flow-capture is run under /bin/dash. + + -- Anibal Monsalve Salazar Sat, 21 Feb 2004 19:24:20 +1100 + +flow-tools (0.67-2) unstable; urgency=low + + * Problem with initscript: /etc/init.d/flow-capture (closes: #224703). + Patch provided by Andrzej Oszer . + * Please finish the switch to gettext-based debconf templates (closes: #233112). + Patch provided by Martin Quinson . + + -- Anibal Monsalve Salazar Tue, 17 Feb 2004 12:50:24 +1100 + +flow-tools (0.67-1) unstable; urgency=low + + * Should link dynamically to its own library (closes: #217211). + Patch provided by Oliver Kurth . + + -- Anibal Monsalve Salazar Fri, 19 Dec 2003 23:20:16 +1100 + +flow-tools (0.66-3) unstable; urgency=low + + * Added "Build-Depends: po-debconf" (closes: #220524). + + -- Anibal Monsalve Salazar Thu, 13 Nov 2003 19:43:30 +1100 + +flow-tools (0.66-2) unstable; urgency=low + + * Added support for mysql (closes: #202371). + * Added /etc/init.d/flow-capture and /etc/flow-tools/flow-capture.conf (closes: #202372). + Example configuration files are already in /usr/share/doc/flow-tools/examples/ + * Description includes an idea of what a NetFlow is (closes: #202584). + * Changed localstatedir from /var to /etc/flow-tools (closes: #203383). + + -- Anibal Monsalve Salazar Sat, 25 Oct 2003 00:46:15 +1000 + +flow-tools (0.66-1) unstable; urgency=low + + * Initial Release (closes: #197217) + + -- Anibal Monsalve Salazar Tue, 17 Jun 2003 07:46:52 +1000