simsong
-Fc option can cause unceasing flow processing
The -Fc option to append the connection counter to ALL filenames has the unintended consequence of causing an infinite loop in some situations.
The default filename template is: %A.%a-%B.%b%V%v%C%c
If you use the "-Fc" option with no modification to the template, the argument processing will do the following:
case 'F':
for(const char *cc=optarg;*cc;cc++){
switch(*cc){
case 'c': replace(flow::filename_template,"%c","%C"); break;
This means the template has now been modified to: %A.%a-%B.%b%V%v%C%C
Now upon trying to open a new flow file due to port reusage you will enter an infinite loop because the filename will exist and the template will never generate a "changing" filename as the %c in the template has been lost.
So this is a bug in the template, right?
On Wed, Nov 4, 2015 at 11:31 AM, FusionFC [email protected] wrote:
The -Fc option to append the connection counter to ALL filenames has the unintended consequence of causing an infinite loop in some situations.
The default filename template is: %A.%a-%B.%b%V%v%C%c
If you use the "-Fc" option with no modification to the template, the argument processing will do the following:
case 'F': for(const char _cc=optarg;_cc;cc++){ switch(*cc){ case 'c': replace(flow::filename_template,"%c","%C"); break;
This means the template has now been modified to: %A.%a-%B.%b%V%v%C%C
Now upon trying to open a new flow file due to port reusage you will enter an infinite loop because the filename will exist and the template will never generate a "changing" filename as the %c in the template has been lost.
— Reply to this email directly or view it on GitHub https://github.com/simsong/tcpflow/issues/114.
Ultimately I would say yes.
In order to avoid the potential infinite loop port reusage should be assumed in any processing so after all filename templating is done if no %c exists in the template it should be added otherwise if port reuse appears in the data set you'll end up with the infinite loop.
I'm not exactly clear on what the intent of the replace() call is in the code. It seems possible that the arguments are backwards. Instead of replacing %c with %C we would want to replace %C with %c (lowercase is the actual count, uppercase is the letter 'c'). But this wouldn't "append the connection counter to ALL filenames." because it only works if the characters existed in the template at the time the argument is processed, which it does by default but which could be changed using a "-T". I was almost expecting an appending of a "%C%c" to whatever the template was.
However, there may fundamentally be an issue in the design of the arguments themselves as well. I don't think the arguments are positional so anything set with a "-F" could later be negated by a user also passing a "-T" template, and vice versa. It may be the -F arguments should be exclusive of the -T arguments?
For me, in practice the solution to my problem was simply to stop using the -Fc argument. I had added it to make sure the count appeared in the filename but the default template already was doing that so in theory the -Fc was redundant anyway, in practice it caused an infinite loop in flow::new_filename() and this issue report.
Not sure I explained myself well, sorry if the above is confusing.
You are correct that the -F arguments and the -T arguments are not meant to be used together. We should modify the program to detect that and report it as an error.
Ok, I see that you have opened a separate issue for the -F/-T issue. The initial issue then is still a problem.
The -Fc with the default template then will cause an infinite loop in the instance where port reuse exists, which is exactly when you want the count. The resulting template from the -Fc with a default template is %A.%a-%B.%b%V%v%C%C which means if port reusage happens in the flow you end up with a "cc" at the end of the template and not something that includes the actually count.
I'm not sure you need the -Fc option at all as the default template always has the %C%c at the end and thus will include the count.