A poorly fragmented packet stream that seg faults argus.
Peter Van Epp
vanepp at sfu.ca
Wed Mar 3 12:17:59 EST 1999
Thanks. I have applied the patches to my production argus host, and
I'll arrange to run the unpatched version on a test box in parallel on the
same network so that I can see the patched version survives when the unpatched
one seg faults.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> Hey Peter Van,
> So I believe the fixes to ./server/cons_ip.c will handle
> your problem. Tell me ASAP if this isn't true. There
> are two fixes in cons_ip.c, both related to truncated
> packets, but your problem was specific to truncated
> fragments, so both patches apply.
>
> The output for your example with these fixes will not be
> accurate, (your sample has 101 packets and argus will report
> 101 packets seen, but only 76 packets mapped to flows).
> Actually the missing packets are not related to the TCP
> connection, but to the ICMP processing. That will be
> fixed in the 1.8 timeframe.
>
> Carter
>
<snip>
More information about the argus
mailing list