question about ra

Carter Bullard cbullard at nortelnetworks.com
Mon Jan 24 09:37:23 EST 2000


Hey Sergio,
   When the bytes of an IP address are all flipped, there is
little doubt that there is a big/little endian problem somewhere
in the code, at least that has been my experience.

   Is it possible that you could be doing an htonl on the IP
addresses twice?

   Two suggestions. 1)  Load all the variables in your argus
record without the hton operations.  This will allow you to
check the values in your struct using a debugger prior
to writting it to a socket of a file.  2) Use a single routine
to make the conversion, as it makes it easier to catch
consistency problems.
 
   There are a few major problems with the code that you
sent, and correcting these problems may solve some others.
Your port number conversion statements are not correct.
Port numbers are 16 bit short values, so you need to use
htons() and shift another 8 bits.  The statement that you are
using,  

> data.ws_ip.port=htonl(fd_v1->payload[23].dstport)<<8;
> data.ws_ip.port=(data.ws_ip.port | 
> htonl((fd_v1->payload[23].srcport)));

cannot generate correct output.  Try this.

   data,ws_ip.port = htons(fd_v1->payload[23].dstport)<<16 |
                             htons(fd_v1->payload[23].srcport);

You may want to get a beta copy of argus 1.8 which breaks
out the struct tha {} so that you don't have to do all this
shifting and oring.

Hope this helps,

Carter


> -----Original Message-----
> From: sergo at links.ru [mailto:sergo at links.ru]
> Sent: Monday, January 24, 2000 7:45 AM
> To: Bullard, Carter [NYPAR:DS33:EXCH]
> Subject: RE: question about ra
> 
> 
> Hello
> 
> Thank you for answer.
> 
> >    This is just a network vs host order byte encoding 
> problem.  Big Endian
> > vs Little Endian byte ordering.   External Argus records 
> are in network
> > order.
> 
> I know about this problem.
> 
> > The standard Argus client code, in the ./common directory, provides
> > two routines, wsntoh() and wshton(), which convert Argus records
> > from network to host order and from host order to network, 
> respectively.
> > 
> >    When writing Argus data, you should covert host order to 
> network order,
> > and so, you should use the routine, wshton(struct WriteStruct *ws).
> 
> I am writing argus record as you saying.
> 
> ----------
> data.status=htonl(IPPROTO | UDPPROTO | MODIFIED | IP_INIT 
> |TIMED_OUT );
> }
> 
> data.ws_ip.startime.tv_sec=htonl(fd_v1->payload[23].First);
> data.ws_ip.startime.tv_usec=0;
> data.ws_ip.lasttime.tv_sec=htonl(fd_v1->payload[23].Last);
> data.ws_ip.lasttime.tv_usec=0;
> for (i = 0; i <6 ; i++) {
>  data.ws_ip_phys.ethersrc.octet[i]=0;
>  data.ws_ip_phys.etherdst.octet[i]=0;
> }
> data.ws_ip.src.s_addr= htonl(fd_v1->payload[23].srcaddress.fulladdr);
> data.ws_ip.dst.s_addr= htonl(fd_v1->payload[23].dstaddress.fulladdr);
> data.ws_ip.port=htonl(fd_v1->payload[23].dstport)<<8;
> data.ws_ip.port=(data.ws_ip.port | 
> htonl((fd_v1->payload[23].srcport)));
> data.ws_ip_udp.dst_count=htonl(fd_v1->payload[23].dPkts);
> data.ws_ip_udp.src_count=0;
> data.ws_ip_udp.dst_bytes=htonl(fd_v1->payload[23].dOctets);
> data.ws_ip_udp.src_bytes=0;
> 
> fwrite(&data,sizeof(data),1,argus_rec);
> ------------------
> 
> > 
> > See if that helps and best of luck.
> 
> It doesn't help. 
> > 
> > Carter
> 
> -----------------------------------------------------------
> Sergey Artjushkin                               Relcom Corp.
> Tel: 196-72-12                                    Moscow
> 
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20000124/49f4f0bc/attachment.html>


More information about the argus mailing list