Further (broken) argus-2.0.0 patches

Carter Bullard carter at qosient.com
Sun Sep 3 10:58:21 EDT 2000 


-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Carter Bullard
Sent: Sunday, September 03, 2000 10:32 AM
To: 'Neil Long'; 'Peter Van Epp'
Cc: 'argus'
Subject: RE: Further (broken) argus-2.0.0 patches


Hey Neil,
   The tests are perfect and not a waste of time in
any way.  They help to give me a priority for
fixing things.

I had completely forgotten the '-e' and '-a'
options so they go in on Tuesday.  An option that
you do want to test is the multiple '-w filename "filter"'
expressions, the filter needs to be quoted for the
thing to work.  There is no testing that the filenames
don't collides, so don't complain if you put two
"-" and you get unexpected results ;o).

Gentle People,
   The multiple '-w filename "filter"' apply to argus, not
the clients.  Sorry if there was any confusion.

Carter

-----Original Message-----
From: owner-argus at lists.andrew.cmu.edu
[mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Neil Long
Sent: Sunday, September 03, 2000 5:19 AM
To: Peter Van Epp; carter at qosient.com
Cc: argus
Subject: Re: Further (broken) argus-2.0.0 patches


Hello

I am stuck at home on a dial-up pro tem but had a look at v2.0 with Peter's
first patch bundle (will try the second set later).

With Peter's patches it built ok but I had to remove the -lpthread for the
argus server Makefile entry (since the pthreads on my FreeBSD 3.5 laptop is
in one of the default system libs)

I had no success on FreeBSD using the tun0 interface (not surprising) while
on a ppp link but I was able to make some comparisons in output using a
tcpdump data file. There are a couple of problems arising out of this -
first the v2 data file output from ./argus_bpf -r tcpdump -w output.data is
truncated and argus exits with a memory error. However a most of the data is
there.

Running ra or racount and comparing v1.8.1 and v2.0 shows some problems with
the summary of data (the records and packet counts are ok but the byte,
flows, etc are wrong).

I will build a fresh tree again with the new patches for FreeBSD and will
test the comparitive handling of tcpdump data on Solaris tomorrow. I won't
post the error details yet as it may just be that this part of the code is
not really ready for testing, sorry!

Oh and the -a and -e options don't work as advertised (and as in 1.8) and
either are not enabled yet or are related to the data summary problem.

So I am not sure yet whether such tests are a waste of time at this stage of
development however maybe a standard tcpdump trace file could be useful as a
test suite?

Regards
Neil

More information about the argus mailing list