Hmmm, man seems a little broken too.

Peter Van Epp vanepp at sfu.ca
Thu Sep 21 23:34:15 EDT 2000 

> 
> Hey Peter,
>    This is an interesting problem, as I'm not sure
> what Os's have the issue.  We use %Ld in our printf statements
> to get doubles out, but on some machines it needs to be
> %lld.  Is this FreeBSD?  You may want to go into
> ./common/argus_util.c, on line 286, or so, and change
> the %L's to %ll's and give that a try.  The argus
> data is fine, just the printf statement may need some adjustment.

	Yep that looks to be it. Despite no sign of "l" in either the man
page or the printf source replacing the "L" with "ll" makes it work correctly
(and yep this is FreeBSD4.1 RELEASE):

ra -r argus.log.test -n | grep man
21 Sep 00 17:13:19  man  pkts  48014  bytes        0  drops 3497815  CON

21 Sep 00 18:13:20  man  pkts  38887  bytes        0  drops 2858226  CON

21 Sep 00 19:13:20  man  pkts  37888  bytes        0  drops 2780003  CON

test2# /usr/local/src/argus-2.0.0g/bin/ra -r argus.log.test -n | grep man
21 Sep 00 17:13:19  man  pkts  48014  bytes  3497815  drops     0  CON

21 Sep 00 18:13:20  man  pkts  38887  bytes  2858226  drops     0  CON

21 Sep 00 19:13:20  man  pkts  37888  bytes  2780003  drops     0  CON

test2#
> 
>     On that gdb, did you compile argus_bpf with the -g
> option?

	Yep -g is in there (although the results don't look like it). I probably
know what this is as well, there is a rogue switch on that segment which has
a negotiation problem (one side half duplex the other side full duplex) which
is generating runt frames (8 to 11 bytes long) and I'll bet thats whats causing
the seg fault. 
	It looks to be in crt0 before main gets called:

(gdb) backtrace
#0  0x2811a3be in bcopy () from /usr/lib/libc.so.4
#1  0x0 in ?? ()
(gdb) l
93       *       parse out the command line options,
94       *       initalize the tasks and then loop.
95       *       Afterwards, it will delete all the tasks and exit();
96       *
97       */
98
99
100     int
101     main (int argc, char *argv[])
102     {
(gdb)

	I hadn't thought to do an "l" to see where it thought it was. From 
the symbol table it does think its in bcopy. I'll try tcpdump tomorrow and
see if I can get a sample that seg faults (and see if it is a fragment).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the argus mailing list