ra looping problem still in Beta 8 on FreeBSD

Sat Mar 3 19:30:43 EST 2001

Hey Russell,
   Hmmm, EAGAIN on a read() should mean that O_NONBLOCK
is set and there was no data to read.  Now we shouldn't
have gotten here, because we aren't using non blocking
IO.  Also the select() should not have indicated that there
was anything there to read, when there wasn't.  So I'm
thinking that there must be a really wierd problem.

   I would suspect that we should be able to exit if
we get an EAGAIN, as its just not suppose to happen.
I'll have to test this.

   Is your ra() the process using up a lot of memory?
If so we definately need to fix that.

Carter

> -----Original Message-----
> From: owner-argus at lists.andrew.cmu.edu
> [mailto:owner-argus at lists.andrew.cmu.edu]On Behalf Of Russell Fulton
> Sent: Saturday, March 03, 2001 6:15 PM
> To: Argus (E-mail)
> Subject: ra looping problem still in Beta 8 on FreeBSD
> 
> 
> 
> The problem I reported with ra looping is still present in 
> beta 8.  It 
> is intermittent and *not* dependent  the file read by -r.  I stronly 
> suspect that the problem is triggered runing out of memory.  The 
> problem has surfaced since I started analysing utp traffic in my 
> overnight slow scan detector. 
> 
> I have attached gdb to an ra process that has been running from many 
> hours (top shows that free memory is around 3MB of 128MB).
> 
> 
> Breakpoint 1, ArgusReadStreamSocket (input=0x8141000) at 
> ./argus_parse.c:1394
> 1394    {
> (gdb) n
> 1395       int retn = 0, fd = input->fd, cnt = 0;
> (gdb)  
> 1402       if ((cnt = read (fd, input->ArgusReadPtr + 
> input->ArgusReadSocketCnt,
> (gdb) 
> 1448          if (!((errno == EAGAIN) || (errno == EINTR))) {
> (gdb) p cnt
> $3 = 0
> (gdb) p errno
> $4 = 35
> (gdb) n
> 1464       return (retn);
> (gdb) n
> ArgusReadStream () at ./argus_parse.c:1619
> 1619                for (i = 0; i < ARGUS_MAX_REMOTE_CONN; i++) {
> (gdb) l
> 1614       ArgusDebug (4, "ArgusReadStream() starting\n");
> 1615    #endif
> 1616       
> 1617          for (;;) {
> 1618             if ((retn = select (width, &readmask, NULL, 
> NULL, &wait)) >= 0) {
> 1619                for (i = 0; i < ARGUS_MAX_REMOTE_CONN; i++) {
> 1620                   if ((input = ArgusRemoteFDs[i]) != NULL) {
> 1621                      if (FD_ISSET (input->fd, &readmask)) {
> 1622                         ArgusInput = input;
> 1623                         if (input->status & ARGUS_DATA_SOURCE) {
> 
> It seems to be stuck with the read always returning 0 and 
> errno EAGAIN!
> 
> Perhaps we need a counter in the loop and quit with an error 
> if we get 
> EAGAIN more than some number of time in a row?
> 
> Could this be a FreeBSD problem where read fails when memory 
> is low.  I 
> have another identical box with Debian linux installed on it.  I will 
> try moving everything on it it next week and see if we have the same 
> problem.
> 
> One thing that makes me suspect that this is a memory problem is that 
> the job ran happily for a couple of days after I deleted the history 
> file where it keeps up to 7 days worth of history.  This drastically 
> reduces the amount of memory needed to run.
> 
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland,  New Zealand
> 
> 