Mac OS X
Peter Van Epp
vanepp at sfu.ca
Thu May 16 16:09:05 EDT 2002
Yep, that should do it. The idea is mostly to have a common source of
data so that we can feed it to a new port and compare the output from the
various argus clients to make sure all ports react the same to the same
input data. Tcpreplay makes it possible (presuming tcpdump format which is
the likely format from ethereal) to start outside the NIC and do a complete
test of an argus port.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
> Hey Peter,
> Great! So back to your suggestion on standard packet
> files and argus output files, there are a bunch of packet
> files on the ethereal site that I've used that have things
> like mpls tags, vlan's etc.... which we all do very well
> with, so we could use those, and provide the argus data
> files, with some explanation. Would that help?
>
> Carter
>
> Carter Bullard
> QoSient, LLC
> 300 E. 56th Street, Suite 18K
> New York, New York 10022
>
> carter at qosient.com
> Phone +1 212 588-9133
> Fax +1 212 588-9134
> http://qosient.com
>
> > -----Original Message-----
> > From: Peter Van Epp [mailto:vanepp at sfu.ca]
> > Sent: Thursday, May 16, 2002 3:40 PM
> > To: carter at qosient.com
> > Subject: Re: Mac OS X
> >
> >
> > Works on all of OS X, FreeBSD, NetBSD, and OpenBSD now.
> > ramon works on OS X and ra gives reasonable results on all the rest.
> >
> > Peter Van Epp / Operations and Technical Support
> > Simon Fraser University, Burnaby, B.C. Canada
> >
> > >
> > > Hey Peter,
> > > That's great. I've incorporated the changes so it
> > > works in all the other ports, so give the newest tar
> > > file a shot.
> > >
> > > ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
> > >
> > > MD5 (argus-2.0.5.tar.gz) = 6c40eeda63255b0cb23520d5d8578e52
> > >
> > > > -----Original Message-----
> > > > From: Peter Van Epp [mailto:vanepp at sfu.ca]
> > > > Sent: Thursday, May 16, 2002 2:11 PM
> > > > To: carter at qosient.com
> > > > Subject: Re: Mac OS X
> > > >
> > > >
> > > > By some miracle OpenBSD is still happy with this with
> > > > the <sys/type.h> change, now on to NetBSD (although I expect
> > > > it will still be happy too if
> > > > OpenBSD is).
> > > >
> > > > Peter Van Epp / Operations and Technical Support
> > > > Simon Fraser University, Burnaby, B.C. Canada
> > > >
> > > > >
> > > > > Just to test, could you check to see that if you
> > include types.h
> > > > > in
> > > > > gencode.c before the in.h does it get better?
> > > > >
> > > > > Carter
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Peter Van Epp [mailto:vanepp at sfu.ca]
> > > > > > Sent: Thursday, May 16, 2002 12:51 PM
> > > > > > To: carter at qosient.com
> > > > > > Subject: Re: Mac OS X
> > > > > >
> > > > > >
> > > > > > Well we are making progress (it dies later now :-)):
> > > > > >
> > > > > > cc -O -I. -I../include -I../../libpcap-0.7.1
> > > > > > -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1 -DHAVE_FCNTL_H=1
> > > > > > -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 -DARGUS_SYSLOG=1
> > > > -c ./gencode.c
> > > > > > /usr/include/netinet/in.h:256: undefined type, found
> > `u_int32_t'
> > > > > > /usr/include/netinet/in.h:311: undefined type, found `u_char'
> > > > > > /usr/include/netinet/in.h:312: undefined type, found `u_char'
> > > > > > /usr/include/netinet/in.h:313: undefined type, found `u_short'
> > > > > > /usr/include/netinet6/in6.h:123: undefined type, found
> > > > > > `u_int8_t'
> > > > > > /usr/include/netinet6/in6.h:124: undefined type,
> > found `u_int16_t'
> > > > > >
> > > > > > It may be most reasonable to just insert a few
> > of (__APPLE__)s
> > > > > > as we have to ...
> > > > > >
> > > > > > Peter Van Epp / Operations and Technical Support
> > > > > > Simon Fraser University, Burnaby, B.C. Canada
> > > > > >
> > > > > > >
> > > > > > > Because compat.h tries to provide defines that the
> > > > system doesn't
> > > > > > > provide, we've got to include compat.h after includes like
> > > > > > > <netinet/in.h>. So I had to move a few <compat.h>
> > and a few
> > > > > > > <netinet/in.h> includes around to get it to work on RH 7.2,
> > > > > > so that's
> > > > > > > where the new issues came in.
> > > > > > >
> > > > > > > But, it seems that by the time it gets to including
> > > > > > > argus_out.h, from argus_parse.h etc .. __OpenBSD__ is
> > > > > > > not defined.
> > > > > > >
> > > > > > > Can we try again?
> > > > > > >
> > > > > > > ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
> > > > > > > MD5 (argus-2.0.5.tar.gz) = 6c5c93c2524f81c0f4901578bfc1e6df
> > > > > > >
> > > > > > >
> > > > > > > > from ../include/argus_out.h:56,
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Peter Van Epp [mailto:vanepp at sfu.ca]
> > > > > > > > Sent: Thursday, May 16, 2002 12:25 PM
> > > > > > > > To: carter at qosient.com
> > > > > > > > Subject: Re: Mac OS X
> > > > > > > >
> > > > > > > >
> > > > > > > > Nope, its still unhappy (unless I was too quick on the
> > > > > > > > draw): This is the MD5 of what I just downloaded:
> > > > > > > >
> > > > > > > > 2: vanepp_fraser% md5 argus-2.0.5.tar.gz
> > > > > > > > MD5 (argus-2.0.5.tar.gz) =
> > 50174ebb236fc55bcbf63846484dc650
> > > > > > > >
> > > > > > > > Peter Van Epp / Operations and Technical Support Simon
> > > > > > > > Fraser University, Burnaby, B.C. Canada
> > > > > > > >
> > > > > > > >
> > > > > > > > [test4:vanepp/src/argus-2.0.5] root# make
> > > > > > > > making in ./common
> > > > > > > > cc -O -I. -I../include -I../../libpcap-0.7.1
> > > > > > > > -DHAVE_SYS_SOCKIO_H=1 -DHAVE_STRING_H=1 -DHAVE_FCNTL_H=1
> > > > > > > > -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1
> > -DARGUS_SYSLOG=1 -c
> > > > > > > > ./argus_parse.c In file included from
> > > > > > > > /usr/include/netinet/if_ether.h:64,
> > > > > > > > from ../include/argus_out.h:56,
> > > > > > > > from ../include/argus_parse.h:52,
> > > > > > > > from ./argus_parse.c:119:
> > > > > > > > /usr/include/net/if_arp.h:100: field `arp_pa' has
> > incomplete
> > > > > > > > type
> > > > > > > > /usr/include/net/if_arp.h:101: field `arp_ha' has
> > incomplete
> > > > > > > > type In file included from ../include/cons_out.h:44,
> > > > > > > > from ../include/argus_util.h:62,
> > > > > > > > from ../include/argus_parse.h:54,
> > > > > > > > from ./argus_parse.c:119:
> > > > > > > >
> > > > > > > >
> > > > > > > > >
> > > > > > > > > OK, so give this new version a try!
> > > > > > > > > Carter
> > > > > > > > >
> > > > > > > > > ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > > -----Original Message-----
> > > > > > > > > > From: Peter Van Epp [mailto:vanepp at sfu.ca]
> > > > > > > > > > Sent: Thursday, May 16, 2002 11:21 AM
> > > > > > > > > > To: carter at qosient.com
> > > > > > > > > > Subject: Re: Mac OS X
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > Close, but no cigar :-) We however have cigar
> > > > > > with these three
> > > > > > > > > > additional patches, it then runs as does ramon
> > > > (now to see
> > > > > > > > > > if
> > > > > > > > > > this has broken any of the other ones ...):
> > > > > > > > > >
> > > > > > > > > > *** include/argus_out.h.orig Thu May 16 07:56:03 2002
> > > > > > > > > > --- include/argus_out.h Thu May 16 07:56:25 2002
> > > > > > > > > > ***************
> > > > > > > > > > *** 43,49 ****
> > > > > > > > > > #ifndef Argus_out_h
> > > > > > > > > > #define Argus_out_h
> > > > > > > > > >
> > > > > > > > > > ! #if defined(HAVE_SOLARIS) || (__FreeBSD__) ||
> > > > (__NetBSD__)
> > > > > > > > > > || (__OpenBSD__)
> > > > > > > > > > #include <sys/types.h>
> > > > > > > > > > #include <sys/socket.h>
> > > > > > > > > > #if !defined(_NET_IF_H_)
> > > > > > > > > > --- 43,49 ----
> > > > > > > > > > #ifndef Argus_out_h
> > > > > > > > > > #define Argus_out_h
> > > > > > > > > >
> > > > > > > > > > ! #if defined(HAVE_SOLARIS) || defined (__FreeBSD__)
> > > > > > || defined
> > > > > > > > > > (__NetBSD__) || defined (__OpenBSD__)
> > > > > > > > > > #include <sys/types.h>
> > > > > > > > > > #include <sys/socket.h>
> > > > > > > > > > #if !defined(_NET_IF_H_)
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > *** include/compat.h.orig Thu May 16 08:05:02 2002
> > > > > > > > > > --- include/compat.h Thu May 16 08:06:33 2002
> > > > > > > > > > ***************
> > > > > > > > > > *** 263,269 ****
> > > > > > > > > > #endif
> > > > > > > > > > #endif
> > > > > > > > > >
> > > > > > > > > > ! #if !defined(__OpenBSD__)
> > > > > > > > > > #ifndef ETHERTYPE_MPLS
> > > > > > > > > > #define ETHERTYPE_MPLS 0x8847
> > > > > > > > > > #endif
> > > > > > > > > > --- 263,269 ----
> > > > > > > > > > #endif
> > > > > > > > > > #endif
> > > > > > > > > >
> > > > > > > > > > ! #if !defined(__OpenBSD__) || defined(__APPLE_CC__)
> > > > > > > > > > #ifndef ETHERTYPE_MPLS
> > > > > > > > > > #define ETHERTYPE_MPLS 0x8847
> > > > > > > > > > #endif
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > *** common/gencode.c.orig Thu May 16 07:58:36 2002
> > > > > > > > > > --- common/gencode.c Thu May 16 08:00:33 2002
> > > > > > > > > > ***************
> > > > > > > > > > *** 39,46 ****
> > > > > > > > > > * MERCHANTABILITY AND FITNESS FOR A
> > PARTICULAR PURPOSE.
> > > > > > > > > > */
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > ! #if defined(HAVE_SOLARIS) || (__FreeBSD__) ||
> > > > (__NetBSD__)
> > > > > > > > > > || (__OpenBSD__)
> > > > > > > > > > #include <sys/types.h>
> > > > > > > > > > #include <sys/socket.h>
> > > > > > > > > > #endif
> > > > > > > > > > --- 39,47 ----
> > > > > > > > > > * MERCHANTABILITY AND FITNESS FOR A
> > PARTICULAR PURPOSE.
> > > > > > > > > > */
> > > > > > > > > >
> > > > > > > > > > + #include <compat.h>
> > > > > > > > > >
> > > > > > > > > > ! #if defined(HAVE_SOLARIS) || defined(__FreeBSD__) ||
> > > > > > > > > > defined(__NetBSD__) || defined(__OpenBSD__)
> > > > > > > > > > #include <sys/types.h>
> > > > > > > > > > #include <sys/socket.h>
> > > > > > > > > > #endif
> > > > > > > > > > ***************
> > > > > > > > > > *** 58,64 ****
> > > > > > > > > > #include <stdlib.h>
> > > > > > > > > > #include <syslog.h>
> > > > > > > > > >
> > > > > > > > > > - #include <compat.h>
> > > > > > > > > > #include <net/bpf.h>
> > > > > > > > > >
> > > > > > > > > > #include <argus_out.h>
> > > > > > > > > > --- 59,64 ----
> > > > > > > > > >
> > > > > > > > > > Peter Van Epp / Operations and Technical Support Simon
> > > > > > > > > > Fraser University, Burnaby, B.C. Canada
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Hey Peter,
> > > > > > > > > > > I've made some changes for Mac OS X, by placing
> > > > > > the define
> > > > > > > > > > > in compat.h and moving that around, and the
> > > > special case
> > > > > > > > > > > for
> > > > > > > > > > "0.0.0.0".
> > > > > > > > > > > Could you give that a test drive?
> > > > > > > > > > >
> > > > > > > > > > > ftp://qosient.com/dev/argus-2.0/argus-2.0.5.tar.gz
> > > > > > > > > > >
> > > > > > > > > > > Carter
> > > > > > > > > > >
> > > > > > > > > > > Carter Bullard
> > > > > > > > > > > QoSient, LLC
> > > > > > > > > > > 300 E. 56th Street, Suite 18K
> > > > > > > > > > > New York, New York 10022
> > > > > > > > > > >
> > > > > > > > > > > carter at qosient.com
> > > > > > > > > > > Phone +1 212 588-9133
> > > > > > > > > > > Fax +1 212 588-9134
> > > > > > > > > > > http://qosient.com
> > > > > > > > > > >
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Peter Van Epp [mailto:vanepp at sfu.ca]
> > > > > > > > > > > > Sent: Thursday, May 16, 2002 10:33 AM
> > > > > > > > > > > > To: carter at qosient.com
> > > > > > > > > > > > Subject: Re: Mac OS X
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > Yes that seems to be it. It is happy with
> > > > > > > > 255.255.255.255 but
> > > > > > > > > > > > not 0.0.0.0 for some reason (I forget to look
> > > > at errno
> > > > > > > > > > > > to
> > > > > > > > > > > > see
> > > > > > > > > > > > what it was unhappy about).
> > > > > > > > > > > >
> > > > > > > > > > > > Peter Van Epp / Operations and Technical Support
> > > > > > > > > > > > Simon Fraser University, Burnaby, B.C. Canada
> > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > Hey Peter,
> > > > > > > > > > > > > Well, we can special case it. We're
> > > > just doing the
> > > > > > > > > > > > > gethostbyname() in case the config passed a host
> > > > > > > > name instead
> > > > > > > > > > > > > of an address. If this the essence of the
> > > > > > > > > > > > > problem?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Carter
> > > > > > > > > > > > >
> > > > > > > > > > > > > Carter Bullard
> > > > > > > > > > > > > QoSient, LLC
> > > > > > > > > > > > > 300 E. 56th Street, Suite 18K
> > > > > > > > > > > > > New York, New York 10022
> > > > > > > > > > > > >
> > > > > > > > > > > > > carter at qosient.com
> > > > > > > > > > > > > Phone +1 212 588-9133
> > > > > > > > > > > > > Fax +1 212 588-9134
> > > > > > > > > > > > > http://qosient.com
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > > > From: owner-argus-info at lists.andrew.cmu.edu
> > > > > > > > > > > > > >
> > [mailto:owner-argus-info at lists.andrew.cmu.edu]
> > > > > > > > > > > > > > On
> > > > > > > > Behalf Of
> > > > > > > > > > > > > > Peter Van Epp
> > > > > > > > > > > > > > Sent: Tuesday, May 14, 2002 11:59 AM
> > > > > > > > > > > > > > To: argus
> > > > > > > > > > > > > > Subject: Mac OS X
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > It appears OS X is unhappy
> > about looking up
> > > > > > > > > > 0.0.0.0 with
> > > > > > > > > > > > > > gethostbyname. What we do about it I'm
> > > > not sure ...
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > OS X:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > 1685 if ((alist =
> > argus_nametoaddr(str))
> > > > > > > > != NULL) {
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > argus_nametoaddr (name=0xbfffe71b
> > "0.0.0.0") at
> > > > > > > > > > > > ./argus_filter.c:4476
> > > > > > > > > > > > > > 4476 if ((hp = gethostbyname(name))
> > > > != NULL) {
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 4488 return 0;
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 4489 }
> > > > > > > > > > > > > > (gdb) print hp
> > > > > > > > > > > > > > $7 = (struct hostent *) 0x0
> > > > > > > > > > > > > > (gdb) s
> > > > > > > > > > > > > > RaParseCIDRAddr (str=0xbfffe71b "0.0.0.0") at
> > > > > > > > ./ramon.c:1698
> > > > > > > > > > > > > > 1698 error++;
> > > > > > > > > > > > > > 1685 if ((alist =
> > argus_nametoaddr(str))
> > > > > > > > != NULL) {
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > argus_nametoaddr (name=0xbfffe71b
> > "0.0.0.0") at
> > > > > > > > > > > > ./argus_filter.c:4476
> > > > > > > > > > > > > > 4476 if ((hp = gethostbyname(name))
> > > > != NULL) {
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 4488 return 0;
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 4489 }
> > > > > > > > > > > > > > (gdb) print hp
> > > > > > > > > > > > > > $7 = (struct hostent *) 0x0
> > > > > > > > > > > > > > (gdb) s
> > > > > > > > > > > > > > RaParseCIDRAddr (str=0xbfffe71b "0.0.0.0") at
> > > > > > > > ./ramon.c:1698
> > > > > > > > > > > > > > 1698 error++;
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > FreeBSD:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > 1679 if ((ptr = strchr (str,
> > > > > > '/')) != NULL) {
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 1685 if ((alist =
> > argus_nametoaddr(str))
> > > > > > > > != NULL) {
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > argus_nametoaddr (name=0xbfbfe8af
> > > > > > "255.255.255.255") at
> > > > > > > > > > > > > > ./argus_filter.c:4476
> > > > > > > > > > > > > > 4476 if ((hp = gethostbyname(name))
> > > > != NULL) {
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 4482 for (p = (unsigned int
> > > > > > > > > > **)hp->h_addr_list; *p; ++p)
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 4483 NTOHL(**p);
> > > > > > > > > > > > > > (gdb)
> > > > > > > > > > > > > > 4482 for (p = (unsigned int
> > > > > > > > > > **)hp->h_addr_list; *p; ++p)
> > > > > > > > > > > > > > (gdb) print hp
> > > > > > > > > > > > > > $1 = (struct hostent *) 0x281340b0
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > Peter Van Epp / Operations and
> > Technical Support
> > > > > > > > > > > > > > Simon Fraser University, Burnaby, B.C. Canada
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
>
>
>
More information about the argus
mailing list