argus-2.0.6.beta.11.tar.gz

Carter Bullard carter at qosient.com
Wed Jul 16 14:28:48 EDT 2003 

Gentle people,
    A new version of argus is on the server in need
of testing.  This attempts to solve a few problems with
the Apple and other *BSD ports, specifically to get
the include files right and to solve a problem with
filter parsing.

ftp://qosient.com/dev/argus-2.0/argus-2.0.6.beta.11.tar.gz

This compiles and seems to run well on RH7.x and 
Solaris.  Please give this a test if you've got some time.
Thanks in advance,

Carter



> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu 
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of 
> Peter Van Epp
> Sent: Wednesday, July 16, 2003 11:26 AM
> To: argus-info at lists.andrew.cmu.edu
> Subject: Re: Capture Filter Not Working
> 
> 
> 	While Carter will know for sure, I have some 
> recollection that this
> is why we are working on 2.0.6, I think someone else already 
> found this 
> problem. I don't filter anything on my link so I didn't run 
> in to it (and 
> didn't test for it when checking the various BSDs on 2.0.5 either).
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 
> On Tue, Jul 15, 2003 at 11:59:47PM -0500, Eric wrote:
> > On Tue, 2003-07-15 at 18:57:02 -0700, Peter Van Epp proclaimed...
> > 
> > > 	Actually I'd recommend argus-2.0.6.beta.9.tar.gz and 
> > > argus-clients-2.0.6.beta.40.tar.gz at the moment. Beta.10 
> and beta.41 have some
> > > issues on the BSDs at the moment (although they should be 
> clear soon we hope,
> > > because they have been identified this afternoon).
> > 
> > I ended up upgrading to 2.0.6b9
> > 
> > Seems like the issue is working now (being able to filter out
> > packets). So basically, under FreeBSD 5.1 and OpenBSD 3.3, the
> > ARGUS_PACKET_FILTER, and any other command line filtering, appears
> > to be broken. I think this was true for Linux 2.4.x as well (a
> > reason we moved to FreeBSD -- besides the political reasons).
> > 
> > Should I issue a bug report through argusbug or is this good
> > enough?
> > 
> > > 	I assume you already know that you should sysctl the 
> BPF buffer as 
> > > large as it will go (32K if I remember the code 
> correctly) to avoid packet
> > > loss in bpf. This will show up as lost packets in the man 
> lines in the 
> > > argus output (that is being reported by libpcap from 
> bpf.c in the kernel).
> > > On OpenBsd you may also want to check that the bpf patch 
> thats in FreeBSD
> > > has migrated across, otherwise you can lose partial 
> buffers on shutdown.
> > 
> > Thanks. :)
> > 
> > > 	Carter also commented some time ago that dual interfaces take a 
> > > performance penalty in select. I'm in the process of 
> moving from FreeBSD to
> > > Linux (partly because FreeBsd has trouble on my dual 
> Athelon box for the 
> > > Gig links) and using George Becker's channel bonding 
> interface to bind two
> > > interfaces in to a singe interface to bpf. Haven't yet 
> gotten to performance
> > > testing it however.
> > 
> > Lemme know how this goes; is there an archive of tihs list
> > somewhere to poke around?
> > 
> > Thanks.
> > 
> > - Eric
>

More information about the argus mailing list