argus-2.0.6.beta.12.tar.gz
Carter Bullard
carter at qosient.com
Wed Jul 16 15:59:03 EDT 2003
Gentle people,
So testing does work ;) There is a better version
of argus on the server, that has survived some testing.
ftp://qosient.com/dev/argus-2.0/argus-2.0.6.beta.12.tar.gz
Please download this and give it a try!!! It fixes an
include file type collision cause by pcap.h from
newer libpcap distributions. I've moved all other versions
to the archive directory, to remove any confusion.
Thanks!!!
Carter
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> Carter Bullard
> Sent: Wednesday, July 16, 2003 2:29 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: argus-2.0.6.beta.11.tar.gz
>
>
> Gentle people,
> A new version of argus is on the server in need
> of testing. This attempts to solve a few problems with
> the Apple and other *BSD ports, specifically to get
> the include files right and to solve a problem with
> filter parsing.
>
> ftp://qosient.com/dev/argus-2.0/argus-2.0.6.beta.11.tar.gz
>
> This compiles and seems to run well on RH7.x and
> Solaris. Please give this a test if you've got some time.
> Thanks in advance,
>
> Carter
>
>
>
> > -----Original Message-----
> > From: owner-argus-info at lists.andrew.cmu.edu
> > [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of
> > Peter Van Epp
> > Sent: Wednesday, July 16, 2003 11:26 AM
> > To: argus-info at lists.andrew.cmu.edu
> > Subject: Re: Capture Filter Not Working
> >
> >
> > While Carter will know for sure, I have some
> > recollection that this
> > is why we are working on 2.0.6, I think someone else already
> > found this
> > problem. I don't filter anything on my link so I didn't run
> > in to it (and
> > didn't test for it when checking the various BSDs on 2.0.5 either).
> >
> > Peter Van Epp / Operations and Technical Support
> > Simon Fraser University, Burnaby, B.C. Canada
> >
> > On Tue, Jul 15, 2003 at 11:59:47PM -0500, Eric wrote:
> > > On Tue, 2003-07-15 at 18:57:02 -0700, Peter Van Epp proclaimed...
> > >
> > > > Actually I'd recommend argus-2.0.6.beta.9.tar.gz and
> > > > argus-clients-2.0.6.beta.40.tar.gz at the moment. Beta.10
> > and beta.41 have some
> > > > issues on the BSDs at the moment (although they should be
> > clear soon we hope,
> > > > because they have been identified this afternoon).
> > >
> > > I ended up upgrading to 2.0.6b9
> > >
> > > Seems like the issue is working now (being able to filter out
> > > packets). So basically, under FreeBSD 5.1 and OpenBSD 3.3, the
> > > ARGUS_PACKET_FILTER, and any other command line filtering, appears
> > > to be broken. I think this was true for Linux 2.4.x as well (a
> > > reason we moved to FreeBSD -- besides the political reasons).
> > >
> > > Should I issue a bug report through argusbug or is this good
> > > enough?
> > >
> > > > I assume you already know that you should sysctl the
> > BPF buffer as
> > > > large as it will go (32K if I remember the code
> > correctly) to avoid packet
> > > > loss in bpf. This will show up as lost packets in the man
> > lines in the
> > > > argus output (that is being reported by libpcap from
> > bpf.c in the kernel).
> > > > On OpenBsd you may also want to check that the bpf patch
> > thats in FreeBSD
> > > > has migrated across, otherwise you can lose partial
> > buffers on shutdown.
> > >
> > > Thanks. :)
> > >
> > > > Carter also commented some time ago that dual
> interfaces take a
> > > > performance penalty in select. I'm in the process of
> > moving from FreeBSD to
> > > > Linux (partly because FreeBsd has trouble on my dual
> > Athelon box for the
> > > > Gig links) and using George Becker's channel bonding
> > interface to bind two
> > > > interfaces in to a singe interface to bpf. Haven't yet
> > gotten to performance
> > > > testing it however.
> > >
> > > Lemme know how this goes; is there an archive of tihs list
> > > somewhere to poke around?
> > >
> > > Thanks.
> > >
> > > - Eric
> >
>
>
>
More information about the argus
mailing list