[ARGUS] argus-2.0.6.fixes.1/FreeBSD-4.10 <=> argus-clients-2.0.6.fixes.1/FC2
Peter Van Epp
vanepp at sfu.ca
Fri Aug 13 14:23:29 EDT 2004
On Fri, Aug 13, 2004 at 08:51:10AM -0700, Joe Christy wrote:
> Vis-a-vis Peter's note of 08/12/2004 05:53 PM:
> >On Tue, Aug 10, 2004 at 09:56:38PM -0700, Joe Christy wrote:
> >
> >>... I've now devoted another 8 hours to hammering on
> >>(non-)interoperability and temporarily run out of ideas.
> >>
>
> Sorry to be so silent - as a consultant whose laptop died on Tuesday
> taking all my (providentiually backed-up) business records and sw with
> it, I've been highly distracted in the moments I've not been building
> firewalls & dealing w/ customer's email routing issues or maintaining
> Activities of Daily Life.
>
Not a problem, real life (TM) catches up with us all at some point :-).
Well another idea shot down in flames, it doesn't appear to be the 2.6
kernel. This must be a RedHatism :-):
vanepp at blowfish:~/argus-clients-2.0.6.fixes.1/bin> dmesg
Linux version 2.6.5-7.95-bigsmp (geeko at buildhost) (gcc version 3.3.3 (SuSE Linux)) #1 SMP Thu Jul 1 15:23:45 UTC 2004
BIOS-provided physical RAM map:
I believe this one is a dual Xeon box again running SUSE. 142.58.1.233
is FreeBSD 4.10 and looks to work fine (I believe your problem is from
FreeBSD as the sensor to an ra client on Linux like this correct?):
vanepp at blowfish:~/argus-clients-2.0.6.fixes.1/bin> ./ra -S 142.58.1.233 -c -nn
12 Aug 04 12:13:13 man 229.97.122.203 v2.0 1 0 0 0 0 0 STA
13 Aug 04 11:10:34 udp 142.58.1.233.1976 <-> 142.58.103.1.53 1 1 84 233 CON
13 Aug 04 11:10:34 udp 142.58.1.233.4451 <-> 142.58.103.1.53 1 1 79 172 CON
13 Aug 04 11:09:38 udp 142.58.1.112.631 -> 142.58.1.255.631 8 0 1296 0 INT
13 Aug 04 11:09:39 0 0:b:db:7a:68:9b 0x0 -> ff:ff:ff:ff:ff: 0x0 8 0 480 0 INT
13 Aug 04 11:09:39 2054 142.58.1.234 who-has 142.58.1.233 1 1 60 60 CON
13 Aug 04 11:09:39 tcp 142.58.1.234.55337 -> 142.58.1.233.22 63 72 7156 11152 CON
13 Aug 04 11:09:40 2054 142.58.1.254 who-has 142.58.1.233 1 1 60 60 CON
I'll try and get time to poke at the opteron core 2 box later and see
if I can reproduce the problem there. This is the debug log from the fedora
box last night which I'm assuming is 64 bit issues because the man record
is entirely bogus, note the version: 255 and otherwise 0:
./ra -S142.58.1.236:22 -c -nn -D 20
ra[9422]: 12 Aug 04 16:02:27 ArgusFilterCompile () waiting for filter process 94
23 on pipe 3
ra[9423]: 12 Aug 04 16:02:27 ArgusFilterCompile () returning
ra[9422]: 12 Aug 04 16:02:27 ArgusFilterCompile () read filter length 1
ra[9422]: 12 Aug 04 16:02:27 ArgusFilterCompile () read filter body 8
ra[9422]: 12 Aug 04 16:02:27 ArgusFilterCompile () returning 0
ra[9422]: 12 Aug 04 16:02:27 Trying test6.ucs.sfu.ca port 22 Expecting Argus rec
ords
ra[9422]: 12 Aug 04 16:02:27 connected
ra[9422]: 12 Aug 04 16:02:27 ArgusGetServerSocket (0x6b58f4) returning 3
ra[9422]: 12 Aug 04 16:02:28 ArgusReadConnection() read 16 bytes
ra[9422]: 12 Aug 04 16:02:28 ArgusReadConnection() ARGUS_START Mar.
ra[9422]: 12 Aug 04 16:02:28 ArgusNtoH (0xbffff440) returning.
ra[9422]: 12 Aug 04 16:02:28 ArgusHtoN (0xbffff440) returning.
ra[9422]: 12 Aug 04 16:02:28 ArgusGenerateCanonicalRecord (0xbffff440, 0x53bce0)
returning
ra[9422]: 12 Aug 04 16:02:28 ArgusNtoH (0xbffee300) returning.
12 Aug 04 15:59:41 man 0.0.0.0 v255 0 0
0 0 0 0 STA
ra[9422]: 12 Aug 04 16:02:28 ArgusHandleDatum (0xbffff440, 0x53ce70) returning 0
ra[9422]: 12 Aug 04 16:02:28 ArgusNtoH (0xbffff440) returning.
ra[9422]: 12 Aug 04 16:02:28 ArgusCalloc (1, 4096) returning 0x6b8a34
ra[9422]: 12 Aug 04 16:02:28 ArgusCalloc (1, 4096) returning 0x6b9a44
ra[9422]: 12 Aug 04 16:02:28 ArgusParseInit (0x6b58f4) returning
ra[9422]: 12 Aug 04 16:02:28 ArgusReadConnection() returning 3
ra[9422]: 12 Aug 04 16:02:28 ArgusReadStream() starting
ra[9422]: 12 Aug 04 16:02:28 ArgusReadStreamSocket (0x6b58f4) starting
ra[9422]: 12 Aug 04 16:02:28 ArgusReadStreamSocket (0x6b58f4) read returned 0
ra[9422]: 12 Aug 04 16:02:28 ArgusReadStreamSocket (0x6b58f4) returning 1
ra[9422]: 12 Aug 04 16:02:28 ArgusWriteConnection: write(3, 0x4248d8, 6)
ra[9422]: 12 Aug 04 16:02:28 ArgusWriteConnection(0x6b58f4, 0x4248d8, 6) returni
ng 6
ra[9422]: 12 Aug 04 16:02:28 ArgusFree (0x6b8a34) returning
ra[9422]: 12 Aug 04 16:02:28 ArgusFree (0x6b9a44) returning
ra[9422]: 12 Aug 04 16:02:28 ArgusCloseInput(0x6b58f4) done
ra[9422]: 12 Aug 04 16:02:28 ArgusReadStream() returning
ra[9422]: 12 Aug 04 16:02:28 ArgusShutDown (0)
[vanepp at node1 bin]$ !!
./ra -S142.58.1.236:22 -c -nn -D 20
ra[9561]: 12 Aug 04 16:07:10 ArgusFilterCompile () waiting for filter process 95
62 on pipe 3
ra[9562]: 12 Aug 04 16:07:10 ArgusFilterCompile () returning
ra[9561]: 12 Aug 04 16:07:10 ArgusFilterCompile () read filter length 1
ra[9561]: 12 Aug 04 16:07:10 ArgusFilterCompile () read filter body 8
ra[9561]: 12 Aug 04 16:07:10 ArgusFilterCompile () returning 0
ra[9561]: 12 Aug 04 16:07:10 Trying test6.ucs.sfu.ca port 22 Expecting Argus rec
ords
ra[9561]: 12 Aug 04 16:07:10 connected
ra[9561]: 12 Aug 04 16:07:10 ArgusGetServerSocket (0x6b58f4) returning 3
ra[9561]: 12 Aug 04 16:07:10 ArgusReadConnection() read 16 bytes
ra[9561]: 12 Aug 04 16:07:10 ArgusReadConnection() ARGUS_START Mar.
ra[9561]: 12 Aug 04 16:07:10 ArgusNtoH (0xbffff440) returning.
ra[9561]: 12 Aug 04 16:07:10 ArgusHtoN (0xbffff440) returning.
ra[9561]: 12 Aug 04 16:07:10 ArgusGenerateCanonicalRecord (0xbffff440, 0x53bce0)
returning
ra[9561]: 12 Aug 04 16:07:10 ArgusNtoH (0xbffee300) returning.
12 Aug 04 16:07:04 man 0.0.0.0 v255 0 0
0 0 0 0 STA
ra[9561]: 12 Aug 04 16:07:10 ArgusHandleDatum (0xbffff440, 0x53ce70) returning 0
ra[9561]: 12 Aug 04 16:07:10 ArgusNtoH (0xbffff440) returning.
ra[9561]: 12 Aug 04 16:07:10 ArgusCalloc (1, 4096) returning 0x6b8a34
ra[9561]: 12 Aug 04 16:07:10 ArgusCalloc (1, 4096) returning 0x6b9a44
ra[9561]: 12 Aug 04 16:07:10 ArgusParseInit (0x6b58f4) returning
ra[9561]: 12 Aug 04 16:07:10 ArgusReadConnection() returning 3
ra[9561]: 12 Aug 04 16:07:10 ArgusReadStream() starting
ra[9561]: 12 Aug 04 16:07:11 ArgusClientTimeout()
ra[9561]: 12 Aug 04 16:07:12 ArgusClientTimeout()
ra[9561]: 12 Aug 04 16:07:13 ArgusClientTimeout()
ArgusWarning: ra[9561]: ArgusReadStream test6.ucs.sfu.ca: idle stream: closing
ra[9561]: 12 Aug 04 16:07:14 ArgusWriteConnection: write(3, 0x4248d8, 6)
ra[9561]: 12 Aug 04 16:07:14 ArgusWriteConnection(0x6b58f4, 0x4248d8, 6) returni
ng 6
ra[9561]: 12 Aug 04 16:07:14 ArgusFree (0x6b8a34) returning
ra[9561]: 12 Aug 04 16:07:14 ArgusFree (0x6b9a44) returning
ra[9561]: 12 Aug 04 16:07:14 ArgusCloseInput(0x6b58f4) done
ra[9561]: 12 Aug 04 16:07:14 ArgusReadStream() returning
ra[9561]: 12 Aug 04 16:07:14 ArgusShutDown (0)
[vanepp at node1 bin]$ !!
./ra -S142.58.1.236:22 -c -nn -D 20
ra[9568]: 12 Aug 04 16:07:20 ArgusFilterCompile () waiting for filter process 95
69 on pipe 3
ra[9569]: 12 Aug 04 16:07:20 ArgusFilterCompile () returning
ra[9568]: 12 Aug 04 16:07:20 ArgusFilterCompile () read filter length 1
ra[9568]: 12 Aug 04 16:07:20 ArgusFilterCompile () read filter body 8
ra[9568]: 12 Aug 04 16:07:20 ArgusFilterCompile () returning 0
ra[9568]: 12 Aug 04 16:07:20 Trying test6.ucs.sfu.ca port 22 Expecting Argus rec
ords
ra[9568]: 12 Aug 04 16:07:20 connected
ra[9568]: 12 Aug 04 16:07:20 ArgusGetServerSocket (0x6b58f4) returning 3
ra[9568]: 12 Aug 04 16:07:20 ArgusReadConnection() read 16 bytes
ra[9568]: 12 Aug 04 16:07:20 ArgusReadConnection() ARGUS_START Mar.
ra[9568]: 12 Aug 04 16:07:20 ArgusNtoH (0xbffff440) returning.
ra[9568]: 12 Aug 04 16:07:20 ArgusHtoN (0xbffff440) returning.
ra[9568]: 12 Aug 04 16:07:20 ArgusGenerateCanonicalRecord (0xbffff440, 0x53bce0)
returning
ra[9568]: 12 Aug 04 16:07:20 ArgusNtoH (0xbffee300) returning.
12 Aug 04 16:07:04 man 0.0.0.0 v255 0 0
0 0 0 0 STA
ra[9568]: 12 Aug 04 16:07:20 ArgusHandleDatum (0xbffff440, 0x53ce70) returning 0
ra[9568]: 12 Aug 04 16:07:20 ArgusNtoH (0xbffff440) returning.
ra[9568]: 12 Aug 04 16:07:20 ArgusCalloc (1, 4096) returning 0x6b8a34
ra[9568]: 12 Aug 04 16:07:20 ArgusCalloc (1, 4096) returning 0x6b9a44
ra[9568]: 12 Aug 04 16:07:20 ArgusParseInit (0x6b58f4) returning
ra[9568]: 12 Aug 04 16:07:20 ArgusReadConnection() returning 3
ra[9568]: 12 Aug 04 16:07:20 ArgusReadStream() starting
ra[9568]: 12 Aug 04 16:07:21 ArgusReadStreamSocket (0x6b58f4) starting
ra[9568]: 12 Aug 04 16:07:21 ArgusReadStreamSocket (0x6b58f4) read returned 0
ra[9568]: 12 Aug 04 16:07:21 ArgusReadStreamSocket (0x6b58f4) returning 1
ra[9568]: 12 Aug 04 16:07:21 ArgusWriteConnection: write(3, 0x4248d8, 6)
ra[9568]: 12 Aug 04 16:07:21 ArgusWriteConnection(0x6b58f4, 0x4248d8, 6) returni
ng 6
ra[9568]: 12 Aug 04 16:07:21 ArgusFree (0x6b8a34) returning
ra[9568]: 12 Aug 04 16:07:21 ArgusFree (0x6b9a44) returning
ra[9568]: 12 Aug 04 16:07:21 ArgusCloseInput(0x6b58f4) done
ra[9568]: 12 Aug 04 16:07:21 ArgusReadStream() returning
ra[9568]: 12 Aug 04 16:07:21 ArgusShutDown (0)
[vanepp at node1 bin]$ !!
./ra -S142.58.1.236:22 -c -nn -D 20
ra[9573]: 12 Aug 04 16:07:24 ArgusFilterCompile () waiting for filter process 95
74 on pipe 3
ra[9574]: 12 Aug 04 16:07:24 ArgusFilterCompile () returning
ra[9573]: 12 Aug 04 16:07:24 ArgusFilterCompile () read filter length 1
ra[9573]: 12 Aug 04 16:07:24 ArgusFilterCompile () read filter body 8
ra[9573]: 12 Aug 04 16:07:24 ArgusFilterCompile () returning 0
ra[9573]: 12 Aug 04 16:07:24 Trying test6.ucs.sfu.ca port 22 Expecting Argus rec
ords
ra[9573]: 12 Aug 04 16:07:24 connected
ra[9573]: 12 Aug 04 16:07:24 ArgusGetServerSocket (0x6b58f4) returning 3
ra[9573]: 12 Aug 04 16:07:24 ArgusReadConnection() read 16 bytes
ra[9573]: 12 Aug 04 16:07:24 ArgusReadConnection() ARGUS_START Mar.
ra[9573]: 12 Aug 04 16:07:24 ArgusNtoH (0xbffff440) returning.
ra[9573]: 12 Aug 04 16:07:24 ArgusHtoN (0xbffff440) returning.
ra[9573]: 12 Aug 04 16:07:24 ArgusGenerateCanonicalRecord (0xbffff440, 0x53bce0)
returning
ra[9573]: 12 Aug 04 16:07:24 ArgusNtoH (0xbffee300) returning.
12 Aug 04 16:07:04 man 0.0.0.0 v255 0 0
0 0 0 0 STA
ra[9573]: 12 Aug 04 16:07:24 ArgusHandleDatum (0xbffff440, 0x53ce70) returning 0
ra[9573]: 12 Aug 04 16:07:24 ArgusNtoH (0xbffff440) returning.
ra[9573]: 12 Aug 04 16:07:24 ArgusCalloc (1, 4096) returning 0x6b8a34
ra[9573]: 12 Aug 04 16:07:24 ArgusCalloc (1, 4096) returning 0x6b9a44
ra[9573]: 12 Aug 04 16:07:24 ArgusParseInit (0x6b58f4) returning
ra[9573]: 12 Aug 04 16:07:24 ArgusReadConnection() returning 3
ra[9573]: 12 Aug 04 16:07:24 ArgusReadStream() starting
ra[9573]: 12 Aug 04 16:07:25 ArgusReadStreamSocket (0x6b58f4) starting
ra[9573]: 12 Aug 04 16:07:25 ArgusReadStreamSocket (0x6b58f4) read returned 0
ra[9573]: 12 Aug 04 16:07:25 ArgusReadStreamSocket (0x6b58f4) returning 1
ra[9573]: 12 Aug 04 16:07:25 ArgusWriteConnection: write(3, 0x4248d8, 6)
ra[9573]: 12 Aug 04 16:07:25 ArgusWriteConnection(0x6b58f4, 0x4248d8, 6) returni
ng 6
ra[9573]: 12 Aug 04 16:07:25 ArgusFree (0x6b8a34) returning
ra[9573]: 12 Aug 04 16:07:25 ArgusFree (0x6b9a44) returning
ra[9573]: 12 Aug 04 16:07:25 ArgusCloseInput(0x6b58f4) done
ra[9573]: 12 Aug 04 16:07:25 ArgusReadStream() returning
ra[9573]: 12 Aug 04 16:07:25 ArgusShutDown (0)
[vanepp at node1 bin]$ !!
./ra -S142.58.1.236:22 -c -nn -D 20
ra[9577]: 12 Aug 04 16:07:27 ArgusFilterCompile () waiting for filter process 95
78 on pipe 3
ra[9578]: 12 Aug 04 16:07:27 ArgusFilterCompile () returning
ra[9577]: 12 Aug 04 16:07:27 ArgusFilterCompile () read filter length 1
ra[9577]: 12 Aug 04 16:07:27 ArgusFilterCompile () read filter body 8
ra[9577]: 12 Aug 04 16:07:27 ArgusFilterCompile () returning 0
ra[9577]: 12 Aug 04 16:07:27 Trying test6.ucs.sfu.ca port 22 Expecting Argus rec
ords
ra[9577]: 12 Aug 04 16:07:27 connected
ra[9577]: 12 Aug 04 16:07:27 ArgusGetServerSocket (0x6b58f4) returning 3
ra[9577]: 12 Aug 04 16:07:27 ArgusReadConnection() read 16 bytes
ra[9577]: 12 Aug 04 16:07:27 ArgusReadConnection() ARGUS_START Mar.
ra[9577]: 12 Aug 04 16:07:27 ArgusNtoH (0xbffff440) returning.
ra[9577]: 12 Aug 04 16:07:27 ArgusHtoN (0xbffff440) returning.
ra[9577]: 12 Aug 04 16:07:27 ArgusGenerateCanonicalRecord (0xbffff440, 0x53bce0)
returning
ra[9577]: 12 Aug 04 16:07:27 ArgusNtoH (0xbffee300) returning.
12 Aug 04 16:07:04 man 0.0.0.0 v255 0 0
0 0 0 0 STA
ra[9577]: 12 Aug 04 16:07:27 ArgusHandleDatum (0xbffff440, 0x53ce70) returning 0
ra[9577]: 12 Aug 04 16:07:27 ArgusNtoH (0xbffff440) returning.
ra[9577]: 12 Aug 04 16:07:27 ArgusCalloc (1, 4096) returning 0x6b8a34
ra[9577]: 12 Aug 04 16:07:27 ArgusCalloc (1, 4096) returning 0x6b9a44
ra[9577]: 12 Aug 04 16:07:27 ArgusParseInit (0x6b58f4) returning
ra[9577]: 12 Aug 04 16:07:27 ArgusReadConnection() returning 3
ra[9577]: 12 Aug 04 16:07:27 ArgusReadStream() starting
ra[9577]: 12 Aug 04 16:07:28 ArgusClientTimeout()
ra[9577]: 12 Aug 04 16:07:29 ArgusClientTimeout()
ra[9577]: 12 Aug 04 16:07:29 ArgusReadStreamSocket (0x6b58f4) starting
ra[9577]: 12 Aug 04 16:07:29 ArgusReadStreamSocket (0x6b58f4) read returned 0
ra[9577]: 12 Aug 04 16:07:29 ArgusReadStreamSocket (0x6b58f4) returning 1
ra[9577]: 12 Aug 04 16:07:29 ArgusWriteConnection: write(3, 0x4248d8, 6)
ra[9577]: 12 Aug 04 16:07:29 ArgusWriteConnection(0x6b58f4, 0x4248d8, 6) returni
ng 6
ra[9577]: 12 Aug 04 16:07:29 ArgusFree (0x6b8a34) returning
ra[9577]: 12 Aug 04 16:07:29 ArgusFree (0x6b9a44) returning
ra[9577]: 12 Aug 04 16:07:29 ArgusCloseInput(0x6b58f4) done
ra[9577]: 12 Aug 04 16:07:29 ArgusReadStream() returning
ra[9577]: 12 Aug 04 16:07:29 ArgusShutDown (0)
More information about the argus
mailing list