[ARGUS] FreeBSD 4.7 segfault.

Peter Van Epp vanepp at sfu.ca
Thu Jun 24 16:06:57 EDT 2004 

	Assuming  ARGUS_CAPTURE_DATA_LEN=1024 is capturing 1k of user data,
try either without it or with it set to 64. Some time back there was a bug
in FreeBSD (at least) where user data above something like 96 did something
undesirable (probably seg faulted). The fix may have fallen off and need to
be dug up again if this fixes it (I will have the original patch from Carter
somewhere). I've had one running since April on 4.9:

root   22782  0.0  0.1  2832 1116  ??  S     5Apr04 580:26.19 /usr/local/bin/argus_bpf -dJR -i xl1 -w /data/argus.out

but with no user data capture (eats too much disk space).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


On Thu, Jun 24, 2004 at 09:42:16PM +0200, Scott A. McIntyre wrote:
> Hi,
> 
> On FreeBSD-4.7 I can run Argus in daemon mode for about half an hour (if 
> I'm lucky) before it segfaults:
> 
> Core was generated by `argus'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/lib/libwrap.so.3...done.
> Reading symbols from /usr/lib/libpcap.so.2...done.
> Reading symbols from /usr/lib/libm.so.2...done.
> Reading symbols from /usr/lib/libc.so.4...done.
> Reading symbols from /usr/libexec/ld-elf.so.1...done.
> #0  0x8053113 in ArgusRemoveHashEntry (htblhdr=0x8358900) at 
> ./ArgusUtil.c:754
> 754     ./ArgusUtil.c: No such file or directory.
> (gdb) where
> #0  0x8053113 in ArgusRemoveHashEntry (htblhdr=0x8358900) at 
> ./ArgusUtil.c:754
> #1  0x8052d08 in ArgusDeleteObject (obj=0x8421600) at ./ArgusUtil.c:553
> #2  0x804dff9 in ArgusTimeOut (flow=0x8421600) at ./ArgusModeler.c:1732
> #3  0x8052b5f in ArgusProcessQueue (queue=0x8136090, status=4 '\004') at 
> ./ArgusUtil.c:461
> #4  0x804d96b in ArgusSystemTimeout () at ./ArgusModeler.c:1413
> #5  0x804c24a in ArgusProcessPacket (ep=0x806f7e0, length=1506, 
> tvp=0x813bca4) at ./ArgusModeler.c:489
> #6  0x8051305 in ArgusEtherPacket (user=0x0, h=0x813bca4, p=0x813bcb6 "") 
> at ./ArgusSource.c:483
> #7  0x4809fe41 in pcap_read () from /usr/lib/libpcap.so.2
> #8  0x8051ca1 in ArgusGetPackets () at ./ArgusSource.c:959
> #9  0x804ae6b in ArgusLoop () at ./argus.c:510
> #10 0x804ae2f in main (argc=3, argv=0xbfbffb20) at ./argus.c:439
> (gdb) quit
> 
> This is with:
> 
> Argus Version 2.0.6.fixes.1
> 
> Does this look familiar?  I did a quick search but couldn't find a match 
> with Known Issues.
> 
> Argus is being invoked as:
> 
> /usr/local/sbin/argus -F /usr/local/argus/etc/argus.conf
> 
> Where the latter looks like:
> 
> ARGUS_DAEMON=yes
> ARGUS_MONITOR_ID=40
> ARGUS_ACCESS_PORT=<some integer>
> ARGUS_INTERFACE=fxp1
> ARGUS_OUTPUT_FILE=/var/log/argus/argus_data
> ARGUS_SET_PID=yes
> ARGUS_GO_PROMISCUOUS=yes
> ARGUS_FLOW_STATUS_INTERVAL=5
> ARGUS_MAR_STATUS_INTERVAL=60
> ARGUS_GENERATE_RESPONSE_TIME_DATA=yes
> ARGUS_GENERATE_JITTER_DATA=yes
> ARGUS_GENERATE_MAC_DATA=no
> ARGUS_CAPTURE_DATA_LEN=1024
> ARGUS_FILTER_OPTIMIZER=yes
> ARGUS_FILTER="not host a.b.c.d"
> 
> 
> Thanks for suggestions...
> 
> Scott
> 
>

More information about the argus mailing list