[ARGUS] FreeBSD 4.7 segfault.
Peter Van Epp
vanepp at sfu.ca
Mon Jun 28 18:56:33 EDT 2004
Sorry, I thought Carter's explaination of the buffer size was the fix
(and indeed I expect it is) and didn't dig up the patch. The patch (or a
modification at least) is there in the fix.1 source:
bzero (asock->ptr, len);
asock->ptr += len;
asock->cnt -= len;
asock->ahdr = (struct ArgusRecordHeader *)asock->ptr;
} else
break;
}
if (asock->cnt && ((unsigned char *)asock->ahdr != asock->buf)) {
*** server/ArgusUtil.c.orig Tue Jan 6 12:30:15 2004
--- server/ArgusUtil.c Tue Jan 6 12:31:07 2004
***************
*** 849,855 ****
asock->ptr += len;
asock->cnt -= len;
asock->ahdr = (struct ArgusRecordHeader *)asock->ptr;
! }
}
if (asock->cnt && ((unsigned char *)asock->ahdr != asock->buf)) {
The problem wasn't a segfault but that the second task sucked up %100
CPU in an infinite loop because asock-> count got to big, but nothing reset
it (until the extra brace and eventually the break) got added.
As Carter explained earlier the segfaults are likely due to trying to
capture too much user data.
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
On Mon, Jun 28, 2004 at 06:19:59PM -0400, slif at bellsouth.net wrote:
> Peter Van Epp wrote:
> > Assuming ARGUS_CAPTURE_DATA_LEN=1024 is capturing 1k of user data,
> >try either without it or with it set to 64. Some time back there was a bug
> >in FreeBSD (at least) where user data above something like 96 did something
> >undesirable (probably seg faulted). The fix may have fallen off and need to
> >be dug up again if this fixes it (I will have the original patch from Carter
> >somewhere). I've had one running since April on 4.9:
>
> Hi, Peter.
> I haven't seen an update.
> Did you re-post the patch you wrote about ?
>
> Cheers,
> -Mike Slifcak
>
More information about the argus
mailing list