[ARGUS] Argus Data Struct's

[Glenn MacGregor]

Carter,

I was trying to avoid having the client program parse the file then I 
have to parse the text coming out of the client. Seems like quite a bit 
of wasted time.

That is what I was trying to do, I read the length from the header and 
subtract the size of the header from that length. Then I was trying to 
read directly into the argus.argus_far struct (read(fd, 
&argus.argus_far, size)). This obviously causes all kinds of problems 
because the sizeof(argus.argus_far) is 72 while I am trying to read way 
more data then that. So I see you actually read into a unsigned char 
array of 4k then just cast that to a ArgusRecord *. Forgive me for 
sounding ignorant, but how would that work? If I can't read into it how 
can I cast it?

	Thanks

		Glenn

Carter Bullard wrote:

> Hey Glenn,
>    Reading FAR records can be slightly confusing, because there
> are 3 versions of records that may need to be parsed.  While the
> version 3.x data records are the easiest to read, there are still
> some issues in parsing them.  And when you add the fact that
> the server may want to encrypt records on the wire, it probably
> would be best to use the argus-clients strategy to read records.
> 
>    If you want to try to read the FARs yourself, first check out
> ./include/argus_out.h and ./include/argus_def.h.  These files
> define the TLV's that are in the FAR argus record.  Here are some hints.
> The initial MAR will be 128 bytes long, regardless of what version
> of argus you're dealing with.  The last 2 bytes of the MAR will tell
> you the length of the FAR records.  A -1 means that there are variable
> length records in the stream.
> 
>    For variable length records, you need to read the 16 byte Argus
> record header, do a ntohs() on the record length field and then read
> that many (bytes - 16) the header length.  This is the total record
> length.  The FAR record is a collection of Argus DSR's, which are
> TLV's (type/length/value structs).  Most have a FAR struct, but not
> all, so you need to parse them out pretty carefully.
> 
>    The ./common/argus_parse.c routine does everything, so take
> a look at what its doing, and try to use ./clients/ratemplate.c
> to write your own argus client programs.
> 
> Hope this helps!!!!
> 
> Carter
> 
> 
> -----Original Message-----
> From: owner-argus-info at lists.andrew.cmu.edu
> [mailto:owner-argus-info at lists.andrew.cmu.edu] On Behalf Of Glenn MacGregor
> Sent: Monday, May 03, 2004 9:01 PM
> To: argus-info at lists.andrew.cmu.edu
> Subject: [ARGUS] Argus Data Struct's
> 
> Hi All,
> 
> I am new to argus, great app! I want to write a program which reads in the
> argus
> file and processes the data, builds a nice screen, etc. I am looking at the
> code
> which reads the "argus.out" file, it seems more complicated that necessary
> (to
> me).
> 
> I am having a bit of trouble reading the FAR records in. The MAR records
> seem to
> be fine. I forst read the header (16 bytes) which has a length, I use that
> length - sizeof(header) the get the amount of data to read for the data
> (body).
> This is correct in the case of the MAR record, 112 bytes and sizeof(argus.
> argus_mar) is 112 bytes. In the case of the FAR record that I am dealing
> with I
> have a length of 104, that - 16 is 88. The size of the FAR struct is 72 (88
> -16
> again).
> 
> Am I missing something simple here? Any input would be great!
> 
>   Thanks
> 
>     Glenn
> 
> Glenn MacGregor
> HighStreet Networks
> 
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
> 
> 
>