debugging argus on tun interface

Carter Bullard carter at qosient.com
Fri Feb 24 19:58:02 EST 2006 

Hey Guys,
   The problem is argus doesn't know that the call back routine
should be for the tun interface. 

 >>>  argus[23533]: 23 Feb 06 21:10:20 Arguslookup_pcap_callback(12)  
returning (null): 0x0

Argus has a lookup table for the various device types that it
can handle, and Arguslookup_pcap_callback uses the device
type passed to lookup the callback from the table.  So evidently
we don't have a lookup value for "12", the value returned by a
pcap library routine (DEV_TUN?).   I suspect that tun will return
the same packets as ethernet or slip?  If so, you can just copy the
ethernet entry and put it where the DEV_TUN value should be (o
whatever pcap has defined for this type of interface).

If this is toooo cryptic, I'll take a look at the code on Monday.

Carter

poncenby smythe wrote:

>
> On 23 Feb 2006, at 19:04, eric wrote:
>
>> On Thu, 2006-02-23 at 19:01:47 +0000, poncenby smythe proclaimed...
>>
>>> i'm trying to get argus to collect flow data on a tun interface,
>>> which is actually a USB adsl modem (speedtouch) plugged into a box
>>> running openbsd 3.8 generic.
>>>
>>> when i execute the argus daemon it simply exits. how do I compile
>>> argus with debugging enabled?
>>
>>
>> cd <argus source dir>
>> touch .debug .devel
>> ./configure
>> make
>
>
> thanks very much for that.
>
>>
>>> and which version of argus of argus shall i use? 2.0.6 from the
>>> website or a development version from the ftp site?
>>
>>
>> There's problems building 2.0.6.fixes.1 due to the Makefile not  
>> finding some
>> of the man pages, etc. Just touch(1) each one as you go. Then build  
>> clients
>> and install them.
>> -- 
>
>
> I downloaded the 2.0.6.fixes.1 archive and successfully built the  
> argus daemon.
> then executed this command:
> ./argus -D 10 -i tun0
> and this is output:
> argus[23533]: 23 Feb 06 21:10:20 clearArgusDevice(Lr???) returning
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 24) returning  
> 0x7d8d4020
> argus[23533]: 23 Feb 06 21:10:20 ArgusNewList () returning 0x7d8d4020
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 12) returning  
> 0x81fd2040
> argus[23533]: 23 Feb 06 21:10:20 ArgusPushFrontList (0x7d8d4020,  
> 0x81fd2030) returning 0xcfbc73cd
> argus[23533]: 23 Feb 06 21:10:20 setArgusDevice(tun0) returning
> argus[23533]: 23 Feb 06 21:10:20 setArgusPortNum(0) returning
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 4) returning 0x81fd2050
> argus[23533]: 23 Feb 06 21:10:20 ArgusNewModeler() returning 0x81fd2050
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 108) returning  
> 0x8bbc6000
> argus[23533]: 23 Feb 06 21:10:20 ArgusNewOutput() returning retn  
> 0x8bbc6000
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 4) returning 0x81fd2060
> argus[23533]: 23 Feb 06 21:10:20 ArgusNewSource() returning 0x81fd2060
> argus[23533]: 23 Feb 06 21:10:20 ArgusFrontList (0x7d8d4020)  
> returning 0x81fd2030
> argus[23533]: 23 Feb 06 21:10:20 ArgusFree (0x81fd2040) returning
> argus[23533]: 23 Feb 06 21:10:20 ArgusPopFrontList (0x7d8d4020)  
> returning
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 12) returning  
> 0x81fd2040
> argus[23533]: 23 Feb 06 21:10:20 ArgusPushFrontList (0x7d8d4020,  
> 0x81fd2030) returning 0x7d8d4020
> argus[23533]: 23 Feb 06 21:10:20 ArgusPushBackList (0x7d8d4020,  
> 0x81fd2030) returning 0x7d8d4020
> argus[23533]: 23 Feb 06 21:10:20 Arguslookup_pcap_callback(12)  
> returning (null): 0x0
> argus[23533]: 23 Feb 06 21:10:20 ArgusInitSource() returning
> argus[23533]: 23 Feb 06 21:10:20 ArgusOutputProcess[19475] created
> argus[19475]: 23 Feb 06 21:10:20 ArgusCalloc (1, 65596) returning  
> 0x82918000
> argus[19475]: 23 Feb 06 21:10:20 ArgusCalloc (1, 24) returning  
> 0x7d8d40c0
> argus[23533]: 23 Feb 06 21:10:20 ArgusInitOutput() returning
> argus[19475]: 23 Feb 06 21:10:20 ArgusNewList () returning 0x7d8d40c0
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (65536, 4) returning  
> 0x8a1bf000
> argus[19475]: 23 Feb 06 21:10:20 ArgusNewSocket (3) returning 0x82918000
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 65596) returning  
> 0x88fb9000
> argus[19475]: 23 Feb 06 21:10:20 ArgusInitOutputProcess() returning
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 24) returning  
> 0x7d8d40c0
> argus[23533]: 23 Feb 06 21:10:20 ArgusNewList () returning 0x7d8d40c0
> argus[23533]: 23 Feb 06 21:10:20 ArgusNewSocket (4) returning 0x88fb9000
> argus[23533]: 23 Feb 06 21:10:20 ArgusCalloc (1, 12) returning  
> 0x81fd2080
> argus[23533]: 23 Feb 06 21:10:20 ArgusNewQueue () returning 0x81fd2080
> argus[23533]: 23 Feb 06 21:10:20 ArgusInitModeler(): ArgusHashArray  
> 0x8a1bf000
> argus[23533]: 23 Feb 06 21:10:20 ArgusGetPackets () returning
> argus[23533]: 23 Feb 06 21:10:20 ArgusLoop() returning
> argus[23533]: 23 Feb 06 21:10:20 main() shuting down
>
>
> this is where I'm not really sure what to do next. any thoughts?
>
> poncenby
>

More information about the argus mailing list