argus-clients-3.0.0.rc.20
Peter Van Epp
vanepp at sfu.ca
Mon Jul 31 17:36:03 EDT 2006
Indeed, a lot of problems are being caused because the allocated
conversion record isn't zeroed for the next record once its allocated. This
hasn't fixed everything but its made a good dent :-)
(against argus-clients-3.0.0.rc.21 some of these have been previously posted)
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
*** common/argus_util.c.orig Sat Jul 22 14:08:55 2006
--- common/argus_util.c Mon Jul 31 14:31:14 2006
***************
*** 3231,3238 ****
sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser->RaFieldDelimiter);
break;
}
! } else
! sprintf (&buf[strlen(buf)], "%*.*s ", len, len, ipidbuf);
#ifdef ARGUSDEBUG
ArgusDebug (10, "ArgusPrintSrcIpId (0x%x, 0x%x)", buf, argus);
--- 3231,3237 ----
sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser->RaFieldDelimiter);
break;
}
! }
#ifdef ARGUSDEBUG
ArgusDebug (10, "ArgusPrintSrcIpId (0x%x, 0x%x)", buf, argus);
***************
*** 3261,3268 ****
sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser->RaFieldDelimiter);
break;
}
! } else
! sprintf (&buf[strlen(buf)], "%*.*s ", len, len, ipidbuf);
#ifdef ARGUSDEBUG
ArgusDebug (10, "ArgusPrintDstIpId (0x%x, 0x%x)", buf, argus);
--- 3260,3266 ----
sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser->RaFieldDelimiter);
break;
}
! }
#ifdef ARGUSDEBUG
ArgusDebug (10, "ArgusPrintDstIpId (0x%x, 0x%x)", buf, argus);
***************
*** 12909,12918 ****
unsigned char *
ArgusConvertRecord (struct ArgusInput *input, char *ptr)
{
! if (input->ArgusConvBuffer == NULL)
if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1, MAXARGUSRECORD)) == NULL)
ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
!
switch (input->mode) {
case ARGUS_V2_DATA_SOURCE: {
struct ArgusV2Record *argus2 = (struct ArgusV2Record *) ptr;
--- 12907,12918 ----
unsigned char *
ArgusConvertRecord (struct ArgusInput *input, char *ptr)
{
! if (input->ArgusConvBuffer == NULL) {
if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1, MAXARGUSRECORD)) == NULL)
ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror(errno));
! } else {
! bzero(input->ArgusConvBuffer, MAXARGUSRECORD);
! }
switch (input->mode) {
case ARGUS_V2_DATA_SOURCE: {
struct ArgusV2Record *argus2 = (struct ArgusV2Record *) ptr;
***************
*** 13014,13019 ****
--- 13014,13020 ----
break;
default:
flow->hdr.argus_dsrvl8.qual = ARGUS_TYPE_ETHER;
+ far->flow.flow_union.mac.ehdr.ether_type = argus2->ahdr.status & 0xFFFF;
break;
}
flow->hdr.argus_dsrvl8.len = 5;
***************
*** 13052,13098 ****
ipattr = (struct ArgusIPAttrStruct *) dsr;
ipattr->hdr.type = ARGUS_IPATTR_DSR;
ipattr->hdr.subtype = 0;
- ipattr->hdr.argus_dsrvl8.qual = ARGUS_IPATTR_SRC | ARGUS_IPATTR_DST;
- ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS | ARGUS_IPATTR_DST_OPTIONS;
ipattr->hdr.argus_dsrvl8.len = (sizeof(*ipattr) + 3)/4;
switch (far->flow.flow_union.ip.ip_p) {
case IPPROTO_UDP:
case IPPROTO_TCP:
! if (far->src.count)
ipattr->src.ip_id = far->flow.flow_union.ip.ip_id;
! if (far->dst.count)
ipattr->dst.ip_id = far->flow.flow_union.ip.ip_id;
break;
case IPPROTO_ICMP:
! if (far->src.count)
ipattr->src.ip_id = far->flow.flow_union.icmp.ip_id;
! if (far->dst.count)
ipattr->dst.ip_id = far->flow.flow_union.icmp.ip_id;
break;
default:
! if (far->src.count)
ipattr->src.ip_id = far->flow.flow_union.ip.ip_id;
! if (far->dst.count)
ipattr->dst.ip_id = far->flow.flow_union.ip.ip_id;
break;
}
if (far->src.count) {
ipattr->src.ttl = far->attr_ip.sttl;
ipattr->src.tos = far->attr_ip.stos;
}
! if (far->src.count) {
ipattr->dst.ttl = far->attr_ip.dttl;
ipattr->dst.tos = far->attr_ip.dtos;
}
ipattr->src.options = 0;
ipattr->dst.options = 0;
if (far->attr_ip.soptions) {
if (far->attr_ip.soptions & ARGUS_V2_TIMESTAMP) ipattr->src.options |= ARGUS_TIMESTAMP;
if (far->attr_ip.soptions & ARGUS_V2_SECURITY) ipattr->src.options |= ARGUS_SECURITY;
if (far->attr_ip.soptions & ARGUS_V2_LSRCROUTE) ipattr->src.options |= ARGUS_LSRCROUTE;
--- 13053,13118 ----
ipattr = (struct ArgusIPAttrStruct *) dsr;
ipattr->hdr.type = ARGUS_IPATTR_DSR;
ipattr->hdr.subtype = 0;
ipattr->hdr.argus_dsrvl8.len = (sizeof(*ipattr) + 3)/4;
switch (far->flow.flow_union.ip.ip_p) {
case IPPROTO_UDP:
case IPPROTO_TCP:
! if (far->src.count) {
ipattr->src.ip_id = far->flow.flow_union.ip.ip_id;
! ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC;
! ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS;
! }
! if (far->dst.count) {
ipattr->dst.ip_id = far->flow.flow_union.ip.ip_id;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_OPTIONS;
+ }
break;
case IPPROTO_ICMP:
! if (far->src.count) {
ipattr->src.ip_id = far->flow.flow_union.icmp.ip_id;
! ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC;
! ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS;
! }
! if (far->dst.count) {
ipattr->dst.ip_id = far->flow.flow_union.icmp.ip_id;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_OPTIONS;
+ }
break;
default:
! if (far->src.count) {
ipattr->src.ip_id = far->flow.flow_union.ip.ip_id;
! ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC;
! ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS;
! }
! if (far->dst.count) {
ipattr->dst.ip_id = far->flow.flow_union.ip.ip_id;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_OPTIONS;
+ }
break;
}
if (far->src.count) {
ipattr->src.ttl = far->attr_ip.sttl;
ipattr->src.tos = far->attr_ip.stos;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC;
}
! if (far->dst.count) {
ipattr->dst.ttl = far->attr_ip.dttl;
ipattr->dst.tos = far->attr_ip.dtos;
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST;
}
ipattr->src.options = 0;
ipattr->dst.options = 0;
if (far->attr_ip.soptions) {
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS;
if (far->attr_ip.soptions & ARGUS_V2_TIMESTAMP) ipattr->src.options |= ARGUS_TIMESTAMP;
if (far->attr_ip.soptions & ARGUS_V2_SECURITY) ipattr->src.options |= ARGUS_SECURITY;
if (far->attr_ip.soptions & ARGUS_V2_LSRCROUTE) ipattr->src.options |= ARGUS_LSRCROUTE;
***************
*** 13101,13106 ****
--- 13121,13127 ----
if (far->attr_ip.soptions & ARGUS_V2_SATNETID) ipattr->src.options |= ARGUS_SATID;
}
if (far->attr_ip.doptions) {
+ ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_OPTIONS;
if (far->attr_ip.doptions & ARGUS_V2_TIMESTAMP) ipattr->dst.options |= ARGUS_TIMESTAMP;
if (far->attr_ip.doptions & ARGUS_V2_SECURITY) ipattr->dst.options |= ARGUS_SECURITY;
if (far->attr_ip.doptions & ARGUS_V2_LSRCROUTE) ipattr->dst.options |= ARGUS_LSRCROUTE;
More information about the argus
mailing list