argus-clients-3.0.0.rc.20
Carter Bullard
carter at qosient.com
Mon Jul 31 19:16:49 EDT 2006
Hey Peter,
OK, some of these suggested patches are not really applicable, so pardon
if I did not apply them all. The ArgusConvertRecord bzero() does not
seem
appropriate, and its expensive, so I didn't do that, but I did put in
a bzero()
in ArgusGenerateRecordStruct(), which seems be more directed at
your hunch that there may be data values lingering from record to
record.
I fixed the little endian problems with ip_id and printing out the
values
after 2.x -> 3.0 conversion.
These changes should be up late tonight.
Carter
On Jul 31, 2006, at 5:36 PM, Peter Van Epp wrote:
> Indeed, a lot of problems are being caused because the allocated
> conversion record isn't zeroed for the next record once its
> allocated. This
> hasn't fixed everything but its made a good dent :-)
>
> (against argus-clients-3.0.0.rc.21 some of these have been
> previously posted)
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>
> *** common/argus_util.c.orig Sat Jul 22 14:08:55 2006
> --- common/argus_util.c Mon Jul 31 14:31:14 2006
> ***************
> *** 3231,3238 ****
> sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser-
> >RaFieldDelimiter);
> break;
> }
> ! } else
> ! sprintf (&buf[strlen(buf)], "%*.*s ", len, len, ipidbuf);
>
> #ifdef ARGUSDEBUG
> ArgusDebug (10, "ArgusPrintSrcIpId (0x%x, 0x%x)", buf, argus);
> --- 3231,3237 ----
> sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser-
> >RaFieldDelimiter);
> break;
> }
> ! }
>
> #ifdef ARGUSDEBUG
> ArgusDebug (10, "ArgusPrintSrcIpId (0x%x, 0x%x)", buf, argus);
> ***************
> *** 3261,3268 ****
> sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser-
> >RaFieldDelimiter);
> break;
> }
> ! } else
> ! sprintf (&buf[strlen(buf)], "%*.*s ", len, len, ipidbuf);
>
> #ifdef ARGUSDEBUG
> ArgusDebug (10, "ArgusPrintDstIpId (0x%x, 0x%x)", buf, argus);
> --- 3260,3266 ----
> sprintf (&buf[strlen(buf)], "%s%c", ipidbuf, parser-
> >RaFieldDelimiter);
> break;
> }
> ! }
>
> #ifdef ARGUSDEBUG
> ArgusDebug (10, "ArgusPrintDstIpId (0x%x, 0x%x)", buf, argus);
> ***************
> *** 12909,12918 ****
> unsigned char *
> ArgusConvertRecord (struct ArgusInput *input, char *ptr)
> {
> ! if (input->ArgusConvBuffer == NULL)
> if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1,
> MAXARGUSRECORD)) == NULL)
> ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror
> (errno));
> !
> switch (input->mode) {
> case ARGUS_V2_DATA_SOURCE: {
> struct ArgusV2Record *argus2 = (struct ArgusV2Record *)
> ptr;
> --- 12907,12918 ----
> unsigned char *
> ArgusConvertRecord (struct ArgusInput *input, char *ptr)
> {
> ! if (input->ArgusConvBuffer == NULL) {
> if ((input->ArgusConvBuffer = (u_char *)ArgusCalloc (1,
> MAXARGUSRECORD)) == NULL)
> ArgusLog (LOG_ERR, "ArgusCalloc error %s", strerror
> (errno));
> ! } else {
> ! bzero(input->ArgusConvBuffer, MAXARGUSRECORD);
> ! }
> switch (input->mode) {
> case ARGUS_V2_DATA_SOURCE: {
> struct ArgusV2Record *argus2 = (struct ArgusV2Record *)
> ptr;
> ***************
> *** 13014,13019 ****
> --- 13014,13020 ----
> break;
> default:
> flow->hdr.argus_dsrvl8.qual =
> ARGUS_TYPE_ETHER;
> + far->flow.flow_union.mac.ehdr.ether_type = argus2-
> >ahdr.status & 0xFFFF;
> break;
> }
> flow->hdr.argus_dsrvl8.len = 5;
> ***************
> *** 13052,13098 ****
> ipattr = (struct ArgusIPAttrStruct *)
> dsr;
> ipattr->hdr.type =
> ARGUS_IPATTR_DSR;
> ipattr->hdr.subtype = 0;
> - ipattr->hdr.argus_dsrvl8.qual =
> ARGUS_IPATTR_SRC | ARGUS_IPATTR_DST;
> - ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_SRC_OPTIONS | ARGUS_IPATTR_DST_OPTIONS;
> ipattr->hdr.argus_dsrvl8.len =
> (sizeof(*ipattr) + 3)/4;
>
> switch (far->flow.flow_union.ip.ip_p) {
> case IPPROTO_UDP:
> case IPPROTO_TCP:
> ! if (far->src.count)
> ipattr->src.ip_id = far-
> >flow.flow_union.ip.ip_id;
> ! if (far->dst.count)
> ipattr->dst.ip_id = far-
> >flow.flow_union.ip.ip_id;
> break;
>
> case IPPROTO_ICMP:
> ! if (far->src.count)
> ipattr->src.ip_id = far-
> >flow.flow_union.icmp.ip_id;
> ! if (far->dst.count)
> ipattr->dst.ip_id = far-
> >flow.flow_union.icmp.ip_id;
> break;
>
> default:
> ! if (far->src.count)
> ipattr->src.ip_id = far-
> >flow.flow_union.ip.ip_id;
> ! if (far->dst.count)
> ipattr->dst.ip_id = far-
> >flow.flow_union.ip.ip_id;
> break;
> }
>
> if (far->src.count) {
> ipattr->src.ttl = far->attr_ip.sttl;
> ipattr->src.tos = far->attr_ip.stos;
> }
> ! if (far->src.count) {
> ipattr->dst.ttl = far->attr_ip.dttl;
> ipattr->dst.tos = far->attr_ip.dtos;
> }
>
> ipattr->src.options = 0;
> ipattr->dst.options = 0;
>
> if (far->attr_ip.soptions) {
> if (far->attr_ip.soptions &
> ARGUS_V2_TIMESTAMP) ipattr->src.options |= ARGUS_TIMESTAMP;
> if (far->attr_ip.soptions &
> ARGUS_V2_SECURITY) ipattr->src.options |= ARGUS_SECURITY;
> if (far->attr_ip.soptions &
> ARGUS_V2_LSRCROUTE) ipattr->src.options |= ARGUS_LSRCROUTE;
> --- 13053,13118 ----
> ipattr = (struct ArgusIPAttrStruct *)
> dsr;
> ipattr->hdr.type =
> ARGUS_IPATTR_DSR;
> ipattr->hdr.subtype = 0;
> ipattr->hdr.argus_dsrvl8.len =
> (sizeof(*ipattr) + 3)/4;
>
> switch (far->flow.flow_union.ip.ip_p) {
> case IPPROTO_UDP:
> case IPPROTO_TCP:
> ! if (far->src.count) {
> ipattr->src.ip_id = far-
> >flow.flow_union.ip.ip_id;
> ! ipattr->hdr.argus_dsrvl8.qual
> |= ARGUS_IPATTR_SRC;
> ! ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_SRC_OPTIONS;
> ! }
> ! if (far->dst.count) {
> ipattr->dst.ip_id = far-
> >flow.flow_union.ip.ip_id;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_DST;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_DST_OPTIONS;
> + }
> break;
>
> case IPPROTO_ICMP:
> ! if (far->src.count) {
> ipattr->src.ip_id = far-
> >flow.flow_union.icmp.ip_id;
> ! ipattr->hdr.argus_dsrvl8.qual
> |= ARGUS_IPATTR_SRC;
> ! ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_SRC_OPTIONS;
> ! }
> ! if (far->dst.count) {
> ipattr->dst.ip_id = far-
> >flow.flow_union.icmp.ip_id;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_DST;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_DST_OPTIONS;
> + }
> break;
>
> default:
> ! if (far->src.count) {
> ipattr->src.ip_id = far-
> >flow.flow_union.ip.ip_id;
> ! ipattr->hdr.argus_dsrvl8.qual
> |= ARGUS_IPATTR_SRC;
> ! ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_SRC_OPTIONS;
> ! }
> ! if (far->dst.count) {
> ipattr->dst.ip_id = far-
> >flow.flow_union.ip.ip_id;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_DST;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_DST_OPTIONS;
> + }
> break;
> }
>
> if (far->src.count) {
> ipattr->src.ttl = far->attr_ip.sttl;
> ipattr->src.tos = far->attr_ip.stos;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_SRC;
> }
> ! if (far->dst.count) {
> ipattr->dst.ttl = far->attr_ip.dttl;
> ipattr->dst.tos = far->attr_ip.dtos;
> + ipattr->hdr.argus_dsrvl8.qual |=
> ARGUS_IPATTR_DST;
> }
>
> ipattr->src.options = 0;
> ipattr->dst.options = 0;
>
> if (far->attr_ip.soptions) {
> + ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_SRC_OPTIONS;
> if (far->attr_ip.soptions &
> ARGUS_V2_TIMESTAMP) ipattr->src.options |= ARGUS_TIMESTAMP;
> if (far->attr_ip.soptions &
> ARGUS_V2_SECURITY) ipattr->src.options |= ARGUS_SECURITY;
> if (far->attr_ip.soptions &
> ARGUS_V2_LSRCROUTE) ipattr->src.options |= ARGUS_LSRCROUTE;
> ***************
> *** 13101,13106 ****
> --- 13121,13127 ----
> if (far->attr_ip.soptions &
> ARGUS_V2_SATNETID) ipattr->src.options |= ARGUS_SATID;
> }
> if (far->attr_ip.doptions) {
> + ipattr->hdr.argus_dsrvl8.qual |= ARGUS_IPATTR_DST_OPTIONS;
> if (far->attr_ip.doptions &
> ARGUS_V2_TIMESTAMP) ipattr->dst.options |= ARGUS_TIMESTAMP;
> if (far->attr_ip.doptions &
> ARGUS_V2_SECURITY) ipattr->dst.options |= ARGUS_SECURITY;
> if (far->attr_ip.doptions &
> ARGUS_V2_LSRCROUTE) ipattr->dst.options |= ARGUS_LSRCROUTE;
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20060731/8a3848d1/attachment.html>
More information about the argus
mailing list