argus-3.0.0.rc.3

[Carter Bullard]

No body should need to modify the code, permissions seem fine  ;o)

The no frag struct means that we're processing a fragment, but
the internal frag control block for the parent flow has either been
deallocated or was never allocated (unlikely).  This could
happen if we think we've seen all the fragments, deallocate the
fragment tracking control block, and then, ..., somehow, we get
another fragment for the packet id, or a copy of one we've already
seen.   This, of course, is not suppose to happen.

I put the stop in the code to catch the scenario, so,...., i should try
to figure out what to do in this situation, now that I know that its
possible to get in this state.

But, ...., bad fragment packet reporting from this ring structure
would be bad.

Carter


On Jun 8, 2006, at 12:56 PM, Peter Van Epp wrote:

> 	No write permission on the files in at least common :-)
>
> # ls -l common
> total 1200
> -rw-rw-r--  1 root  wheel   10443 Jun  8 01:47 Makefile
> -r-xr-xr-x  1 root  wheel    3779 Apr  3 10:27 Makefile.in
> -r--r--r--  1 root  wheel   13850 Apr  3 10:27 argus_auth.c
> -r--r--r--  1 root  wheel   90309 Jun  6 18:06 argus_code.c
> -r--r--r--  1 root  wheel   73360 Apr  3 10:27 argus_filter.c
> -r--r--r--  1 root  wheel  123174 Apr  3 10:27 argus_parse.c
> -r--r--r--  1 root  wheel   61474 Jun  7 20:14 argus_util.c
> -r--r--r--  1 root  wheel   61474 Jun  8 02:34 argus_util.c.orig
> -rw-rw-r--  1 root  wheel   69439 Jun  8 01:47 grammar.c
> -r-xr-xr-x  1 root  wheel   10663 Apr  3 10:27 grammar.y
> -rw-rw-r--  1 root  wheel   63330 Jun  8 01:47 scanner.c
> -r-xr-xr-x  1 root  wheel    6615 Apr  3 10:27 scanner.l
> -rw-rw-r--  1 root  wheel    2202 Jun  8 01:47 tokdefs.h
> -rw-rw-r--  1 root  wheel      31 Jun  8 01:47 version.c
>
> 	and the ring buffer isn't going to repeat easily it doesn't look like
> :-) its been running fine for almost an hour now.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>