CIDR bug

CS Lee geek00l at gmail.com
Mon Oct 16 09:17:59 EDT 2006 

Carter,

I have tried on rc32 and apparently when I'm trying to filter
192.168.1.0/24argus records, I got all
192.x.x.x filtered out from the argus data. The interesting thing is when I
try 192.168.1.0/24, I get to filter all the 192.168.1.1-255 argus  flow
records. By the way this only happens to the rc32 because I have done some
testing which is when I'm on rc31

shell>ra -b - src net 192.168.1.0/24
(000) ldb      [142]
(001) and      #31
(002) jeq      #0x1             jt 3    jf 7
(003) ld       [144]
(004) and      #-256
(005) jeq      #0xc0a80100      jt 6    jf 7
(006) ret      #96
(007) ret      #0

When I'm on rc32

shell>ra -b - src net 192.168.1.0/24
(000) ldb      [142]
(001) and      #31
(002) jeq      #0x1             jt 3    jf 7
(003) ld       [144]
(004) and      #-16777216
(005) jeq      #0xc0000000      jt 6    jf 7
(006) ret      #96
(007) ret      #0

shell>ra -b - src net 192.168.1.0/8
(000) ldb      [142]
(001) and      #31
(002) jeq      #0x1             jt 3    jf 7
(003) ld       [144]
(004) and      #-256
(005) jeq      #0xc0a80100      jt 6    jf 7
(006) ret      #96
(007) ret      #0

Apparently the jeq is faily obvious where the cidr apply in reverse way. I
think this should be the problem of the recent codes added since the filter
applies correctly when I'm on rc31, the diff should shade some lights.
Cheers.




-- 
Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061016/714e7220/attachment.html>

More information about the argus mailing list