rc.32 server and client uploaded for testing

rick s442755 at mindlessproductions.com
Mon Oct 16 18:30:41 EDT 2006


Carter,

just another couple of minor fixes / suggestions.. sorry for the delay in
testing :(

suggestions:

pretty trivial but..

would it be possible/useful to put a header on the argus data files?
becuase the format of the data files is the same coming out of so many
different ra* clients the output data could be filtered / aggregated /
various other things would it be useful to allow for a header to be able to
better define what is in the file? even if this is just a human readable
addable comment of fixed length? anywhere up to id3 tag style giving you
program that produced it possibly the time ranges it contains srcid(s) etc?

i'd find this useful but i don't know if it is generally useful :) it could
also mean that file no longer ses '8086 relocatable (Microsoft)' (on intel
dump at least)

-

your new RaParseCIDRAddr() function checks for a '.' before a ':' testing
for a v4 address first.. this will fail in the case of an ipv6 mapped ipv4
address which is a legitimate representation of a v6 address that contains a
'.'... should check for a ':' first.. ie ::ffff:192.168.0.1 i vaguely
remember something else that was quite bad in the implementation of
RaParseCIDRAddr() but it eludes me now..



fixes:

just a couple of trivial tweaks..

- change you wholesale commenting from /* */ to #if 0 / #endif so you
  don't keep removing other comments in the code to avoid nesting /* */ :) i
  don't know if you have deliberately not done this or not so only changed
  ones in argus_client.c

- Another 's' is turned back to a 'd' :) (saddrlen should have been
  daddrlen)

- where you strtol() for the prefixlen i fixed up your error checking a
  little.. the way you had it the error check would have always passed :)

  char **endptr = NULL;

  strtol(ptr, endptr, 10);

  if (endptr == ptr) ...

  endptr is null when it goes into strtol so it isn't going to use it
  therefore it will remain null and the if will always fail.

- Another endianness tweak.. my previous patch correcting the endianness
  in the netmasks that worked for v6 doesn't work for v6 as i mentioned at
  the time becuase the addresses are also host order.. since you left them
  in host order and you obviously flip them somewhere before printing them
  then i just took the ipv6 netmask flipping back out... this now works
  correctly for masking ipv4 and ipv6 however is inconsistent.. the data is
  stored NBO before it is masked with v4 and HO before masking v6..

  it works as it is.. i'm just concerned about where it is flipped (closer
  to the end) i haven't looked into where.. but i wondering if it affects
  file.. i haven't tested this yet either.. but if it outputs data to files
  in host order then it more than likely breaks reimport of data on other
  endian machines?




--- argus_client.c.orig	2006-10-11 04:04:05.000000000 +1000
+++ argus_client.c	2006-10-17 00:04:45.000000000 +1000
@@ -3253,7 +3253,7 @@
 
          } else
             parser->RaHistoBinSize = ((parser->RaHistoEnd - parser->RaHistoStart) * 1.0) / parser->RaHistoBins * 1.0;
-/*
+#if 0
          int i;
          for (i = 0; i < parser->RaHistoBins; i++) {
             if (parser->RaHistoMetricLog) {
@@ -3275,7 +3275,7 @@
          }
 
          parser->RaHistoMetricValues[parser->RaHistoBins] = parser->RaHistoEnd;
-*/
+#endif
       } else
          ArgusLog (LOG_ERR, "RaHistoMetricParse: ArgusCalloc %s\n", strerror(errno));
    }
@@ -3398,7 +3398,7 @@
                               for (x = 0; x < 4; x++)
                                  tflow.ipv6_flow.ip_dst[x] = flow->ipv6_flow.ip_dst[x];
                               
-                              if (na->saddrlen > 0)
+                              if (na->daddrlen > 0)
                                  for (x = 0; x < 4; x++)
                                     tflow.ipv6_flow.ip_dst[x] &= na->dmask.addr_un.ipv6[x];
                               break;
@@ -5685,7 +5685,7 @@
 
    if ((mode = modelist) != NULL) {
       while (mode) {
-         char *ptr = NULL, **endptr = NULL;
+         char *ptr = NULL, *endptr = NULL;
          struct ArgusIPAddrStruct mask;
          int len = 0, x = 0;
 
@@ -5696,10 +5696,6 @@
             if (strchr(ptr, ':')) {
                if (!(inet_pton(AF_INET6, (const char *) ptr, &mask.addr_un.ipv6) > 0))
                   ArgusLog (LOG_ERR, "syntax error: %s %s", ptr, strerror(errno));
-#if defined(_LITTLE_ENDIAN)
-               for (x = 0 ; x < 4 ; x++)
-                  mask.addr_un.ipv6[x] = htonl(mask.addr_un.ipv6[x]);
-#endif
                len = 128;
             } else
             if (strchr(ptr, '.')) {
@@ -5710,8 +5706,8 @@
 #endif
                len = 32;
             } else {
-               if ((len = strtol(ptr, endptr, 10)) == 0)
-                  if (*endptr == ptr)
+               if ((len = strtol(ptr, &endptr, 10)) == 0)
+                  if ((endptr == ptr) || (*endptr != '\0'))
                      ArgusLog (LOG_ERR, "syntax error: %s %s", ptr, strerror(errno));
 
                if (len <= 32)
@@ -6077,7 +6073,7 @@
    return(argus_nametoeproto(str));
 }
 
-/*
+#if 0
 struct RaPolicyStruct *
 RaParsePolicyEntry (struct ArgusParserStruct *parser, char *str)
 {
@@ -6485,7 +6481,7 @@
 
    return (retn);
 }
-*/
+#endif
 
 double
 ArgusFetchSrcId (struct ArgusRecordStruct *ns)
@@ -6535,7 +6531,7 @@
 ArgusFetchAvgDuration (struct ArgusRecordStruct *ns)
 {
    double retn = 0;
-/*
+#if 0
    float ad1 = 0.0, ad2 = 0.0;
  
    if (n1 && n2) {
@@ -6543,8 +6539,8 @@
       ad2 = RaGetFloatAvgDuration(n2);
       retn = (ad1 > ad2) ? 1 : ((ad1 == ad2) ? 0 : -1);
    }
+#endif
  
-*/
    return (retn);
 }
 
@@ -6552,7 +6548,7 @@
 ArgusFetchMinDuration (struct ArgusRecordStruct *ns)
 {
    double retn = 0;
-/*
+#if 0
    float ad1 = 0.0, ad2 = 0.0;
  
    if (n1 && n2) {
@@ -6560,8 +6556,8 @@
       ad2 = RaGetFloatMinDuration(n2);
       retn = (ad1 > ad2) ? 1 : ((ad1 == ad2) ? 0 : -1);
    }
- 
-*/
+#endif
+
    return (ArgusReverseSortDir ? ((retn > 0) ? -1 : ((retn == 0) ? 0 : 1)) : retn);
 }
 
@@ -6569,7 +6565,7 @@
 ArgusFetchMaxDuration (struct ArgusRecordStruct *ns)
 {
    double retn = 0;
-/*
+#if 0
    float ad1 = 0.0, ad2 = 0.0;
  
    if (n1 && n2) {
@@ -6577,8 +6573,8 @@
       ad2 = RaGetFloatMaxDuration(n2);
       retn = (ad1 > ad2) ? 1 : ((ad1 == ad2) ? 0 : -1);
    }
- 
-*/
+#endif
+
    return (retn);
 }
 
@@ -6621,7 +6617,7 @@
 ArgusFetchProtocol (struct ArgusRecordStruct *ns)
 {
    double retn = 0;
-/*
+#if 0
    struct ArgusFlow *f1 = (struct ArgusFlow *) n1->dsrs[ARGUS_FLOW_INDEX];
    struct ArgusFlow *f2 = (struct ArgusFlow *) n2->dsrs[ARGUS_FLOW_INDEX];
    unsigned char p1 = 0, p2 = 0;
@@ -6662,7 +6658,7 @@
    }
  
    retn = p1 - p2;
-*/
+#endif
    return(retn);
 }
 
@@ -6670,7 +6666,7 @@
 ArgusFetchSrcPort (struct ArgusRecordStruct *ns)
 {
    double retn = 0;
-/*
+#if 0
    struct ArgusFlow *f1 = (struct ArgusFlow *) n1->dsrs[ARGUS_FLOW_INDEX];
    struct ArgusFlow *f2 = (struct ArgusFlow *) n2->dsrs[ARGUS_FLOW_INDEX];
    unsigned short p1 = 0, p2 = 0;
@@ -6721,7 +6717,7 @@
    }
  
    retn = p1 - p2;
-*/
+#endif
    return(retn);
 }
 



More information about the argus mailing list