rc.32 server and client uploaded for testing
Carter Bullard
carter at qosient.com
Mon Oct 16 18:48:51 EDT 2006
Hey Rick,
There is magic() support for argus data files. Install the argus ./
support/System/magic file
in something like /usr/share/file/magic, and then re-generate/compile
the system file.
See man magic. This will print out the version number etc....
Carter
On Oct 16, 2006, at 6:30 PM, rick wrote:
> Carter,
>
> just another couple of minor fixes / suggestions.. sorry for the
> delay in
> testing :(
>
> suggestions:
>
> pretty trivial but..
>
> would it be possible/useful to put a header on the argus data files?
> becuase the format of the data files is the same coming out of so many
> different ra* clients the output data could be filtered / aggregated /
> various other things would it be useful to allow for a header to be
> able to
> better define what is in the file? even if this is just a human
> readable
> addable comment of fixed length? anywhere up to id3 tag style
> giving you
> program that produced it possibly the time ranges it contains srcid
> (s) etc?
>
> i'd find this useful but i don't know if it is generally useful :)
> it could
> also mean that file no longer ses '8086 relocatable
> (Microsoft)' (on intel
> dump at least)
>
> -
>
> your new RaParseCIDRAddr() function checks for a '.' before a ':'
> testing
> for a v4 address first.. this will fail in the case of an ipv6
> mapped ipv4
> address which is a legitimate representation of a v6 address that
> contains a
> '.'... should check for a ':' first.. ie ::ffff:192.168.0.1 i vaguely
> remember something else that was quite bad in the implementation of
> RaParseCIDRAddr() but it eludes me now..
>
>
>
> fixes:
>
> just a couple of trivial tweaks..
>
> - change you wholesale commenting from /* */ to #if 0 / #endif so you
> don't keep removing other comments in the code to avoid nesting /
> * */ :) i
> don't know if you have deliberately not done this or not so only
> changed
> ones in argus_client.c
>
> - Another 's' is turned back to a 'd' :) (saddrlen should have been
> daddrlen)
>
> - where you strtol() for the prefixlen i fixed up your error
> checking a
> little.. the way you had it the error check would have always
> passed :)
>
> char **endptr = NULL;
>
> strtol(ptr, endptr, 10);
>
> if (endptr == ptr) ...
>
> endptr is null when it goes into strtol so it isn't going to use it
> therefore it will remain null and the if will always fail.
>
> - Another endianness tweak.. my previous patch correcting the
> endianness
> in the netmasks that worked for v6 doesn't work for v6 as i
> mentioned at
> the time becuase the addresses are also host order.. since you
> left them
> in host order and you obviously flip them somewhere before
> printing them
> then i just took the ipv6 netmask flipping back out... this now
> works
> correctly for masking ipv4 and ipv6 however is inconsistent.. the
> data is
> stored NBO before it is masked with v4 and HO before masking v6..
>
> it works as it is.. i'm just concerned about where it is flipped
> (closer
> to the end) i haven't looked into where.. but i wondering if it
> affects
> file.. i haven't tested this yet either.. but if it outputs data
> to files
> in host order then it more than likely breaks reimport of data on
> other
> endian machines?
>
>
>
>
> --- argus_client.c.orig 2006-10-11 04:04:05.000000000 +1000
> +++ argus_client.c 2006-10-17 00:04:45.000000000 +1000
> @@ -3253,7 +3253,7 @@
>
> } else
> parser->RaHistoBinSize = ((parser->RaHistoEnd - parser-
> >RaHistoStart) * 1.0) / parser->RaHistoBins * 1.0;
> -/*
> +#if 0
> int i;
> for (i = 0; i < parser->RaHistoBins; i++) {
> if (parser->RaHistoMetricLog) {
> @@ -3275,7 +3275,7 @@
> }
>
> parser->RaHistoMetricValues[parser->RaHistoBins] = parser-
> >RaHistoEnd;
> -*/
> +#endif
> } else
> ArgusLog (LOG_ERR, "RaHistoMetricParse: ArgusCalloc %s
> \n", strerror(errno));
> }
> @@ -3398,7 +3398,7 @@
> for (x = 0; x < 4; x++)
> tflow.ipv6_flow.ip_dst[x] = flow-
> >ipv6_flow.ip_dst[x];
>
> - if (na->saddrlen > 0)
> + if (na->daddrlen > 0)
> for (x = 0; x < 4; x++)
> tflow.ipv6_flow.ip_dst[x] &=
> na->dmask.addr_un.ipv6[x];
> break;
> @@ -5685,7 +5685,7 @@
>
> if ((mode = modelist) != NULL) {
> while (mode) {
> - char *ptr = NULL, **endptr = NULL;
> + char *ptr = NULL, *endptr = NULL;
> struct ArgusIPAddrStruct mask;
> int len = 0, x = 0;
>
> @@ -5696,10 +5696,6 @@
> if (strchr(ptr, ':')) {
> if (!(inet_pton(AF_INET6, (const char *) ptr,
> &mask.addr_un.ipv6) > 0))
> ArgusLog (LOG_ERR, "syntax error: %s %s", ptr,
> strerror(errno));
> -#if defined(_LITTLE_ENDIAN)
> - for (x = 0 ; x < 4 ; x++)
> - mask.addr_un.ipv6[x] = htonl(mask.addr_un.ipv6[x]);
> -#endif
> len = 128;
> } else
> if (strchr(ptr, '.')) {
> @@ -5710,8 +5706,8 @@
> #endif
> len = 32;
> } else {
> - if ((len = strtol(ptr, endptr, 10)) == 0)
> - if (*endptr == ptr)
> + if ((len = strtol(ptr, &endptr, 10)) == 0)
> + if ((endptr == ptr) || (*endptr != '\0'))
> ArgusLog (LOG_ERR, "syntax error: %s %s",
> ptr, strerror(errno));
>
> if (len <= 32)
> @@ -6077,7 +6073,7 @@
> return(argus_nametoeproto(str));
> }
>
> -/*
> +#if 0
> struct RaPolicyStruct *
> RaParsePolicyEntry (struct ArgusParserStruct *parser, char *str)
> {
> @@ -6485,7 +6481,7 @@
>
> return (retn);
> }
> -*/
> +#endif
>
> double
> ArgusFetchSrcId (struct ArgusRecordStruct *ns)
> @@ -6535,7 +6531,7 @@
> ArgusFetchAvgDuration (struct ArgusRecordStruct *ns)
> {
> double retn = 0;
> -/*
> +#if 0
> float ad1 = 0.0, ad2 = 0.0;
>
> if (n1 && n2) {
> @@ -6543,8 +6539,8 @@
> ad2 = RaGetFloatAvgDuration(n2);
> retn = (ad1 > ad2) ? 1 : ((ad1 == ad2) ? 0 : -1);
> }
> +#endif
>
> -*/
> return (retn);
> }
>
> @@ -6552,7 +6548,7 @@
> ArgusFetchMinDuration (struct ArgusRecordStruct *ns)
> {
> double retn = 0;
> -/*
> +#if 0
> float ad1 = 0.0, ad2 = 0.0;
>
> if (n1 && n2) {
> @@ -6560,8 +6556,8 @@
> ad2 = RaGetFloatMinDuration(n2);
> retn = (ad1 > ad2) ? 1 : ((ad1 == ad2) ? 0 : -1);
> }
> -
> -*/
> +#endif
> +
> return (ArgusReverseSortDir ? ((retn > 0) ? -1 : ((retn == 0) ?
> 0 : 1)) : retn);
> }
>
> @@ -6569,7 +6565,7 @@
> ArgusFetchMaxDuration (struct ArgusRecordStruct *ns)
> {
> double retn = 0;
> -/*
> +#if 0
> float ad1 = 0.0, ad2 = 0.0;
>
> if (n1 && n2) {
> @@ -6577,8 +6573,8 @@
> ad2 = RaGetFloatMaxDuration(n2);
> retn = (ad1 > ad2) ? 1 : ((ad1 == ad2) ? 0 : -1);
> }
> -
> -*/
> +#endif
> +
> return (retn);
> }
>
> @@ -6621,7 +6617,7 @@
> ArgusFetchProtocol (struct ArgusRecordStruct *ns)
> {
> double retn = 0;
> -/*
> +#if 0
> struct ArgusFlow *f1 = (struct ArgusFlow *) n1->dsrs
> [ARGUS_FLOW_INDEX];
> struct ArgusFlow *f2 = (struct ArgusFlow *) n2->dsrs
> [ARGUS_FLOW_INDEX];
> unsigned char p1 = 0, p2 = 0;
> @@ -6662,7 +6658,7 @@
> }
>
> retn = p1 - p2;
> -*/
> +#endif
> return(retn);
> }
>
> @@ -6670,7 +6666,7 @@
> ArgusFetchSrcPort (struct ArgusRecordStruct *ns)
> {
> double retn = 0;
> -/*
> +#if 0
> struct ArgusFlow *f1 = (struct ArgusFlow *) n1->dsrs
> [ARGUS_FLOW_INDEX];
> struct ArgusFlow *f2 = (struct ArgusFlow *) n2->dsrs
> [ARGUS_FLOW_INDEX];
> unsigned short p1 = 0, p2 = 0;
> @@ -6721,7 +6717,7 @@
> }
>
> retn = p1 - p2;
> -*/
> +#endif
> return(retn);
> }
>
>
Carter Bullard
CEO/President
QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20061016/afff5db2/attachment.html>
More information about the argus
mailing list