Argus-info Digest, Vol 19, Issue 20
CS Lee
geek00l at gmail.com
Thu Mar 15 19:14:55 EDT 2007
Carter,
Seriously, I vote for sasl2.
On 3/16/07, argus-info-request at lists.andrew.cmu.edu <
argus-info-request at lists.andrew.cmu.edu> wrote:
>
> Send Argus-info mailing list submissions to
> argus-info at lists.andrew.cmu.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
> or, via email, send a message with subject or body 'help' to
> argus-info-request at lists.andrew.cmu.edu
>
> You can reach the person managing the list at
> argus-info-owner at lists.andrew.cmu.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Argus-info digest..."
>
>
> Today's Topics:
>
> 1. Re: how to aggregate multiple similar tcp flows?
> (Christoph Badura)
> 2. how is the byteorder stuff supposed to work? (Christoph Badura)
> 3. Re: how is the byteorder stuff supposed to work? (Carter Bullard)
> 4. argus and sasl2 support (Carter Bullard)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 14 Mar 2007 18:31:49 +0100
> From: Christoph Badura <bad at bsd.de>
> Subject: Re: [ARGUS] how to aggregate multiple similar tcp flows?
> To: argus-info <argus-info at lists.andrew.cmu.edu>
> Message-ID: <20070314173149.GE5432 at irregular-apocalypse.k.bsd.de>
> Content-Type: text/plain; charset=us-ascii
>
> Hey Carter,
>
> On Mon, Mar 12, 2007 at 10:19:37PM -0400, Carter Bullard wrote:
> > Basically a problem with retransmissions
> > that occur way out of the window. Needed to account for winshift,
> > and the possibility that
> > this was finally the segment we were waiting for (very large window).
>
> what do you mean "way out of the window"? I'm certain that the sender
> never sent outside the window. And the receiver did advertise a window
> shift of 0.
>
> But it is fixed now. Many thanks.
>
> > ESP issue was really a fragmentation issue, and that is now fixed.
>
> I'm afraid that isn't fixed yet. I still get output like:
>
> $ ra -n -s +sloss +dloss -r trace9f.argus|head
> 16:49:21.850751 F esp 1.2.3.4 <->
> 4.3.2.1.0x0bf* 377 64 57990 51184
> CON 67882 0
> 16:49:21.853440 esp 4.3.2.1 ->
> 1.2.3.4.0x17e* 368 0 56400 0
> INT 0 0
> 16:49:22.858836 udp 1.2.3.4.500 <->
> 4.3.2.1.500 1 1 110 110
> CON 0 0
> 16:49:26.863293 F esp 4.3.2.1 ->
> 1.2.3.4.0x17e* 145 0 47886 0 INT
> 63 0
> 16:49:26.857781 F esp 1.2.3.4 <->
> 4.3.2.1.0x0bf* 97 80 38766 64000
> CON 45025 0
> 16:49:28.055817 udp 1.2.3.4.500 <->
> 4.3.2.1.500 1 1 110 110
> CON 0 0
> 16:49:31.960600 F esp 4.3.2.1 ->
> 1.2.3.4.0x17e* 7392 0 5598116 0 INT
> 944016 0
> 16:49:31.974272 F esp 1.2.3.4 <->
> 4.3.2.1.0x0bf* 2015 818 289482 654344
> CON 3606147 0
>
> I was wondering if this was a byte order issue and dug a bit into the
> code.
> It is not clear to me how the byte order thing works. See my next mail.
>
> --chris
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 14 Mar 2007 18:49:42 +0100
> From: Christoph Badura <bad at bsd.de>
> Subject: [ARGUS] how is the byteorder stuff supposed to work?
> To: argus-info <argus-info at lists.andrew.cmu.edu>
> Message-ID: <20070314174942.GF5432 at irregular-apocalypse.k.bsd.de>
> Content-Type: text/plain; charset=us-ascii
>
> Hey Carter,
>
> while looking for potential byte order issues I found the following code
> in include/compat.h:
>
> #if defined(CYGWIN)
> #define _LITTLE_ENDIAN
> #define USE_IPV6
> #else
>
> #if (__FreeBSD__)
> #if defined(BYTE_ORDER)
> #define __BYTE_ORDER BYTE_ORDER
> #endif
> #if defined(LITTLE_ENDIAN)
> #define __LITTLE_ENDIAN LITTLE_ENDIAN
> #endif
> #if defined(BIG_ENDIAN)
> #define __BIG_ENDIAN BIG_ENDIAN
> #endif
> #endif
>
> #if !defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
> #if __BYTE_ORDER == __LITTLE_ENDIAN
> #define _LITTLE_ENDIAN
> #else
> #define _BIG_ENDIAN
> #endif
> #endif
> #endif
>
> and later you have a lot of places that check for "#ifdef _LITTLE_ENDIAN"
> all over the source code.
>
> I don't understand how that is supposed to work.
>
> First there is the problem of you re-defining symbols in the
> implementation
> namespace that you aren't supposed to touch (the ones with a single
> underscore
> in front).
>
> Second both NetBSD (what I am using) and FreeBSD *always* define
> _LITTLE_ENDIAN
> and _BIG_ENDIAN in system header files (sys/endian.h and machine/endian.h,
> but
> pulling in sys/types.h or arpa/inet.h does the job).
>
> So, _LITTLE_ENDIAN is always defined on those machines, even if they are
> big-endian machines, like e.g. NetBSD/macppc or FreeBSD/sparc. So, later
> testing "#ifdef _LITTLE_ENDIAN" is going to give the wrong answer.
>
> Maybe you want to use ARGUS_LITTLE_ENDIAN and ARGUS_BIG_ENDIAN and change
> the above code like so:
>
> #if defined(CYGWIN)
> #define ARGUS_LITTLE_ENDIAN
> #define USE_IPV6
> #else
>
> #if defined(__FreeBSD__) || defined(__NetBSD__)
> #ifndef _BYTE_ORDER
> #error can't determine machine byte order
> #endif
> #define __BYTE_ORDER _BYTE_ORDER
> #define __LITTLE_ENDIAN _LITTLE_ENDIAN
> #define __BIG_ENDIAN _BIG_ENDIAN
> #endif
>
> #if __BYTE_ORDER == __LITTLE_ENDIAN
> #define ARGUS_LITTLE_ENDIAN
> #else
> #define ARGUS_BIG_ENDIAN
> #endif
>
> and change all the uses of "#ifdef _LITTLE_ENDIAN" accordingly.
>
> --chris
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 14 Mar 2007 15:25:41 -0400
> From: Carter Bullard <carter at qosient.com>
> Subject: Re: [ARGUS] how is the byteorder stuff supposed to work?
> To: Christoph Badura <bad at bsd.de>
> Cc: argus-info <argus-info at lists.andrew.cmu.edu>
> Message-ID: <BB8E9EB2-58ED-4026-B3DA-E6137991DF03 at qosient.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Need a problem to solve. I don't think this is a problem
> Carter
>
>
> On Mar 14, 2007, at 1:49 PM, Christoph Badura wrote:
>
> > Hey Carter,
> >
> > while looking for potential byte order issues I found the following
> > code
> > in include/compat.h:
> >
> > #if defined(CYGWIN)
> > #define _LITTLE_ENDIAN
> > #define USE_IPV6
> > #else
> >
> > #if (__FreeBSD__)
> > #if defined(BYTE_ORDER)
> > #define __BYTE_ORDER BYTE_ORDER
> > #endif
> > #if defined(LITTLE_ENDIAN)
> > #define __LITTLE_ENDIAN LITTLE_ENDIAN
> > #endif
> > #if defined(BIG_ENDIAN)
> > #define __BIG_ENDIAN BIG_ENDIAN
> > #endif
> > #endif
> >
> > #if !defined(_LITTLE_ENDIAN) && !defined(_BIG_ENDIAN)
> > #if __BYTE_ORDER == __LITTLE_ENDIAN
> > #define _LITTLE_ENDIAN
> > #else
> > #define _BIG_ENDIAN
> > #endif
> > #endif
> > #endif
> >
> > and later you have a lot of places that check for "#ifdef
> > _LITTLE_ENDIAN"
> > all over the source code.
> >
> > I don't understand how that is supposed to work.
> >
> > First there is the problem of you re-defining symbols in the
> > implementation
> > namespace that you aren't supposed to touch (the ones with a single
> > underscore
> > in front).
> >
> > Second both NetBSD (what I am using) and FreeBSD *always* define
> > _LITTLE_ENDIAN
> > and _BIG_ENDIAN in system header files (sys/endian.h and machine/
> > endian.h, but
> > pulling in sys/types.h or arpa/inet.h does the job).
> >
> > So, _LITTLE_ENDIAN is always defined on those machines, even if
> > they are
> > big-endian machines, like e.g. NetBSD/macppc or FreeBSD/sparc. So,
> > later
> > testing "#ifdef _LITTLE_ENDIAN" is going to give the wrong answer.
> >
> > Maybe you want to use ARGUS_LITTLE_ENDIAN and ARGUS_BIG_ENDIAN and
> > change
> > the above code like so:
> >
> > #if defined(CYGWIN)
> > #define ARGUS_LITTLE_ENDIAN
> > #define USE_IPV6
> > #else
> >
> > #if defined(__FreeBSD__) || defined(__NetBSD__)
> > #ifndef _BYTE_ORDER
> > #error can't determine machine byte order
> > #endif
> > #define __BYTE_ORDER _BYTE_ORDER
> > #define __LITTLE_ENDIAN _LITTLE_ENDIAN
> > #define __BIG_ENDIAN _BIG_ENDIAN
> > #endif
> >
> > #if __BYTE_ORDER == __LITTLE_ENDIAN
> > #define ARGUS_LITTLE_ENDIAN
> > #else
> > #define ARGUS_BIG_ENDIAN
> > #endif
> >
> > and change all the uses of "#ifdef _LITTLE_ENDIAN" accordingly.
> >
> > --chris
> >
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E. 57th Street Suite 12D
> New York, New York 10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://lists.andrew.cmu.edu/mailman/private/argus-info/attachments/20070314/690fc4e3/attachment-0001.html
>
> ------------------------------
>
> Message: 4
> Date: Thu, 15 Mar 2007 11:14:57 -0400
> From: Carter Bullard <carter at qosient.com>
> Subject: [ARGUS] argus and sasl2 support
> To: Argus <argus-info at lists.andrew.cmu.edu>
> Message-ID: <CAA10A2D-ED74-4564-BEDC-4A21CB8728F3 at qosient.com>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
> So I did a little research, and because sasl1 is basically
> unsupported now, we should shift argus to sasl2 before
> we release the code. I'll try to have it finished today.
>
> It is a major change, and not much hope for backward
> compatibility, but I will try to offer both sasl1 and sasl2
> support if there is an urgent need. if not, I'll do the
> sasl2 thing.
>
> Hope all is most excellent,
>
> Carter
>
>
> ------------------------------
>
> _______________________________________________
> Argus-info mailing list
> Argus-info at lists.andrew.cmu.edu
> https://lists.andrew.cmu.edu/mailman/listinfo/argus-info
>
>
> End of Argus-info Digest, Vol 19, Issue 20
> ******************************************
>
--
Best Regards,
CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20070316/ad8317ca/attachment.html>
More information about the argus
mailing list