I'm back! segfault in newest argus

Michael Hornung hornung at cac.washington.edu
Fri Sep 7 14:45:23 EDT 2007 

I'm back with new hosts running (or trying to run) argus.  The host 
running argus is Intel (dual core Xeon 2.1Ghz, 2GB RAM) running 32 bit 
RHEL 5 (Linux).  Just this morning (9/7) I downloaded the most recent 
argus 3.0.0 and built with .devel.

Carter, let me know if you want me to run some more and make a pcap you 
can examine locally.

After running ~20 minutes or so I get:

(gdb) run
Starting program: /usr/local/sbin/argus
   ArgusWarning: argus[25845]: 07 Sep 07 10:28:01.825027 started
   ArgusWarning: argus[25845]: 07 Sep 07 10:28:01.825139
   ArgusGetInterfaceStatus: interface eth2 is up
      ArgusInfo: argus[25845]: 07 Sep 07 10:28:05.245676 connect from XXX

[ ... time passes ... ]

Program received signal SIGSEGV, Segmentation fault.
0x0805a337 in ArgusCreateFlowKey (model=0x9af7008, flow=0x9af73a8,
     hstruct=0x9af7310) at ArgusUtil.c:873
873           hstruct->hash ^= *ptr++;

(gdb) bt full
#0  0x0805a337 in ArgusCreateFlowKey (model=0x9af7008, flow=0x9af73a8,
     hstruct=0x9af7310) at ArgusUtil.c:873
         ptr = (unsigned int *) 0xaeb0000
         key = (unsigned int *) 0x9af7318
         retn = 0
         i = 5169978
         len = -1
#1  0x0804eb94 in ArgusProcessPacket (model=0x9af7008, p=0x9af81ca "",
     length=90, tvp=0xbfc8db90, type=0) at ArgusModeler.c:1029
         retn = 0
         tflow = (struct ArgusSystemFlow *) 0x9af73a8
         flow = (struct ArgusFlowStruct *) 0x9b01fd8
         nflow = (struct ArgusFlowStruct *) 0xa5ac888
         ptr = 0x9af81ca ""
         value = 0
#2  0x08056147 in ArgusEtherPacket (user=0xb7e8d008 "", h=0xbfc8db90,
     p=0x9af81ca "") at ArgusSource.c:683
         ep = (struct ether_header *) 0x9af81ca
         ind = 0
         src = (struct ArgusSourceStruct *) 0xb7e8d008
         tvp = (struct timeval *) 0xbfc8db90
         caplen = 90
         length = 90
         statbuf = {st_dev = 578105710815534056, __pad1 = 29384,
   __st_ino = 3217611520, st_mode = 3217611656, st_nlink = 1275960740,
   st_uid = 3086090240, st_gid = 1935745139, st_rdev = 5480000866624733183,
   __pad2 = 58336, st_size = -4627207617905117432, st_blksize = 1275861536,
   st_blocks = -5192083019272100456, st_atim = {tv_sec = 1, tv_nsec = 1},
   st_mtim = {tv_sec = 0, tv_nsec = 13158026}, st_ctim = {tv_sec = 
13152256,
     tv_nsec = 164972}, st_ino = 57196527433391524}
#3  0x00c90517 in pcap_open_live () from /usr/lib/libpcap.so.0.9.4
No symbol table info available.
#4  0x00c90987 in pcap_dispatch () from /usr/lib/libpcap.so.0.9.4
No symbol table info available.
#5  0x080581ad in ArgusGetPackets (src=0xb7e8d008) at ArgusSource.c:1730
         ArgusReadMask = {__fds_bits = {128, 0 <repeats 31 times>}}
         ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
         ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
         tmp = 1
         i = 0
         width = 7
         noerror = 1
         fd = 7
         found = 1
         up = 1
         wait = {tv_sec = 0, tv_usec = 20000}
#6  0x0804b657 in main (argc=1, argv=0xbfc8dfa4) at argus.c:567
         commandlinew = 0
         doconf = 0
         dodebug = 0
         i = 1
         pid = 0
         tmparg = 0x0
         filter = 0x0
         statbuf = {st_dev = 64768, __pad1 = 0, __st_ino = 36308341,
   st_mode = 33188, st_nlink = 1, st_uid = 0, st_gid = 0, st_rdev = 0,
   __pad2 = 0, st_size = 11791, st_blksize = 4096, st_blocks = 32, st_atim 
= {
     tv_sec = 1189185984, tv_nsec = 0}, st_mtim = {tv_sec = 1189185984,
     tv_nsec = 0}, st_ctim = {tv_sec = 1189185984, tv_nsec = 0},
   st_ino = 36308341}
         op = -1
         commandlinei = 0
         path = "/etc/argus.conf\000argus", '\0' <repeats 8170 times>

-Mike

More information about the argus mailing list