new software on the server, ..., almost done
Michael Hornung
hornung at cac.washington.edu
Mon Sep 10 15:42:48 EDT 2007
Hi Carter.
If it matters, my monitoring setup includes a mirrored switch port which
is copying backbone traffic to/from one port over to the port serving my
argus box, though I additionally see ARPs on the local network this switch
is attached to. I don't think that's what might cause trouble.
The backbone I'm monitoring could most certainly have tunnels (of the GRE
variety, and most certainly others) with ARP inside them. In fact we have
a wireless deployment traversing my monitoring point, and the APs talk to
the controllers over GRE tunnels and there may be ARPs in those
conversations.
The IPs you gave me do not belong to my organization, but that doesn't
mean it is unexpected to see them in my data.
-Mike
On Mon, 10 Sep 2007 at 15:11, Carter Bullard wrote:
|Hey Michael,
|So, there maybe some issues with GRE tunnel parsing, or at least that is
|what it looks like. Are you guys running GRE on the monitored link? The
|encapsulation index thinks that is the case, but the packet format isn't
|quite right, at least to my eye. Are these addresses at all legitimate?
|
| 42.236.6.12 or 135.254.172.28
|
|or some combination of digits meaningful?
|
|Carter
|
|
|
|On Sep 10, 2007, at 2:54 PM, Michael Hornung wrote:
|
|> (gdb) print *(struct ip *)0x85a000a
|> $14 = {ip_hl = 0, ip_v = 0, ip_tos = 76 'L', ip_len = 5976, ip_id = 47360,
|> ip_off = 12285, ip_ttl = 192 '�, ip_p = 80 'P', ip_sum = 23365, ip_src
|> = {
|> s_addr = 481099399}, ip_dst = {s_addr = 201780266}}
|>
|> (gdb) print model->ArgusThisEncaps
|> $15 = 66
|>
|> (gdb) print model->ArgusThisIpHdr
|> $16 = (void *) 0x0
|>
|> -Mike
|>
|> On Mon, 10 Sep 2007 at 14:31, Carter Bullard wrote:
|>
|> |Hey Michael,
|> |Progress. So it looks like argus thinks this is an arp packet inside an IP
|> |tunnel.
|> |Not really what you expect to see in an IP tunnel, so lets try a few things,
|> if
|> |you don't mind.
|> |
|> |so could you try this:
|> |
|> | (gdb) *(struct ip *)0x85a000a
|> | (gdb) print model->ArgusThisEncaps
|> | (gdb) print model->ArgusThisIpHdr
|> |
|> |Carter
|> |
|> |
|> |
|> |
|> |On Sep 10, 2007, at 2:00 PM, Michael Hornung wrote:
|> |
|> |> (gdb) print model->ArgusThisNetworkFlowType
|> |> $9 = 2054
|> |>
|> |> (gdb) print model->ArgusThisLength
|> |> $10 = 90
|> |>
|> |> (gdb) print model->ArgusSnapLength
|> |> $11 = 52
|> |>
|> |> (gdb) print (struct ether_header *)model->ArgusThisEpHdr
|> |> $12 = (struct ether_header *) 0x859fffa
|> |>
|> |> (gdb) up
|> |> #2 0x0804f531 in ArgusProcessPacket (model=0x859f008, p=0x859fffa "",
|> |> length=90, tvp=0xbfe06d10, type=0) at ArgusModeler.c:1072
|> |> 1072 if ((nflow = ArgusNewFlow(model, model->ArgusThisFlow,
|> |> model->hstruct, model->ArgusStatusQueue)) != NULL)
|> |>
|> |> (gdb) x/32x p
|> |> 0x859fffa: 0xb3f21400 0x18004cb1 0xccc31574 0x00450800
|> |> 0x85a000a: 0x17584c00 0x2ffdb900 0x5b4550c0 0x1cacfe87
|> |> 0x85a001a: 0x0c06ec2a 0x0c080608 0x0608060c 0x0d070c09
|> |> 0x85a002a: 0x090d0709 0x06090f06 0x0f06070f 0x080f0607
|> |> 0x85a003a: 0x07081007 0x10070810 0x08100708 0x07081007
|> |> 0x85a004a: 0x0e040510 0x050d0304 0x87af1006 0x8a0a5827
|> |> 0x85a005a: 0x00890000 0x10800000 0x00002000 0x71e50000
|> |> 0x85a006a: 0x0000cb2d 0x00000000 0x00000000 0xe1460000
|> |>
|> |> -Mike
|> |>
|> |> On Mon, 10 Sep 2007 at 13:57, Carter Bullard wrote:
|> |>
|> |> |Great, unfortunately there is more information that is needed:
|> |> | (gdb) print model->ArgusThisNetworkFlowType
|> |> | (gdb) print model->ArgusThisLength
|> |> | (gdb) print model->ArgusSnapLength
|> |> | (gdb) print (struct ether_header *)model->ArgusThisEpHdr
|> |> |
|> |> |And then assuming your context is in ArgusNewFlow
|> |> | (gdb) up
|> |> |
|> |> |That should put you in ArgusProcessPacket
|> |> | (gdb) x/32x p
|> |> |
|> |> |Thanks for all the help!!!!!
|> |> |
|> |> |Carter
|> |> |
|> |> |
|> |> |On Sep 10, 2007, at 1:19 PM, Michael Hornung wrote:
|> |> |
|> |> |> (gdb) print model->ArgusThisSnapLen
|> |> |> There is no member named ArgusThisSnapLen.
|> |> |>
|> |> |> (gdb) print model->ArgusThisSnapEnd
|> |> |> $4 = (unsigned char *) 0x85a0054 "�\207'X\n\212"
|> |> |>
|> |> |> (gdb) print model->ArgusThisEpHdr
|> |> |> $5 = (struct ether_header *) 0x859fffa
|> |> |>
|> |> |> (gdb) print model->ArgusThisNetworkHdr
|> |> |> $6 = (void *) 0x0
|> |> |>
|> |> |> (gdb) print *((struct arphdr *)model->ArgusThisUpHdr)
|> |> |> $7 = {ar_hrd = 3080, ar_pro = 1548, ar_hln = 8 '\b', ar_pln = 6 '\006',
|> |> |> ar_op = 3081}
|> |> |>
|> |> |> (gdb) x/32x model->ArgusThisUpHdr
|> |> |> 0x85a0020: 0x060c0c08 0x0c090608 0x07090d07
|> 0x0f06090d
|> |> |> 0x85a0030: 0x070f0609 0x06070f06 0x1007080f
|> 0x08100708
|> |> |> 0x85a0040: 0x07081007 0x10070810 0x05100708
|> 0x03040e04
|> |> |> 0x85a0050: 0x1006050d 0x582787af 0x00008a0a
|> 0x00000089
|> |> |> 0x85a0060: 0x20001080 0x00000000 0xcb2d71e5
|> 0x00000000
|> |> |> 0x85a0070: 0x00000000 0x00000000 0x60d2e146
|> 0x24210c00
|> |> |> 0x85a0080: 0x61d246e1 0xb60d0800 0x00000003
|> 0x3c000500
|> |> |> 0x85a0090: 0x00000000 0x00000000 0x00000000
|> 0x00000000
|> |> |>
|> |> |> -Mike
|> |> |>
|> |> |> On Mon, 10 Sep 2007 at 13:08, Carter Bullard wrote:
|> |> |>
|> |> |> |So it looks quickly like your trying to build an Arp flow key, for
|> |> either
|> |> |> an
|> |> |> |illegal op code, or you didn't get enough data in the snaplen to get
|> |> |> |all the arp information. So, if you still have the info, lets dump
|> the
|> |> |> packet
|> |> |> |contents, and I'll try to figure it out:
|> |> |> |
|> |> |> | (gdb) print model->ArgusThisSnapLen
|> |> |> | (gdb) print model->ArgusThisSnapEnd
|> |> |> | (gdb) print model->ArgusThisEpHdr
|> |> |> | (gdb) print model->ArgusThisNetworkHdr
|> |> |> |
|> |> |> | (gdb) print *((struct arphdr *)model->ArgusThisUpHdr)
|> |> |> | (gdb) x/32x model->ArgusThisUpHdr
|> |> |> |
|> |> |> |Carter
|> |> |> |
|> |> |> |On Sep 10, 2007, at 11:45 AM, Michael Hornung wrote:
|> |> |> |
|> |> |> |> (gdb) print *flow
|> |> |> |> $1 = {hdr = {type = 2 '\002', subtype = 6 '\006', dsr_un = {fl =
|> {data
|> |> =
|> |> |> |> 0},
|> |> |> |> vl8 = {qual = 0 '\0', len = 0 '\0'}, vl16 = {len = 0}}},
|> flow_un =
|> |> {
|> |> |> |> ipv6 = {ip_src = {0, 0, 0, 0}, ip_dst = {0, 0, 0, 0}, flow = 0,
|> resv
|> |> =
|> |> |> |> 0,
|> |> |> |> ip_p = 0, sport = 0, dport = 0}, ip = {ip_src = 0, ip_dst = 0,
|> |> |> |> ip_p = 0 '\0', tp_p = 0 '\0', sport = 0, dport = 0, pad = 0},
|> mac
|> |> =
|> |> |> |> {
|> |> |> |> ehdr = {ether_dhost = "\000\000\000\000\000",
|> |> |> |> ether_shost = "\000\000\000\000\000", ether_type = 0}, dsap =
|> 0
|> |> |> |> '\0',
|> |> |> |> ssap = 0 '\0'}, icmpv6 = {ip_src = {0, 0, 0, 0}, ip_dst = {0,
|> 0,
|> |> 0,
|> |> |> |> 0},
|> |> |> |> flow = 0, resv = 0, ip_p = 0, type = 0 '\0', code = 0 '\0', id
|> =
|> |> 0},
|> |> |> |> icmp = {ip_src = 0, ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0',
|> |> |> |> type = 0 '\0', code = 0 '\0', id = 0, ip_id = 0}, igmpv6 =
|> {ip_src
|> |> =
|> |> |> |> {0,
|> |> |> |> 0, 0, 0}, ip_dst = {0, 0, 0, 0}, flow = 0, resv = 0, ip_p =
|> 0,
|> |> |> |> type = 0 '\0', code = 0 '\0', pad = 0}, igmp = {ip_src = 0,
|> ip_dst
|> |> =
|> |> |> |> 0,
|> |> |> |> ip_p = 0 '\0', tp_p = 0 '\0', type = 0 '\0', code = 0 '\0', pad
|> =
|> |> 0,
|> |> |> |> ip_id = 0}, espv6 = {ip_src = {0, 0, 0, 0}, ip_dst = {0, 0, 0,
|> 0},
|> |> |> |> flow = 0, resv = 0, ip_p = 0, spi = 0}, esp = {ip_src = 0,
|> ip_dst
|> |> =
|> |> |> |> 0,
|> |> |> |> ip_p = 0 '\0', tp_p = 0 '\0', pad = 0, spi = 0}, arp = {hrd =
|> 0,
|> |> |> |> pro = 0, hln = 0 '\0', pln = 0 '\0', op = 0, arp_spa = 0,
|> arp_tpa
|> |> =
|> |> |> |> 0,
|> |> |> |> haddr = {{ethernet = "\000\000\000\000\000",
|> |> |> |> ib = '\0' <repeats 31 times>, ieee1394 = '\0' <repeats 15
|> |> |> |> times>,
|> |> |> |> framerelay = "\000\000\000", tokenring =
|> |> "\000\000\000\000\000",
|> |> |> |> arcnet = "", fiberchannel = '\0' <repeats 11 times>,
|> |> |> |> atm = '\0' <repeats 19 times>}}}, rarp = {hrd = 0, pro = 0,
|> |> |> |> hln = 0 '\0', pln = 0 '\0', op = 0, arp_tpa = 0, shaddr = {{
|> |> |> |> ethernet = "\000\000\000\000\000", ib = '\0' <repeats 31
|> |> times>,
|> |> |> |> ieee1394 = '\0' <repeats 15 times>, framerelay =
|> |> "\000\000\000",
|> |> |> |> tokenring = "\000\000\000\000\000", arcnet = "",
|> |> |> |> fiberchannel = '\0' <repeats 11 times>,
|> |> |> |> atm = '\0' <repeats 19 times>}}, dhaddr = {{
|> |> |> |> ethernet = "\000\000\000\000\000", ib = '\0' <repeats 31
|> |> times>,
|> |> |> |> ieee1394 = '\0' <repeats 15 times>, framerelay =
|> |> "\000\000\000",
|> |> |> |> tokenring = "\000\000\000\000\000", arcnet = "",
|> |> |> |> fiberchannel = '\0' <repeats 11 times>,
|> |> |> |> atm = '\0' <repeats 19 times>}}}, fragv6 = {ip_src = {0, 0,
|> 0,
|> |> |> |> 0},
|> |> |> |> ip_dst = {0, 0, 0, 0}, flow = 0, resv = 0, ip_p = 0, ip_id =
|> 0},
|> |> |> |> frag = {
|> |> |> |> ip_src = 0, ip_dst = 0, ip_p = 0 '\0', tp_p = 0 '\0', pad = {0,
|> |> 0},
|> |> |> |> ip_id = 0}}}
|> |> |> |>
|> |> |> |>
|> |> |> |> (gdb) print *hstruct
|> |> |> |> $3 = {len = 0, hash = 0, key = {0 <repeats 24 times>}}
|> |> |> |>
|> |> |> |>
|> |> |> |> -Mike
|> |> |> |>
|> |> |> |> On Sun, 9 Sep 2007 at 16:52, Carter Bullard wrote:
|> |> |> |>
|> |> |> |> |OK, well like I said earlier, we need to know what kind of packet
|> this
|> |> |> is,
|> |> |> |> |and the flow struct that we created as the key to the flow should
|> tell
|> |> |> us.
|> |> |> |> |
|> |> |> |> |So, in gdb:
|> |> |> |> |
|> |> |> |> |(gdb) print *flow
|> |> |> |> |
|> |> |> |> |in ArgusNewFlow() will give us most of the info we need.
|> |> |> |> |But in addition, we should also get the contents of the hstruct:
|> |> |> |> |
|> |> |> |> |(gdb) print *hstruct
|> |> |> |> |
|> |> |> |> |that should tell us enough in this situation.
|> |> |> |> |
|> |> |> |> |Carter
|> |> |> |> |
|> |> |> |> |On Sep 7, 2007, at 6:27 PM, Michael Hornung wrote:
|> |> |> |> |
|> |> |> |> |> Here's where it gets me:
|> |> |> |> |>
|> |> |> |> |> (gdb) run
|> |> |> |> |> Starting program: /usr/local/sbin/argus
|> |> |> |> |> ArgusWarning: argus[29876]: 07 Sep 07 15:19:15.920346 started
|> |> |> |> |> ArgusWarning: argus[29876]: 07 Sep 07 15:19:15.920527
|> |> |> |> |> ArgusGetInterfaceStatus: interface eth2 is up
|> |> |> |> |> ArgusInfo: argus[29876]: 07 Sep 07 15:19:18.541138 connect
|> from
|> |> |> |> |> marathon.cac.washington.edu
|> |> |> |> |>
|> |> |> |> |> Program received signal SIGSEGV, Segmentation fault.
|> |> |> |> |> 0x4c13e663 in bcopy () from /lib/libc.so.6
|> |> |> |> |>
|> |> |> |> |> (gdb) bt full
|> |> |> |> |> #0 0x4c13e663 in bcopy () from /lib/libc.so.6
|> |> |> |> |> No symbol table info available.
|> |> |> |> |> #1 0x0804ff55 in ArgusNewFlow (model=0x8fab008, flow=0x8fab3a8,
|> |> |> |> |> hstruct=0x8fab310, queue=0x8fab380) at ArgusModeler.c:1469
|> |> |> |> |> retn = (struct ArgusFlowStruct *) 0x9281420
|> |> |> |> |> timeout = 5
|> |> |> |> |> userlen = 0
|> |> |> |> |> #2 0x0804ef30 in ArgusProcessPacket (model=0x8fab008,
|> p=0x8fac1ea
|> |> "",
|> |> |> |> |> length=90, tvp=0xbfd68c70, type=0) at ArgusModeler.c:1072
|> |> |> |> |> retn = 0
|> |> |> |> |> tflow = (struct ArgusSystemFlow *) 0x8fab3a8
|> |> |> |> |> flow = (struct ArgusFlowStruct *) 0x0
|> |> |> |> |> nflow = (struct ArgusFlowStruct *) 0x9eb7b80
|> |> |> |> |> ptr = 0x8fac1ea ""
|> |> |> |> |> value = 0
|> |> |> |> |> #3 0x0805655b in ArgusEtherPacket (user=0xb7ed9008 "",
|> |> h=0xbfd68c70,
|> |> |> |> |> p=0x8fac1ea "") at ArgusSource.c:683
|> |> |> |> |> ep = (struct ether_header *) 0x8fac1ea
|> |> |> |> |> ind = 0
|> |> |> |> |> src = (struct ArgusSourceStruct *) 0xb7ed9008
|> |> |> |> |> tvp = (struct timeval *) 0xbfd68c70
|> |> |> |> |> caplen = 90
|> |> |> |> |> length = 90
|> |> |> |> |> statbuf = {st_dev = 578110229122026696, __pad1 = 45768,
|> |> |> |> |> __st_ino = 3218508768, st_mode = 3218508904, st_nlink =
|> 1275960740,
|> |> |> |> |> st_uid = 3086401536, st_gid = 1935745139, st_rdev =
|> |> |> 5480000866624733183,
|> |> |> |> |> __pad2 = 41952, st_size = -4623353967097284856, st_blksize =
|> |> |> 1275861536,
|> |> |> |> |> st_blocks = -5190746013132413544, st_atim = {tv_sec = 1, tv_nsec
|> =
|> |> 1},
|> |> |> |> |> st_mtim = {tv_sec = 0, tv_nsec = 4589194}, st_ctim = {tv_sec =
|> |> |> 4583424,
|> |> |> |> |> tv_nsec = 164972}, st_ino = 20393674228473252}
|> |> |> |> |> #4 0x00464517 in pcap_open_live () from
|> /usr/lib/libpcap.so.0.9.4
|> |> |> |> |> No symbol table info available.
|> |> |> |> |> #5 0x00464987 in pcap_dispatch () from /usr/lib/libpcap.so.0.9.4
|> |> |> |> |> No symbol table info available.
|> |> |> |> |> #6 0x080585c1 in ArgusGetPackets (src=0xb7ed9008) at
|> |> |> ArgusSource.c:1730
|> |> |> |> |> ArgusReadMask = {__fds_bits = {128, 0 <repeats 31 times>}}
|> |> |> |> |> ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
|> |> |> |> |> ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
|> |> |> |> |> tmp = 1
|> |> |> |> |> i = 0
|> |> |> |> |> width = 7
|> |> |> |> |> noerror = 1
|> |> |> |> |> fd = 7
|> |> |> |> |> found = 1
|> |> |> |> |> up = 1
|> |> |> |> |> wait = {tv_sec = 0, tv_usec = 20000}
|> |> |> |> |> #7 0x0804b687 in main (argc=1, argv=0xbfd69084) at argus.c:567
|> |> |> |> |> commandlinew = 0
|> |> |> |> |> doconf = 0
|> |> |> |> |> dodebug = 0
|> |> |> |> |> i = 1
|> |> |> |> |> pid = 0
|> |> |> |> |> tmparg = 0x0
|> |> |> |> |> filter = 0x0
|> |> |> |> |> statbuf = {st_dev = 64768, __pad1 = 0, __st_ino =
|> 36308349,
|> |> |> |> |> st_mode = 33188, st_nlink = 1, st_uid = 0, st_gid = 0, st_rdev =
|> 0,
|> |> |> |> |> __pad2 = 0, st_size = 11781, st_blksize = 4096, st_blocks = 32,
|> |> |> st_atim
|> |> |> |> |> = {
|> |> |> |> |> tv_sec = 1189199340, tv_nsec = 0}, st_mtim = {tv_sec =
|> |> 1189199328,
|> |> |> |> |> tv_nsec = 0}, st_ctim = {tv_sec = 1189199328, tv_nsec = 0},
|> |> |> |> |> st_ino = 36308349}
|> |> |> |> |> op = -1
|> |> |> |> |> commandlinei = 0
|> |> |> |> |> path = "/etc/argus.conf\000argus", '\0' <repeats 8170
|> times>
|> |> |> |> |>
|> |> |> |> |> (gdb) up
|> |> |> |> |> #1 0x0804ff55 in ArgusNewFlow (model=0x8fab008, flow=0x8fab3a8,
|> |> |> |> |> hstruct=0x8fab310, queue=0x8fab380) at ArgusModeler.c:1469
|> |> |> |> |> 1469 bcopy ((char *)&flow->flow_un, (char
|> |> |> |> |> *)&retn->canon.flow.flow_un, (flow->hdr.argus_dsrvl8.len - 1) *
|> 4);
|> |> |> |> |>
|> |> |> |> |> (gdb) print (char *)&flow->flow_un
|> |> |> |> |> $1 = 0x8fab3ac ""
|> |> |> |> |>
|> |> |> |> |> (gdb) print (char *)&retn->canon.flow.flow_un
|> |> |> |> |> $3 = 0x92815b4 ""
|> |> |> |> |>
|> |> |> |> |> (gdb) print flow->hdr.argus_dsrvl8.len
|> |> |> |> |> There is no member named argus_dsrvl8.
|> |> |> |> |>
|> |> |> |> |> Hrmm.
|> |> |> |> |>
|> |> |> |> |> -Mike
|> |> |> |> |>
|> |> |> |> |> On Fri, 7 Sep 2007 at 17:04, Carter Bullard wrote:
|> |> |> |> |>
|> |> |> |> |> |I think I found something that could be the cause of your
|> problem,
|> |> |> |> |> |although its a medium shot (as opposed to a long shot ;o)
|> |> |> |> |> |
|> |> |> |> |> |I'll have a new argus and clients up on the server, and it could
|> |> fix
|> |> |> |> |> |Michael's problem as well, only because there are multiple
|> changes
|> |> |> |> |> |in this update.
|> |> |> |> |> |
|> |> |> |> |> |So for Peter, I have a few more checks, and we shouldn't die if
|> we
|> |> |> |> |> |have your problem, now (should not die). For Michael, I put in
|> |> some
|> |> |> |> |> |checks for zero length hash structs, and we should survive them
|> |> |> |> |> |much better.
|> |> |> |> |> |
|> |> |> |> |> |Carter
|> |> |> |> |> |
|> |> |> |> |> |On Sep 7, 2007, at 2:20 PM, Peter Van Epp wrote:
|> |> |> |> |> |
|> |> |> |> |> |> On Fri, Sep 07, 2007 at 12:36:38PM -0400, Carter Bullard
|> wrote:
|> |> |> |> |> |> > Hey Peter,
|> |> |> |> |> |> > Well that is good news!!!
|> |> |> |> |> |> >
|> |> |> |> |> |> > So there is another update, to support ARP functions for IP
|> |> over
|> |> |> |> |> |> > Inifiniband and
|> |> |> |> |> |> > ATM, which is a pretty big change, as the physical addresses
|> |> (mac
|> |> |> |> |> |> > addresses)
|> |> |> |> |> |> > can be rather large (physical address for infiniband is what
|> 32
|> |> |> bytes
|> |> |> |> |> |> > long.
|> |> |> |> |> |> > So the flow model for ARP had to change to accommodate that.
|> |> |> |> |> |> >
|> |> |> |> |> |> > I'll put it and new matching clients up later today, or on
|> |> Sunday,
|> |> |> |> |> |> > depending on
|> |> |> |> |> |> > how far I get on documentation, etc...., If someone is
|> |> |> interested
|> |> |> |> |> |> > in monitoring
|> |> |> |> |> |> > IP over infinifband on there OpenIB adapter this weekend,
|> yell
|> |> and
|> |> |> |> |> |> > I'll put it up
|> |> |> |> |> |> > sooner.
|> |> |> |> |> |> >
|> |> |> |> |> |> > Carter
|> |> |> |> |> |>
|> |> |> |> |> |> Unfortunatly it didn't hold (must be traffic of some
|> kind). It
|> |> |> |> looks
|> |> |> |> |> |> like the problem is that retn->dsrs[i] is NULL which makes
|> |> copying
|> |> |> in
|> |> |> |> to
|> |> |> |> |> |> it difficult :-).
|> |> |> |> |> |>
|> |> |> |> |> |> test4:/var/log/argus vanepp$ ra3 -r
|> |> |> |> |> |>
|> |> |> |> |>
|> |> |> |>
|> |> |>
|> |>
|> /archive/argus3/com_argus.archive/2007/09/07/com_argus.2007.09.07.09.00.00.0.gz
|> |> |> |> |> |> -n >t
|> |> |> |> |> |> ra3(10073,0xa000ed88) malloc: *** vm_allocate(size=8421376)
|> |> failed
|> |> |> |> (error
|> |> |> |> |> |> code=3)
|> |> |> |> |> |> ra3(10073,0xa000ed88) malloc: *** error: can't allocate region
|> |> |> |> |> |> ra3(10073,0xa000ed88) malloc: *** set a breakpoint in
|> szone_error
|> |> to
|> |> |> |> debug
|> |> |> |> |> |> Bus error (core dumped)
|> |> |> |> |> |> test4:/var/log/argus vanepp$ ls /cores
|> |> |> |> |> |> core.10073 core.5848
|> |> |> |> |> |> test4:/var/log/argus vanepp$ ls -l /cores
|> |> |> |> |> |> total 8574696
|> |> |> |> |> |> -r-------- 1 vanepp admin 2191327232 Sep 7 11:15
|> core.10073
|> |> |> |> |> |> -r-------- 1 vanepp admin 2198917120 Sep 6 19:03
|> core.5848
|> |> |> |> |> |> test4:/var/log/argus vanepp$ gdb ra3 /cores/core.10073
|> |> |> |> |> |> GNU gdb 6.3.50-20050815 (Apple version gdb-563) (Wed Jul 19
|> |> 05:17:43
|> |> |> |> GMT
|> |> |> |> |> |> 2006)
|> |> |> |> |> |> Copyright 2004 Free Software Foundation, Inc.
|> |> |> |> |> |> GDB is free software, covered by the GNU General Public
|> License,
|> |> and
|> |> |> |> you
|> |> |> |> |> are
|> |> |> |> |> |> welcome to change it and/or distribute copies of it under
|> certain
|> |> |> |> |> conditions.
|> |> |> |> |> |> Type "show copying" to see the conditions.
|> |> |> |> |> |> There is absolutely no warranty for GDB. Type "show warranty"
|> |> for
|> |> |> |> |> details.
|> |> |> |> |> |> This GDB was configured as "powerpc-apple-darwin"...Reading
|> |> symbols
|> |> |> for
|> |> |> |> |> |> shared libraries .. done
|> |> |> |> |> |>
|> |> |> |> |> |> Core was generated by `/usr/local/bin/ra3'.
|> |> |> |> |> |> #0 0xffff8a74 in ___memcpy () at
|> |> |> |> |> |>
|> |> |> |> |>
|> |> |> |>
|> |> |>
|> |>
|> /System/Library/Frameworks/System.framework/PrivateHeaders/ppc/cpu_capabilities.h:189
|> |> |> |> |> |> 189
|> |> |> |> |> |>
|> |> |> |> |>
|> |> |> |>
|> |> |>
|> |>
|> /System/Library/Frameworks/System.framework/PrivateHeaders/ppc/cpu_capabilities.h:
|> |> |> |> |> |> No such file or directory.
|> |> |> |> |> |> in
|> |> |> |> |> |>
|> |> |> |> |>
|> |> |> |>
|> |> |>
|> |>
|> /System/Library/Frameworks/System.framework/PrivateHeaders/ppc/cpu_capabilities.h
|> |> |> |> |> |> (gdb) where
|> |> |> |> |> |> #0 0xffff8a74 in ___memcpy () at
|> |> |> |> |> |>
|> |> |> |> |>
|> |> |> |>
|> |> |>
|> |>
|> /System/Library/Frameworks/System.framework/PrivateHeaders/ppc/cpu_capabilities.h:189
|> |> |> |> |> |> #1 0x0005c804 in ArgusCopyRecordStruct (rec=0x405234) at
|> |> |> |> |> |> ./argus_client.c:3359
|> |> |> |> |> |> #2 0x0000979c in RaScheduleRecord (parser=0x288000,
|> |> argus=0x405234)
|> |> |> at
|> |> |> |> |> |> ./argus_util.c:840
|> |> |> |> |> |> #3 0x00009c2c in ArgusHandleDatum (parser=0x288000,
|> |> input=0x405000,
|> |> |> |> |> |> ptr=0x632bc4, filter=0x299f40) at ./argus_util.c:919
|> |> |> |> |> |> #4 0x00056e34 in ArgusReadStreamSocket (parser=0x288000,
|> |> |> |> input=0x405000)
|> |> |> |> |> at
|> |> |> |> |> |> ./argus_client.c:1638
|> |> |> |> |> |> #5 0x0005713c in ArgusReadFileStream (parser=0x288000,
|> |> |> input=0x405000)
|> |> |> |> at
|> |> |> |> |> |> ./argus_client.c:1700
|> |> |> |> |> |> #6 0x00003b44 in main (argc=4, argv=0xbffffc18) at
|> |> |> ./argus_main.c:238
|> |> |> |> |> |> (gdb) up
|> |> |> |> |> |> #1 0x0005c804 in ArgusCopyRecordStruct (rec=0x405234) at
|> |> |> |> |> |> ./argus_client.c:3359
|> |> |> |> |> |> 3359 bcopy (rec->dsrs[i],
|> |> retn->dsrs[i],
|> |> |> |> size +
|> |> |> |> |> |> 8);
|> |> |> |> |> |> (gdb) print rec->dsrs[i]
|> |> |> |> |> |> $1 = (struct ArgusDSRHeader *) 0x45550c
|> |> |> |> |> |> (gdb) print *rec->dsrs[i]
|> |> |> |> |> |> $2 = {
|> |> |> |> |> |> type = 80 'P',
|> |> |> |> |> |> subtype = 160 '?',
|> |> |> |> |> |> dsr_un = {
|> |> |> |> |> |> fl = {
|> |> |> |> |> |> data = 130
|> |> |> |> |> |> },
|> |> |> |> |> |> vl8 = {
|> |> |> |> |> |> qual = 0 '\0',
|> |> |> |> |> |> len = 130 '?'
|> |> |> |> |> |> },
|> |> |> |> |> |> vl16 = {
|> |> |> |> |> |> len = 130
|> |> |> |> |> |> }
|> |> |> |> |> |> }
|> |> |> |> |> |> }
|> |> |> |> |> |> (gdb) print retn->dsrs[i]
|> |> |> |> |> |> $3 = (struct ArgusDSRHeader *) 0x0
|> |> |> |> |> |> (gdb) print *retn->dsrs[i]
|> |> |> |> |> |> $4 = {
|> |> |> |> |> |> type = 0 '\0',
|> |> |> |> |> |> subtype = 0 '\0',
|> |> |> |> |> |> dsr_un = {
|> |> |> |> |> |> fl = {
|> |> |> |> |> |> data = 0
|> |> |> |> |> |> },
|> |> |> |> |> |> vl8 = {
|> |> |> |> |> |> qual = 0 '\0',
|> |> |> |> |> |> len = 0 '\0'
|> |> |> |> |> |> },
|> |> |> |> |> |> vl16 = {
|> |> |> |> |> |> len = 0
|> |> |> |> |> |> }
|> |> |> |> |> |> }
|> |> |> |> |> |> }
|> |> |> |> |> |> (gdb) print *user
|> |> |> |> |> |> $5 = {
|> |> |> |> |> |> hdr = {
|> |> |> |> |> |> type = 80 'P',
|> |> |> |> |> |> subtype = 160 '?',
|> |> |> |> |> |> dsr_un = {
|> |> |> |> |> |> fl = {
|> |> |> |> |> |> data = 130
|> |> |> |> |> |> },
|> |> |> |> |> |> vl8 = {
|> |> |> |> |> |> qual = 0 '\0',
|> |> |> |> |> |> len = 130 '?'
|> |> |> |> |> |> },
|> |> |> |> |> |> vl16 = {
|> |> |> |> |> |> len = 130
|> |> |> |> |> |> }
|> |> |> |> |> |> }
|> |> |> |> |> |> },
|> |> |> |> |> |> size = 512,
|> |> |> |> |> |> count = 512,
|> |> |> |> |> |> array = "=en-us\">"
|> |> |> |> |> |> }
|> |> |> |> |> |> (gdb) print i
|> |> |> |> |> |> $6 = 12
|> |> |> |> |> |>
|> |> |> |> |> |> Peter Van Epp / Operations and Technical Support
|> |> |> |> |> |> Simon Fraser University, Burnaby, B.C. Canada
|> |> |> |> |> |>
|> |> |> |> |> |
|> |> |> |> |>
|> |> |> |> |
|> |> |> |>
|> |> |> |
|> |> |
|> |
|
More information about the argus
mailing list