Time Issue on OpenBSD 4.2 with rc.69 (Was: Re: Sparc64 OpenBSD4.1 Compile issue)
Carter Bullard
carter at qosient.com
Fri Feb 8 11:00:49 EST 2008
So the key is on line 2551, in ArgusGenerateRecord(). When it copies
the tv_sec
from the flow control block to the packet output buffer, is it getting
the right value.
So do this at the break point on line 2551:
>
> Breakpoint 4, ArgusGenerateRecord (model=0x809d601c, rec=0x862d6c38,
> state=0 '\0', retn=0x8b7a306c) at ArgusModeler.c:2550
> 2550 *dsrptr++ = dtime-
> >src.start.tv_sec;
(gdb) print sizeof(dtime->src.start)
(gdb) x/2x &dtime->src.start
(gdb) print dsrptr
lets assume that that last statement returned 0x1234abcd.
now step through the program a few lines, and take the address
that was returned by the 'print dsrptr' and look to see if it contains
the same values that were in the dtime->src.start
(gdb) n
(gdb) n
(gdb) x/2x 0x1234abcd
If the output is the same as the memory contents of dtime->src.start,
then so far so good (we are packing the number correctly).
We can assume at this point that if the timestamps are being processed
correctly here, then all is good in argus().
The next step will be to run ra() under gdb, and stop in the routine
ArgusGenerateRecordStruct(), to see what numbers get unpacked
into the time structs.
%gdb ra
(gdb) l ArgusGenerateRecordStruct
(gdb) break 3079
(gdb) run -S remote
Breakpoint 1, ArgusGenerateRecordStruct(....................
(gdb) print retn->canon.time
This is what ra() unpacked from the argus data stream.
If this reasonable, we'll next want to look at what the value
is when we print it.
(gdb) break RaProcessRecord
(gdb) c
Breakpoint 2, ..............
(gdb) print argus->canon.time
If this is good then
(gdb) l ArgusPrintStartDate
(gdb) break 1867
(gdb) c
Breakpoint 3, .......
(gdb) print *tvp
(gdb) print sizeof(*tvp)
Carter
On Feb 8, 2008, at 10:00 AM, Eric Pancer wrote:
> On Fri, 2008-02-08 at 02:57:56 -0500, Carter Bullard proclaimed...
>
>> well, it is a puzzler from way over here. Since you can run this
>> thing
>> in gdb, the fundamental question is what is the size of a
>> "struct timeval" and how is it stored in the flow control block.
>> It is stored correctly? Is it copied correctly and then is it packed
>> corrrectly when its written out.
>>
>> While running argus in gdb(), break in ArgusProcessPacket() and
>> printout the size and contents of tvp.
>>
>> Be sure and set the ARGUS_DAEMON=yes to no in the /etc/argus.conf
>> file, so gdb doesn't lose the focus.
>
> Ok, here's what I came up with. The only issue I had was setting a
> break at
> 2522... the application didn't hit that point, so I had to manually
> ^C and
> set a break further down the chain.
>
> # uname -a
> OpenBSD bob 4.2 GENERIC#375 i386
> # date
> Fri Feb 8 08:56:36 CST 2008
> # gdb argus
> GNU gdb 6.3
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and
> you are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for
> details.
> This GDB was configured as "i386-unknown-openbsd4.2"...
> (gdb) break ArgusProcessPacket
> Breakpoint 1 at 0x1c0070dd: file ArgusModeler.c, line 1138.
> (gdb) run -w /tmp/test.out
> Starting program: /usr/local/argus/sbin/argus -w /tmp/test.out
> ArgusWarning: argus[29867]: 08 Feb 08 08:56:52.605612 started
> ArgusWarning: argus[29867]: 08 Feb 08 08:56:52.606227
> ArgusGetInterfaceStatus: interface em0 is up
>
> Breakpoint 1, ArgusProcessPacket (src=0x8411b01c, p=0x862cc012 "",
> length=178,
> tvp=0x8051d574, type=1) at ArgusModeler.c:1138
> 1138 struct ArgusModelerStruct *model = src->ArgusModel;
> (gdb) print sizeof(*tvp)
> $1 = 8
> (gdb) print *tvp
> $2 = {tv_sec = 1202482612, tv_usec = 606116}
> (gdb) break 1297
> Breakpoint 2 at 0x1c00789e: file ArgusModeler.c, line 1297.
> (gdb) cont
> Continuing.
>
> Breakpoint 2, ArgusProcessPacket (src=0x8411b01c, p=0x862cc012 "",
> length=178,
> tvp=0x8051d574, type=0) at ArgusModeler.c:1297
> 1297 return (retn);
> (gdb) print flow->qhdr
> Cannot access memory at address 0x0
> (gdb) print model->ArgusGlobalTime
> $3 = {tv_sec = 1202482612, tv_usec = 606116}
> (gdb) delete
> Delete all breakpoints? (y or n) y
> (gdb) list ArgusGenerateRecord
> 2402 */
> 2403
> 2404 struct ArgusRecord *
> 2405 ArgusGenerateRecord (struct ArgusModelerStruct *model, struct
> ArgusRecordStruct *rec,
> 2406 unsigned char state, struct ArgusRecord
> *retn)
> 2407 {
> 2408
> 2409 if (rec) {
> 2410 if (rec->hdr.type & ARGUS_FAR) {
> 2411 unsigned int ind, dsrindex, *dsrptr;
> (gdb) break 2522
> Breakpoint 3 at 0x1c00a707: file ArgusModeler.c, line 2522.
> (gdb) cont
> Continuing.
>
> ^C ### nothing happens here, so i have to ^C to stop the program
> Program received signal SIGINT, Interrupt.
> 0x0d181835 in select () from /usr/lib/libc.so.41.0
> (gdb) print *dtime
> No symbol "dtime" in current context.
> (gdb) delete
> Delete all breakpoints? (y or n) y
> (gdb) break 2550
> Breakpoint 4 at 0x1c00a80a: file ArgusModeler.c, line 2550.
> (gdb) cont
> Continuing.
>
> Breakpoint 4, ArgusGenerateRecord (model=0x809d601c, rec=0x862d6c38,
> state=0 '\0', retn=0x8b7a306c) at ArgusModeler.c:2550
> 2550 *dsrptr++ =
> dtime->src.start.tv_sec;
> (gdb) print *dtime
> $4 = {hdr = {type = 3 '\003', subtype = 26 '\032', dsr_un = {fl = {
> data = 1304}, vl8 = {qual = 24 '\030', len = 5 '\005'}, vl16
> = {
> len = 1304}}}, src = {start = {tv_sec = 1202482616, tv_usec =
> 732800},
> end = {tv_sec = 1202482639, tv_usec = 921270}}, dst = {start = {
> tv_sec = 0, tv_usec = 0}, end = {tv_sec = 0, tv_usec = 0}}}
> (gdb) step
> 2551 *dsrptr++ =
> dtime->src.start.tv_usec;
> (gdb) step
> 2552 break;
> (gdb) step
> 2546 for (x = 0; x < 4; x++) {
> (gdb) step
> 2547 if (subtype &
> (ARGUS_TIME_SRC_START << x)) {
> (gdb) step
> 2548 switch (ARGUS_TIME_SRC_START
> << x) {
>
>
> - Eric
>
More information about the argus
mailing list