Printing Country Codes

Sun Jan 6 16:40:06 EST 2008

Hey Pablo,
I have made some changes that should fix these problems.
I've uploaded the new client code, but I didn't change the version
number yet, so if you would get the current rc.67 client distribution
and see if it does the right thing?

Thanks for all the help!!!!!!

Carter

On Jan 4, 2008, at 10:09 PM, Pablo J. Rebollo wrote:

> Carter,
>
> With the provided patch ra is printing country codes correctly.   
> Ralabel is giving odd results when using "-nnn".
> ralabel -r mydump.argus -s +sco +dco
>
>    http://ece.uprm.edu/~pablor/ralabel.out
>
> ralabel -nnnr mydump.argus -s +sco +dco
>
>    http://ece.uprm.edu/~pablor/ralabel-nnn.out
>
> Files differ on lines 16, 20, 27, and 28.
>
> Ratop isn't categorizing IPs properly.
>
>    http://ece.uprm.edu/~pablor/ratop.out
>
> I got the same results by compiling argus clients on Ubuntu,  
> OpenBSD, and Solaris.  I'm using the following example dump file.
>
>    http://ece.uprm.edu/~pablor/country_codes_test.tar.gz
>
> Best regards,
>
> Pablo J. Rebollo
>
>
> Pablo J. Rebollo-Sosa wrote:
>> Carter,
>>
>> Now Argus is able to associate networks correctly.  I'm using and  
>> old Dell Precision 360 with a P4 3.2 GHz for testing.  I will  
>> perform more tests over the weekend.
>>
>> Best regards,
>>
>> Pablo J. Rebollo
>>
>> Carter Bullard wrote:
>>> Hey Pablo,
>>> Here is a fix for our country code printing problem.  I suspect  
>>> that you're
>>> on a modern 64-bit machine (or 64-bit capable), as I saw this on my
>>> Intel Duo Core whatever Linux RedHat machine.   Seems that there
>>> is a really bizarre compiler bug dealing with bit shifting  
>>> operators and
>>> 32-bit values, at least thats what it looks like to me.
>>>
>>> Didn't see this problem on my G5 or earlier Intel machines.
>>>
>>> Replace the ./common/argus_client.c file with the one included in
>>> this email, recompile and give it a try.   Lots of changes, and  
>>> didn't
>>> know if you were comfortable with patch.1.
>>>
>>> If its cool I'll put it up on the server today.
>>>
>>> Carter
>>>
>>>
>>>
>>>
>>>
>>>>>
>>>>> On Dec 29, 2007, at 1:04 PM, Pablo.Rebollo at ece.uprm.edu wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I was testing country codes feature and found that isn't  
>>>>>> working properly.
>>>>>> Here is an example:
>>>>>>
>>>>>> root at nsm:~# ralabel -n -S localhost -T 1 -s sco dco saddr sport  
>>>>>> daddr
>>>>>> dport - udp and port domain
>>>>>> sCo dCo            SrcAddr  Sport            DstAddr  Dport
>>>>>> EU  EU    136.145.115.194.48782        136.145.57.3.53
>>>>>> EU  SE       136.145.57.3.35421      194.146.106.42.53
>>>>>> EU           136.145.57.3.35421          137.39.1.3.53
>>>>>> EU  PT       136.145.57.3.35421        193.136.7.17.53
>>>>>> EU  NL       136.145.57.3.35421      193.239.90.130.53
>>>>>> EU  RU       136.145.57.3.35421         194.67.57.4.53
>>>>>> EU           136.145.57.3.35421      63.209.144.178.53
>>>>>> FR  EU     193.252.149.16.32780        136.145.57.3.53
>>>>>>   EU      216.40.221.10.1029         136.145.58.3.53
>>>>>> ...
>>>>>> ...
>>>>>>
>>>>>> I found the following:
>>>>>>
>>>>>> 1) Network 136.145.0.0/16 has been associated to EU and not to  
>>>>>> PR.
>>>>>> 2) Network 137.39.0.0/16 hasn't been associated to US.
>>>>>> 3) Network 63.208.0.0/13 hasn't been associated to US.
>>>>>> 4) Network 216.40.192.0/18 hasn't been associated to US.
>>>>>>
>>>>>> I ran ragetcountrycodes.sh to generate a new delegated-ipv4- 
>>>>>> latest file
>>>>>> and got the same results.
>>>>>>
>>>>>> Best regards,
>>>>>>
>>>>>> Pablo J. Rebollo
>>>>>>
>>>>>> ----
>>>>>>> From delegated-ipv4-latest:
>>>>>> delegated-arin-latest:arin|PR|ipv4|136.145.0.0|65536|19890829| 
>>>>>> assigned
>>>>>> delegated-arin-latest:arin|US|ipv4|137.39.0.0|65536|19891025| 
>>>>>> assigned
>>>>>> delegated-arin-latest:arin|US|ipv4|63.208.0.0|524288|19990528| 
>>>>>> allocated
>>>>>> delegated-arin-latest:arin|US|ipv4|216.40.192.0|16384|20001005| 
>>>>>> allocated
>>>>>>
>>>>>>
>>>>
>
>