segv in argus with latest pf_fring enabled lipcap

Will Metcalf william.metcalf at gmail.com
Mon Jul 7 11:07:21 EDT 2008 

I updated to the latest version of pf_ring enabled libpcap, which
implements the ability to set a per process bucket len that is based
on caplen from libpcap.  When compiling Argus against this lib it
segv's after logging a couple of flows Anybody have any ideas?
Regards,

Will



gdb /usr/sbin/argus core.4729
GNU gdb Red Hat Linux (6.5-37.el5_2.2rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/libpcap.so.0.9.7...done.
Loaded symbols for /usr/lib/libpcap.so.0.9.7
Reading symbols from /usr/lib/libpfring.so...done.
Loaded symbols for /usr/lib/libpfring.so
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libwrap.so.0...done.
Loaded symbols for /usr/lib/libwrap.so.0
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Core was generated by `/usr/sbin/argus -d -J -w
/var/log/argusoutput.ra -i eth0'.
Program terminated with signal 11, Segmentation fault.
#0  ArgusCreateIPv4Flow (model=0x8bde008, ip=0x0) at ArgusModeler.c:3627
3627       unsigned char *nxtHdr = (unsigned char *)((char *)ip +
(ip->ip_hl << 2));
(gdb) bt full
#0  ArgusCreateIPv4Flow (model=0x8bde008, ip=0x0) at ArgusModeler.c:3627
       nxtHdr = <value optimized out>
       sport = <value optimized out>
       dport = <value optimized out>
       proto = <value optimized out>
       len = <value optimized out>
       hlen = <value optimized out>
       ArgusOptionLen = <value optimized out>
#1  0x08053273 in ArgusProcessPacket (src=0xb7ea8008, p=0x8bdf2f0
"������", length=251, tvp=0xbffd8344, type=-1) at ArgusModeler.c:1257
       tsbuf = {tv_sec = 1953653108, tv_nsec = -1073904964}
       tdiff = 4294967392
       rtdiff = <value optimized out>
       tvalue = <value optimized out>
       model = (struct ArgusModelerStruct *) 0x8bde008
       flow = <value optimized out>
       nflow = <value optimized out>
       ptr = 0x8bdf2f0 "������"
       value = 0
       retn = <value optimized out>
#2  0x080554de in ArgusEtherPacket (user=0xb7ea8008 "", h=0x8bdf2c4,
p=0x8bdf2f0 "������") at ArgusSource.c:716
       caplen = 96
       length = 251
       tvpbuf = {tv_sec = 1215442055, tv_usec = 648975}
       statbuf = {st_dev = 65522, __pad1 = 0, __st_ino = 0, st_mode =
0, st_nlink = 0, st_uid = 469434368, st_gid = 4327000, st_rdev =
18344976773382976, __pad2 = 2064, st_size = 4294967296,
 st_blksize = 107793408, st_blocks = 4147592, st_atim = {tv_sec = 0,
tv_nsec = -1073904808}, st_mtim = {tv_sec = 4003570, tv_nsec =
146665712}, st_ctim = {tv_sec = 1, tv_nsec = 4001120},
 st_ino = 13834360246576710476}
#3  0x08056f38 in ArgusGetPackets (src=0xb7ea8008) at ArgusSource.c:2139
       pkt_data = (const u_char *) 0x8bdf2f0 "������"
       pkts = 840
       cnt = 1
       header = (struct pcap_pkthdr *) 0x8bdf2c4
       retn = <value optimized out>
       ArgusReadMask = {__fds_bits = {0 <repeats 32 times>}}
       ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
       ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
       tmp = <value optimized out>
       i = 0
       width = 1
       noerror = 1
       fd = <value optimized out>
       found = 1
       up = 1
       notselectable = 0
       fds = {1, -1, -1, -1, -1}
       wait = {tv_sec = 0, tv_usec = 0}
#4  0x0804c422 in main (argc=7, argv=0xbffd8ab4) at argus.c:530
       eptr = 0x7 <Address 0x7 out of bounds>
       ptr = 0xb7f3c708 "�\aB"
       commandlinew = 1
       doconf = 0
       i = 7
       pid = <value optimized out>
       tmparg = <value optimized out>
       filter = <value optimized out>
---Type <return> to continue, or q <return> to quit---
       statbuf = {st_dev = 64768, __pad1 = 0, __st_ino = 43156691,
st_mode = 33188, st_nlink = 1, st_uid = 0, st_gid = 0, st_rdev = 0,
__pad2 = 0, st_size = 12807, st_blksize = 4096, st_blocks = 40,
 st_atim = {tv_sec = 1215441879, tv_nsec = 0}, st_mtim = {tv_sec =
1215122542, tv_nsec = 0}, st_ctim = {tv_sec = 1215122628, tv_nsec =
0}, st_ino = 43156691}
       op = <value optimized out>
       commandlinei = 1
       path = "/etc/argus.conf", '\0' <repeats 8176 times>
#5  0x00438dec in __libc_start_main () from /lib/libc.so.6
No symbol table info available.
#6  0x0804a4b1 in _start ()
No symbol table info available.
(gdb)

More information about the argus mailing list