segv in argus with latest pf_fring enabled lipcap

Will Metcalf william.metcalf at gmail.com
Mon Jul 7 15:41:08 EDT 2008 

Unoptimized back trace...

 gdb ./argus core.25572
GNU gdb Red Hat Linux (6.5-37.el5_2.2rh)
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/libthread_db.so.1".


warning: Can't read pathname for load map: Input/output error.
Reading symbols from /usr/lib/libpfring.so...done.
Loaded symbols for /usr/lib/libpfring.so
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libpcap.so.0.9.7...done.
Loaded symbols for /usr/lib/libpcap.so.0.9.7
Reading symbols from /usr/lib/libwrap.so.0...done.
Loaded symbols for /usr/lib/libwrap.so.0
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Core was generated by `./argus -d -J -w test.ra'.
Program terminated with signal 11, Segmentation fault.
#0  0x08054e41 in ArgusCreateIPv4Flow (model=0xa069008, ip=0x0) at
ArgusModeler.c:3627
3627       unsigned char *nxtHdr = (unsigned char *)((char *)ip +
(ip->ip_hl << 2));
(gdb) bt full
#0  0x08054e41 in ArgusCreateIPv4Flow (model=0xa069008, ip=0x0) at
ArgusModeler.c:3627
        retn = (void *) 0xa069418
        nxtHdr = (unsigned char *) 0xed <Address 0xed out of bounds>
        sport = 49066
        dport = 6007
        proto = 5 '\005'
        tp_p = 8 '\b'
        len = 168202248
        hlen = 524288
        ArgusOptionLen = 14
#1  0x0804fb37 in ArgusCreateFlow (model=0xa069008, ptr=0xa0696b0,
length=251) at ArgusModeler.c:1550
        retn = (void *) 0xa069418
        ep = (struct ether_header *) 0xa0696b0
        keys = 1
        index = 1
        i = 0
#2  0x0804ed6a in ArgusProcessPacket (src=0xb7f1c008, p=0xa0696b0
"������", length=251, tvp=0xbfaafd80, type=-1) at ArgusModeler.c:1257
        model = (struct ArgusModelerStruct *) 0xa069008
        tflow = (struct ArgusSystemFlow *) 0x0
        flow = (struct ArgusFlowStruct *) 0xb7e777cc
        nflow = (struct ArgusFlowStruct *) 0x60
        ptr = 0xa0696b0 "������"
        value = 0
        retn = 0
#3  0x08056d7f in ArgusEtherPacket (user=0xb7f1c008 "", h=0xa069c8c,
p=0xa0696b0 "������") at ArgusSource.c:716
        ep = (struct ether_header *) 0xa0696b0
        ind = 0
        src = (struct ArgusSourceStruct *) 0xb7f1c008
        caplen = 96
        length = 251
        tvpbuf = {tv_sec = 1215459524, tv_usec = 692842}
        tvp = (struct timeval *) 0xbfaafd80
        statbuf = {st_dev = 0, __pad1 = 0, __st_ino = 0, st_mode = 0,
st_nlink = 65522, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0,
st_size = 18584327525498880, st_blksize = -1079313008,
  st_blocks = 18586213279673512, st_atim = {tv_sec = 0, tv_nsec = 1},
st_mtim = {tv_sec = -1413656576, tv_nsec = 4147592}, st_ctim = {tv_sec
= -1079311072, tv_nsec = -1079312740},
  st_ino = 17195205432901032}
#4  0x08059fbd in ArgusGetPackets (src=0xb7f1c008) at ArgusSource.c:2139
        pkt_data = (const u_char *) 0xa0696b0 "������"
        pkts = 62
        cnt = 1
        header = (struct pcap_pkthdr *) 0xa069c8c
        retn = 1
        ArgusReadMask = {__fds_bits = {0 <repeats 32 times>}}
        ArgusWriteMask = {__fds_bits = {0 <repeats 32 times>}}
        ArgusExceptMask = {__fds_bits = {0 <repeats 32 times>}}
        tmp = 0
        i = 0
        width = 1
        noerror = 1
        fd = 1
        found = 0
        up = 1
        notselectable = 0
        fds = {1, -1, -1, -1, -1}
        wait = {tv_sec = 0, tv_usec = 0}
---Type <return> to continue, or q <return> to quit---
#5  0x0804b918 in main (argc=5, argv=0xbfab05a4) at argus.c:530
        commandlinew = 1
        doconf = 0
        dodebug = 0
        i = 5
        pid = 0
        tmparg = 0xbfab1c19 "test.ra"
        filter = 0x0
        statbuf = {st_dev = 0, __pad1 = 0, __st_ino = 5878496, st_mode
= 2147483648, st_nlink = 3215656212, st_uid = 0, st_gid = 0, st_rdev =
0, __pad2 = 1360, st_size = 577748383503091288, st_blksize = 0,
  st_blocks = 0, st_atim = {tv_sec = -163754450, tv_nsec = 0}, st_mtim
= {tv_sec = 0, tv_nsec = 0}, st_ctim = {tv_sec = 0, tv_nsec = 0},
st_ino = 0}
        op = -1
        commandlinei = 0
        path = "/etc/argus.conf", '\0' <repeats 8176 times>
(gdb)


On Mon, Jul 7, 2008 at 2:05 PM, Peter Van Epp <vanepp at sfu.ca> wrote:
> On Mon, Jul 07, 2008 at 01:27:58PM -0500, Will Metcalf wrote:
>> Everything is intel 32-bit.
>>
>
>        For what its worth (probably not much, since it doesn't work for
> you :-)) I  just compiled argus-3.0.0 release and ran it for a while on
> a SUSE 10.2 32 bit Athelon box with an older (can't see a version to say how
> old, but a year or more anyway) version of pf-ring. Runs fine as it does
> on my 64 bit PPC machines (for some value of fine, its a little unstable
> at full gig :-)). Phil Wood has a similar mod that is in the kernel (no need
> to add pf-ring) but I haven't managed to do a speed comparison yet.
>        At this point I expect debug output to see if there is an alignment
> problem of some kind is probably the best bet.
>
> Peter Van Epp / Operations and Technical Support
> Simon Fraser University, Burnaby, B.C. Canada
>
>

More information about the argus mailing list