Another Problem with Filter, appbytes lt 1
Nick Diel
nick at engineerity.com
Fri Jun 13 12:01:32 EDT 2008
Carter,
In addition to these two filters not working, I have found another one not
working (syn and synack). So this bug is probably affecting a number of
filtering combinations.
ra -b - syn and synack
(000) ldb [434]
(001) and #2
(002) jeq #0x2 jt 6 jf 3
(003) ldb [482]
(004) and #2
(005) jeq #0x2 jt 6 jf 18
(006) ldb [154]
(007) and #31
(008) jeq #0x1 jt 9 jf 11
(009) ldb [164]
(010) jeq #0x6 jt 14 jf 18
(011) jeq #0x2 jt 12 jf 18
(012) ldb [191]
(013) jeq #0x6 jt 14 jf 18
(014) ld [368]
(015) and #2
(016) jeq #0x2 jt 17 jf 18
(017) ret #96
(018) ret #0
I haven't used argubug() before, I am guessing this is the output you need?
Let me know if there is anything else I can get you.
System: Linux lander-nic.frgp.net 2.6.18-8.1.4.el5 #1 SMP Thu May 17
03:26:03 EDT 2007 i686 i686 i386 GNU/Linux
Arch: i686
Paths: /usr/local/sbin/argus /usr/local/bin/ra /usr/bin/make
/usr/bin/gmake /usr/bin/gcc /usr/bin/cc
ARGUS: Argus Version 3.0.0
RA: Ra Version 3.0.0
GCC: Using built-in specs.
Target: i386-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-libgcj-multifile
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada --enable-java-awt=gtk
--disable-dssi --enable-plugin
--with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic
--host=i386-redhat-linux
Thread model: posix
gcc version 4.1.1 20070105 (Red Hat 4.1.1-52)
LIBC:
lrwxrwxrwx 1 root root 11 May 24 2007 /lib/libc.so.6 -> libc-2.5.so
-rwxr-xr-x 1 root root 1576952 Mar 13 2007 /lib/libc-2.5.so
-rw-r--r-- 1 root root 2772630 Mar 13 2007 /usr/lib/libc.a
-rw-r--r-- 1 root root 238 Mar 13 2007 /usr/lib/libc.so
Nick
On Fri, Jun 13, 2008 at 8:21 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey Nick,So I'm looking into your bug today, but I have no machine that
> generates
> your error (and I do have a lot of machines). If possible, use
> argusbug(),
> to generate a bug report, from the affected machine, as it will tell me
> most
> of the things I'll need to know to figure this out.
>
> Carter
>
> On Jun 8, 2008, at 4:47 PM, Nick Diel wrote:
>
> Carter,
>
> I haven't modified the any of the source code for argus or it's clients. I
> just installed Argus (fresh download from the website too), on another
> similar machine. Here is the byte code I got for this machine:
>
> ra -b - appbytes lt 0
> (000) ldll [332]
> (001) jge #0x0 jt 2 jf 5
> (002) ldll [579328166959513956]
> (003) jge #0x0 jt 4 jf 5
> (004) ret #0
> (005) ret #96
>
>
> Both machines have 3.0 GHz Xeons (one is a single proc, the other machine
> is two dual cores.)
>
> cat /proc/cpuinfo
> processor : 0
> vendor_id : GenuineIntel
> cpu family : 15
> model : 6
> model name : Intel(R) Xeon(TM) CPU 3.00GHz
> stepping : 4
> cpu MHz : 2992.753
> cache size : 2048 KB
> fdiv_bug : no
> hlt_bug : no
> f00f_bug : no
> coma_bug : no
> fpu : yes
> fpu_exception : yes
> cpuid level : 6
> wp : yes
> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
> cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm
> constant_tsc pni monitor ds_cpl vmx est cid cx16 xtpr lahf_lm
> bogomips : 5990.12
> clflush size : 64
>
>
> Nick
>
> On Sun, Jun 8, 2008 at 9:39 AM, Carter Bullard <carter at qosient.com> wrote:
>
>> Hey Nick,
>> Well, the "Load Data Long Long" with an offset of
>> 180388626788 bytes doesn't look right. This is what
>> I get on my Intel, PPC and Sparc machines.
>>
>> (000) ldll [332]
>> (001) jgt #0x1 jt 4 jf 2
>> (002) ldll [356]
>> (003) jgt #0x1 jt 4 jf 5
>> (004) ret #96
>> (005) ret #0
>>
>>
>> Did you change argus_code.c from the release copy?
>>
>> Carter
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080613/c94d61fe/attachment.html>
More information about the argus
mailing list