Argus on Bivio 7500

Carter Bullard carter at qosient.com
Fri Aug 7 10:16:08 EDT 2009 

Hey Jason,
Yes, Peter is right!!!
Argus takes the "default" string, and the libpcap interface is giving  
us a pcap handle for
that device.   And we're getting a valid argus callback routine for  
the interface type, so
all looks good.  Problem is we're calling pcap_dispatch() but not  
getting a return code
we like.

Does the Bivio have gdb()?  Need to find out what the return code is  
that
pcap_dispatch() is returning.  Does Bivio libpcap support selectable  
fd's?

Carter

On Aug 6, 2009, at 8:14 PM, Peter Van Epp wrote:

> On Thu, Aug 06, 2009 at 10:22:27AM -0400, Jason Carr wrote:
>> Sorry, maybe I was not clear...  what I meant to say is that if you  
>> run
>> tethereal -i default it will capture everything on any devices that  
>> the
>> node has been assigned to use (tcpdump doesn't work right on Bivio  
>> but
>> tethereal does).
>
> 	This seems to be a wireshark varient. From the online man page
> try
>
> tehtereal -D
>
> that should give you a list of the interfaces supported (same as -D in
> tcpdump). That should give you a list of the available interfaces  
> which
> likely includes default since it seems to be opening correctly.
> 	Looking at the trace (comments inline) it looks like pcap in the
> end doesn't return any packets and thus argus closes. Perhaps  
> something
> odd with the Bivio pcap when default is the interface type (I'm  
> assuming
> argus works if you specify a single interface)?
>
>>
>> I attached the debug log for argus when I run argus:
>>
>> /usr/local/sbin/argus -X -U 128 -i default -P 561 -e 1 -D 999
> <various argus housekeeping snipped>
>
>> argus[459]: 06 Aug 09 10:17:19.928253 ArgusOpenInterface()  
>> pcap_open_live(default) returned 0x1012dae8
>
> 	This looks to be after a successful pcap open in line 108 of
> ArgusSource.c (at least in beta.5). If the open had errored we  
> should see
> a different message from line 137 with an error message, so it looks  
> like
> it has accepted "default" as a valid pcap device to open and  
> returned a
> handle to it.
>
>> argus[459]: 06 Aug 09 10:17:19.928339 Arguslookup_pcap_callback(1)  
>> returning 0x1000e940
>
> 	This looks to have returned a handler for the callback successfully.
>
>> argus[459]: 06 Aug 09 10:17:19.928379  
>> ArgusOpenInterface(0x30070008, 'default') returning
>
> 	and returns an argus device and device name of "default" which it  
> looks
> to have opened successfully.
>
>> argus[459]: 06 Aug 09 10:17:19.928411 ArgusPushBackList  
>> (0x1012d430, 0x1012dac8, 1) returning 1
>> argus[459]: 06 Aug 09 10:17:19.928512 ArgusInitSource() returning
>> argus[459]: 06 Aug 09 10:17:19.928553 ArgusCalloc (1, 40) returning  
>> 0x1012dd38
>> argus[459]: 06 Aug 09 10:17:19.928586 ArgusNewList () returning  
>> 0x1012dd38
>> argus[459]: 06 Aug 09 10:17:19.928626 ArgusCalloc (1, 128)  
>> returning 0x1012dd68
>> argus[459]: 06 Aug 09 10:17:19.928663 ArgusGenerateInitialMar()  
>> returning
>> argus[459]: 06 Aug 09 10:17:19.933547 ArgusEstablishListen(561,  
>> 0x7f8c3258) binding: any:561 family: 2
>> argus[459]: 06 Aug 09 10:17:19.933646 ArgusEstablishListen(561,  
>> 0x7f8c3258) returning 4
>> argus[459]: 06 Aug 09 10:17:19.933685 ArgusInitOutput() done
>> argus[459]: 06 Aug 09 10:17:19.933729 started
>> argus[459]: 06 Aug 09 10:17:19.933874 ArgusCalloc (1, 32) returning  
>> 0x1012ddf0
>> argus[459]: 06 Aug 09 10:17:19.933911 ArgusInitMallocList (632)  
>> returning
>> argus[459]: 06 Aug 09 10:17:19.933943 ArgusInitModeler() done
>> argus[459]: 06 Aug 09 10:17:19.933980 ArgusGetPackets (0x30070008)  
>> starting
>> argus[459]: 06 Aug 09 10:17:19.934034 ArgusPopFrontList  
>> (0x1012dac8) returning
>> argus[459]: 06 Aug 09 10:17:19.934071 ArgusPushFrontList  
>> (0x1012d430, 0x1012dac8, 1) returning 0xd032
>> argus[459]: 06 Aug 09 10:17:19.953894 setArgusInterfaceStatus(0)
>> argus[459]: 06 Aug 09 10:17:19.989382  
>> ArgusProcessQueueTimeout(0x1012d008, 0x1012d3e8) done
>> argus[459]: 06 Aug 09 10:17:19.989445 ArgusQueueManager() turns  
>> 1    statusQueue 0    qs 0  items 0    cache 0      resort 0       
>> reclaim 0      new 0      sends 0        bsends 0
>> argus[459]: 06 Aug 09 10:17:19.989498  
>> ArgusOutputProcess(0x1012d9f0) starting
>> argus[459]: 06 Aug 09 10:17:19.989551  
>> ArgusOutputStatusTime(0x1012d9f0) done
>
> 	It appears the open pcap process doesn't return anything and thus
> Argus returns thinking there aren't any more (or any in this case)  
> packets
> coming and shuts down.
>
>> argus[459]: 06 Aug 09 10:17:19.989588 ArgusGetPackets () returning
>> argus[459]: 06 Aug 09 10:17:19.989621 main() ArgusGetPackets  
>> returned: shuting down
>>
>> argus[459]: 06 Aug 09 10:17:19.989673 ArgusShutDown(Normal Shutdown)
>>
>> argus[459]: 06 Aug 09 10:17:19.989707 ArgusCloseSource(0x30070008)  
>> starting
>> argus[459]: 06 Aug 09 10:17:19.989744 ArgusPopFrontList  
>> (0x1012dac8) returning
>> argus[459]: 06 Aug 09 10:17:19.989775 ArgusFree (0x1012dac8)
>> argus[459]: 06 Aug 09 10:17:19.989816 ArgusFree (0x1012d430)
>> argus[459]: 06 Aug 09 10:17:19.989852 ArgusDeleteList (0x1012d430,  
>> 3) returning
>> argus[459]: 06 Aug 09 10:17:19.989886 ArgusCloseSource(0x30070008)  
>> deleting source
>> argus[459]: 06 Aug 09 10:17:19.989928 ArgusModelerCleanUp  
>> ArgusProcessQueue(0x1012d3e8) processing status queue with 0 records
>> argus[459]: 06 Aug 09 10:17:19.989962 ArgusPopQueue (0x1012d3e8)  
>> returning 0x0
>> argus[459]: 06 Aug 09 10:17:19.989998 ArgusFree (0x1012d3e8)
>> argus[459]: 06 Aug 09 10:17:19.990031 ArgusDeleteQueue (0x1012d3e8)  
>> returning
>> argus[459]: 06 Aug 09 10:17:19.990063 ArgusModelerCleanUp ()  
>> returning
>> argus[459]: 06 Aug 09 10:17:19.990112 ArgusFree (0x3002f008)
>> argus[459]: 06 Aug 09 10:17:19.990152 ArgusFree (0x1012d360)
>> argus[459]: 06 Aug 09 10:17:19.990194 ArgusCalloc (1, 660)  
>> returning 0x1012de18
>> argus[459]: 06 Aug 09 10:17:19.990231 ArgusMallocListRecord (632)  
>> returning 0x1012de34
>> argus[459]: 06 Aug 09 10:17:19.990265 ArgusGenerateListRecord  
>> (0x1012d008, 0x0, 48) done
>> argus[459]: 06 Aug 09 10:17:19.990299 ArgusPushBackList  
>> (0x1012d330, 0x1012de34, 1) returning 1
>> argus[459]: 06 Aug 09 10:17:19.990333 ArgusCloseModeler(0x1012d008)  
>> pushing close record 0x1012de34
>> argus[459]: 06 Aug 09 10:17:19.990370 ArgusFree (0x1012d378)
>> argus[459]: 06 Aug 09 10:17:19.990406 ArgusFree (0x1012d978)
>> argus[459]: 06 Aug 09 10:17:19.990436 ArgusCloseModeler(0x1012d008)
>> argus[459]: 06 Aug 09 10:17:19.990471 ArgusCloseOutput() scheduling  
>> closure after writing records
>> argus[459]: 06 Aug 09 10:17:19.990504  
>> ArgusOutputProcess(0x1012d9f0) starting
>> argus[459]: 06 Aug 09 10:17:19.990538  
>> ArgusOutputStatusTime(0x1012d9f0) done
>> argus[459]: 06 Aug 09 10:17:19.990574 ArgusLoadList (0x1012d330,  
>> 0x1012dd38) load 1 objects
>> argus[459]: 06 Aug 09 10:17:19.990608 ArgusPopFrontList  
>> (0x1012de34) returning
>> argus[459]: 06 Aug 09 10:17:19.990643 ArgusOutputProcess() received  
>> rec 0x1012de34 totals 1 seq 0
>> argus[459]: 06 Aug 09 10:17:19.990677 ArgusFreeListRecord  
>> (0x1012de34) returning
>> argus[459]: 06 Aug 09 10:17:19.990711 ArgusMallocListRecord (632)  
>> returning 0x1012de34
>> argus[459]: 06 Aug 09 10:17:19.990751  
>> ArgusGenerateStatusMarRecord(0x1012d9f0, 48) returning 0x1012de34
>> argus[459]: 06 Aug 09 10:17:19.990785 ArgusOutputProcess() received  
>> stop record 0 records on the list
>> argus[459]: 06 Aug 09 10:17:19.990820 ArgusFreeListRecord  
>> (0x1012de34) returning
>> argus[459]: 06 Aug 09 10:17:19.990853 ArgusFree (0x1012d330)
>> argus[459]: 06 Aug 09 10:17:19.990884 ArgusDeleteList (0x1012d330,  
>> 4) returning
>> argus[459]: 06 Aug 09 10:17:19.990920 ArgusFree (0x1012dd38)
>> argus[459]: 06 Aug 09 10:17:19.990953 ArgusDeleteList (0x1012dd38,  
>> 4) returning
>> argus[459]: 06 Aug 09 10:17:19.990986 ArgusFree (0x1012dd68)
>> argus[459]: 06 Aug 09 10:17:19.991017 ArgusCloseOutput(0x1012d9f0)  
>> done
>> argus[459]: 06 Aug 09 10:17:19.991050 ArgusFree (0x1012d9f0)
>> argus[459]: 06 Aug 09 10:17:19.991083 ArgusFree (0x1012d008)
>> argus[459]: 06 Aug 09 10:17:19.991168 ArgusFree (0x30070008)
>> argus[459]: 06 Aug 09 10:17:19.991220 ArgusShutDown()
>
> Peter Van Epp
>

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090807/a6ef4c25/attachment.bin>

More information about the argus mailing list