Argus on Bivio 7500

Jason Carr jcarr at andrew.cmu.edu
Fri Aug 7 12:22:15 EDT 2009 

Ah I didn't see his whole reply. Yes I have gdb. I'll check it this  
weekend and get back to you.

On Aug 7, 2009, at 10:16 AM, Carter Bullard <carter at qosient.com> wrote:

> Hey Jason,
> Yes, Peter is right!!!
> Argus takes the "default" string, and the libpcap interface is  
> giving us a pcap handle for
> that device.   And we're getting a valid argus callback routine for  
> the interface type, so
> all looks good.  Problem is we're calling pcap_dispatch() but not  
> getting a return code
> we like.
>
> Does the Bivio have gdb()?  Need to find out what the return code is  
> that
> pcap_dispatch() is returning.  Does Bivio libpcap support selectable  
> fd's?
>
> Carter
>
> On Aug 6, 2009, at 8:14 PM, Peter Van Epp wrote:
>
>> On Thu, Aug 06, 2009 at 10:22:27AM -0400, Jason Carr wrote:
>>> Sorry, maybe I was not clear...  what I meant to say is that if  
>>> you run
>>> tethereal -i default it will capture everything on any devices  
>>> that the
>>> node has been assigned to use (tcpdump doesn't work right on Bivio  
>>> but
>>> tethereal does).
>>
>>    This seems to be a wireshark varient. From the online man page
>> try
>>
>> tehtereal -D
>>
>> that should give you a list of the interfaces supported (same as -D  
>> in
>> tcpdump). That should give you a list of the available interfaces  
>> which
>> likely includes default since it seems to be opening correctly.
>>    Looking at the trace (comments inline) it looks like pcap in the
>> end doesn't return any packets and thus argus closes. Perhaps  
>> something
>> odd with the Bivio pcap when default is the interface type (I'm  
>> assuming
>> argus works if you specify a single interface)?
>>
>>>
>>> I attached the debug log for argus when I run argus:
>>>
>>> /usr/local/sbin/argus -X -U 128 -i default -P 561 -e 1 -D 999
>> <various argus housekeeping snipped>
>>
>>> argus[459]: 06 Aug 09 10:17:19.928253 ArgusOpenInterface()  
>>> pcap_open_live(default) returned 0x1012dae8
>>
>>    This looks to be after a successful pcap open in line 108 of
>> ArgusSource.c (at least in beta.5). If the open had errored we  
>> should see
>> a different message from line 137 with an error message, so it  
>> looks like
>> it has accepted "default" as a valid pcap device to open and  
>> returned a
>> handle to it.
>>
>>> argus[459]: 06 Aug 09 10:17:19.928339 Arguslookup_pcap_callback(1)  
>>> returning 0x1000e940
>>
>>    This looks to have returned a handler for the callback  
>> successfully.
>>
>>> argus[459]: 06 Aug 09 10:17:19.928379 ArgusOpenInterface 
>>> (0x30070008, 'default') returning
>>
>>    and returns an argus device and device name of "default" which  
>> it looks
>> to have opened successfully.
>>
>>> argus[459]: 06 Aug 09 10:17:19.928411 ArgusPushBackList  
>>> (0x1012d430, 0x1012dac8, 1) returning 1
>>> argus[459]: 06 Aug 09 10:17:19.928512 ArgusInitSource() returning
>>> argus[459]: 06 Aug 09 10:17:19.928553 ArgusCalloc (1, 40)  
>>> returning 0x1012dd38
>>> argus[459]: 06 Aug 09 10:17:19.928586 ArgusNewList () returning  
>>> 0x1012dd38
>>> argus[459]: 06 Aug 09 10:17:19.928626 ArgusCalloc (1, 128)  
>>> returning 0x1012dd68
>>> argus[459]: 06 Aug 09 10:17:19.928663 ArgusGenerateInitialMar()  
>>> returning
>>> argus[459]: 06 Aug 09 10:17:19.933547 ArgusEstablishListen(561,  
>>> 0x7f8c3258) binding: any:561 family: 2
>>> argus[459]: 06 Aug 09 10:17:19.933646 ArgusEstablishListen(561,  
>>> 0x7f8c3258) returning 4
>>> argus[459]: 06 Aug 09 10:17:19.933685 ArgusInitOutput() done
>>> argus[459]: 06 Aug 09 10:17:19.933729 started
>>> argus[459]: 06 Aug 09 10:17:19.933874 ArgusCalloc (1, 32)  
>>> returning 0x1012ddf0
>>> argus[459]: 06 Aug 09 10:17:19.933911 ArgusInitMallocList (632)  
>>> returning
>>> argus[459]: 06 Aug 09 10:17:19.933943 ArgusInitModeler() done
>>> argus[459]: 06 Aug 09 10:17:19.933980 ArgusGetPackets (0x30070008)  
>>> starting
>>> argus[459]: 06 Aug 09 10:17:19.934034 ArgusPopFrontList  
>>> (0x1012dac8) returning
>>> argus[459]: 06 Aug 09 10:17:19.934071 ArgusPushFrontList  
>>> (0x1012d430, 0x1012dac8, 1) returning 0xd032
>>> argus[459]: 06 Aug 09 10:17:19.953894 setArgusInterfaceStatus(0)
>>> argus[459]: 06 Aug 09 10:17:19.989382 ArgusProcessQueueTimeout 
>>> (0x1012d008, 0x1012d3e8) done
>>> argus[459]: 06 Aug 09 10:17:19.989445 ArgusQueueManager() turns  
>>> 1    statusQueue 0    qs 0  items 0    cache 0      resort 0       
>>> reclaim 0      new 0      sends 0        bsends 0
>>> argus[459]: 06 Aug 09 10:17:19.989498 ArgusOutputProcess 
>>> (0x1012d9f0) starting
>>> argus[459]: 06 Aug 09 10:17:19.989551 ArgusOutputStatusTime 
>>> (0x1012d9f0) done
>>
>>    It appears the open pcap process doesn't return anything and thus
>> Argus returns thinking there aren't any more (or any in this case)  
>> packets
>> coming and shuts down.
>>
>>> argus[459]: 06 Aug 09 10:17:19.989588 ArgusGetPackets () returning
>>> argus[459]: 06 Aug 09 10:17:19.989621 main() ArgusGetPackets  
>>> returned: shuting down
>>>
>>> argus[459]: 06 Aug 09 10:17:19.989673 ArgusShutDown(Normal Shutdown)
>>>
>>> argus[459]: 06 Aug 09 10:17:19.989707 ArgusCloseSource(0x30070008)  
>>> starting
>>> argus[459]: 06 Aug 09 10:17:19.989744 ArgusPopFrontList  
>>> (0x1012dac8) returning
>>> argus[459]: 06 Aug 09 10:17:19.989775 ArgusFree (0x1012dac8)
>>> argus[459]: 06 Aug 09 10:17:19.989816 ArgusFree (0x1012d430)
>>> argus[459]: 06 Aug 09 10:17:19.989852 ArgusDeleteList (0x1012d430,  
>>> 3) returning
>>> argus[459]: 06 Aug 09 10:17:19.989886 ArgusCloseSource(0x30070008)  
>>> deleting source
>>> argus[459]: 06 Aug 09 10:17:19.989928 ArgusModelerCleanUp  
>>> ArgusProcessQueue(0x1012d3e8) processing status queue with 0 records
>>> argus[459]: 06 Aug 09 10:17:19.989962 ArgusPopQueue (0x1012d3e8)  
>>> returning 0x0
>>> argus[459]: 06 Aug 09 10:17:19.989998 ArgusFree (0x1012d3e8)
>>> argus[459]: 06 Aug 09 10:17:19.990031 ArgusDeleteQueue  
>>> (0x1012d3e8) returning
>>> argus[459]: 06 Aug 09 10:17:19.990063 ArgusModelerCleanUp ()  
>>> returning
>>> argus[459]: 06 Aug 09 10:17:19.990112 ArgusFree (0x3002f008)
>>> argus[459]: 06 Aug 09 10:17:19.990152 ArgusFree (0x1012d360)
>>> argus[459]: 06 Aug 09 10:17:19.990194 ArgusCalloc (1, 660)  
>>> returning 0x1012de18
>>> argus[459]: 06 Aug 09 10:17:19.990231 ArgusMallocListRecord (632)  
>>> returning 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990265 ArgusGenerateListRecord  
>>> (0x1012d008, 0x0, 48) done
>>> argus[459]: 06 Aug 09 10:17:19.990299 ArgusPushBackList  
>>> (0x1012d330, 0x1012de34, 1) returning 1
>>> argus[459]: 06 Aug 09 10:17:19.990333 ArgusCloseModeler 
>>> (0x1012d008) pushing close record 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990370 ArgusFree (0x1012d378)
>>> argus[459]: 06 Aug 09 10:17:19.990406 ArgusFree (0x1012d978)
>>> argus[459]: 06 Aug 09 10:17:19.990436 ArgusCloseModeler(0x1012d008)
>>> argus[459]: 06 Aug 09 10:17:19.990471 ArgusCloseOutput()  
>>> scheduling closure after writing records
>>> argus[459]: 06 Aug 09 10:17:19.990504 ArgusOutputProcess 
>>> (0x1012d9f0) starting
>>> argus[459]: 06 Aug 09 10:17:19.990538 ArgusOutputStatusTime 
>>> (0x1012d9f0) done
>>> argus[459]: 06 Aug 09 10:17:19.990574 ArgusLoadList (0x1012d330,  
>>> 0x1012dd38) load 1 objects
>>> argus[459]: 06 Aug 09 10:17:19.990608 ArgusPopFrontList  
>>> (0x1012de34) returning
>>> argus[459]: 06 Aug 09 10:17:19.990643 ArgusOutputProcess()  
>>> received rec 0x1012de34 totals 1 seq 0
>>> argus[459]: 06 Aug 09 10:17:19.990677 ArgusFreeListRecord  
>>> (0x1012de34) returning
>>> argus[459]: 06 Aug 09 10:17:19.990711 ArgusMallocListRecord (632)  
>>> returning 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990751 ArgusGenerateStatusMarRecord 
>>> (0x1012d9f0, 48) returning 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990785 ArgusOutputProcess()  
>>> received stop record 0 records on the list
>>> argus[459]: 06 Aug 09 10:17:19.990820 ArgusFreeListRecord  
>>> (0x1012de34) returning
>>> argus[459]: 06 Aug 09 10:17:19.990853 ArgusFree (0x1012d330)
>>> argus[459]: 06 Aug 09 10:17:19.990884 ArgusDeleteList (0x1012d330,  
>>> 4) returning
>>> argus[459]: 06 Aug 09 10:17:19.990920 ArgusFree (0x1012dd38)
>>> argus[459]: 06 Aug 09 10:17:19.990953 ArgusDeleteList (0x1012dd38,  
>>> 4) returning
>>> argus[459]: 06 Aug 09 10:17:19.990986 ArgusFree (0x1012dd68)
>>> argus[459]: 06 Aug 09 10:17:19.991017 ArgusCloseOutput(0x1012d9f0)  
>>> done
>>> argus[459]: 06 Aug 09 10:17:19.991050 ArgusFree (0x1012d9f0)
>>> argus[459]: 06 Aug 09 10:17:19.991083 ArgusFree (0x1012d008)
>>> argus[459]: 06 Aug 09 10:17:19.991168 ArgusFree (0x30070008)
>>> argus[459]: 06 Aug 09 10:17:19.991220 ArgusShutDown()
>>
>> Peter Van Epp
>>
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York  10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>

More information about the argus mailing list