Argus on Bivio 7500

Jason Carr jcarr at andrew.cmu.edu
Sun Aug 9 20:16:29 EDT 2009 

Adding some debug code or running gdb and setting a breakpoint on  
pcap_dispatch, it doesn't seem like the pcap_dispatch code is ever  
executing.

I'm not sure if their pcap supports selectable fd's or how to check.   
There's also two types of interfaces I'm dealing with, the physical  
interfaces and the default pseudo interface.

Thanks,

Jason

On Aug 7, 2009, at 10:16 AM, Carter Bullard wrote:

> Hey Jason,
> Yes, Peter is right!!!
> Argus takes the "default" string, and the libpcap interface is  
> giving us a pcap handle for
> that device.   And we're getting a valid argus callback routine for  
> the interface type, so
> all looks good.  Problem is we're calling pcap_dispatch() but not  
> getting a return code
> we like.
>
> Does the Bivio have gdb()?  Need to find out what the return code is  
> that
> pcap_dispatch() is returning.  Does Bivio libpcap support selectable  
> fd's?
>
> Carter
>
> On Aug 6, 2009, at 8:14 PM, Peter Van Epp wrote:
>
>> On Thu, Aug 06, 2009 at 10:22:27AM -0400, Jason Carr wrote:
>>> Sorry, maybe I was not clear...  what I meant to say is that if  
>>> you run
>>> tethereal -i default it will capture everything on any devices  
>>> that the
>>> node has been assigned to use (tcpdump doesn't work right on Bivio  
>>> but
>>> tethereal does).
>>
>> 	This seems to be a wireshark varient. From the online man page
>> try
>>
>> tehtereal -D
>>
>> that should give you a list of the interfaces supported (same as -D  
>> in
>> tcpdump). That should give you a list of the available interfaces  
>> which
>> likely includes default since it seems to be opening correctly.
>> 	Looking at the trace (comments inline) it looks like pcap in the
>> end doesn't return any packets and thus argus closes. Perhaps  
>> something
>> odd with the Bivio pcap when default is the interface type (I'm  
>> assuming
>> argus works if you specify a single interface)?
>>
>>>
>>> I attached the debug log for argus when I run argus:
>>>
>>> /usr/local/sbin/argus -X -U 128 -i default -P 561 -e 1 -D 999
>> <various argus housekeeping snipped>
>>
>>> argus[459]: 06 Aug 09 10:17:19.928253 ArgusOpenInterface()  
>>> pcap_open_live(default) returned 0x1012dae8
>>
>> 	This looks to be after a successful pcap open in line 108 of
>> ArgusSource.c (at least in beta.5). If the open had errored we  
>> should see
>> a different message from line 137 with an error message, so it  
>> looks like
>> it has accepted "default" as a valid pcap device to open and  
>> returned a
>> handle to it.
>>
>>> argus[459]: 06 Aug 09 10:17:19.928339 Arguslookup_pcap_callback(1)  
>>> returning 0x1000e940
>>
>> 	This looks to have returned a handler for the callback successfully.
>>
>>> argus[459]: 06 Aug 09 10:17:19.928379  
>>> ArgusOpenInterface(0x30070008, 'default') returning
>>
>> 	and returns an argus device and device name of "default" which it  
>> looks
>> to have opened successfully.
>>
>>> argus[459]: 06 Aug 09 10:17:19.928411 ArgusPushBackList  
>>> (0x1012d430, 0x1012dac8, 1) returning 1
>>> argus[459]: 06 Aug 09 10:17:19.928512 ArgusInitSource() returning
>>> argus[459]: 06 Aug 09 10:17:19.928553 ArgusCalloc (1, 40)  
>>> returning 0x1012dd38
>>> argus[459]: 06 Aug 09 10:17:19.928586 ArgusNewList () returning  
>>> 0x1012dd38
>>> argus[459]: 06 Aug 09 10:17:19.928626 ArgusCalloc (1, 128)  
>>> returning 0x1012dd68
>>> argus[459]: 06 Aug 09 10:17:19.928663 ArgusGenerateInitialMar()  
>>> returning
>>> argus[459]: 06 Aug 09 10:17:19.933547 ArgusEstablishListen(561,  
>>> 0x7f8c3258) binding: any:561 family: 2
>>> argus[459]: 06 Aug 09 10:17:19.933646 ArgusEstablishListen(561,  
>>> 0x7f8c3258) returning 4
>>> argus[459]: 06 Aug 09 10:17:19.933685 ArgusInitOutput() done
>>> argus[459]: 06 Aug 09 10:17:19.933729 started
>>> argus[459]: 06 Aug 09 10:17:19.933874 ArgusCalloc (1, 32)  
>>> returning 0x1012ddf0
>>> argus[459]: 06 Aug 09 10:17:19.933911 ArgusInitMallocList (632)  
>>> returning
>>> argus[459]: 06 Aug 09 10:17:19.933943 ArgusInitModeler() done
>>> argus[459]: 06 Aug 09 10:17:19.933980 ArgusGetPackets (0x30070008)  
>>> starting
>>> argus[459]: 06 Aug 09 10:17:19.934034 ArgusPopFrontList  
>>> (0x1012dac8) returning
>>> argus[459]: 06 Aug 09 10:17:19.934071 ArgusPushFrontList  
>>> (0x1012d430, 0x1012dac8, 1) returning 0xd032
>>> argus[459]: 06 Aug 09 10:17:19.953894 setArgusInterfaceStatus(0)
>>> argus[459]: 06 Aug 09 10:17:19.989382  
>>> ArgusProcessQueueTimeout(0x1012d008, 0x1012d3e8) done
>>> argus[459]: 06 Aug 09 10:17:19.989445 ArgusQueueManager() turns  
>>> 1    statusQueue 0    qs 0  items 0    cache 0      resort 0       
>>> reclaim 0      new 0      sends 0        bsends 0
>>> argus[459]: 06 Aug 09 10:17:19.989498  
>>> ArgusOutputProcess(0x1012d9f0) starting
>>> argus[459]: 06 Aug 09 10:17:19.989551  
>>> ArgusOutputStatusTime(0x1012d9f0) done
>>
>> 	It appears the open pcap process doesn't return anything and thus
>> Argus returns thinking there aren't any more (or any in this case)  
>> packets
>> coming and shuts down.
>>
>>> argus[459]: 06 Aug 09 10:17:19.989588 ArgusGetPackets () returning
>>> argus[459]: 06 Aug 09 10:17:19.989621 main() ArgusGetPackets  
>>> returned: shuting down
>>>
>>> argus[459]: 06 Aug 09 10:17:19.989673 ArgusShutDown(Normal Shutdown)
>>>
>>> argus[459]: 06 Aug 09 10:17:19.989707 ArgusCloseSource(0x30070008)  
>>> starting
>>> argus[459]: 06 Aug 09 10:17:19.989744 ArgusPopFrontList  
>>> (0x1012dac8) returning
>>> argus[459]: 06 Aug 09 10:17:19.989775 ArgusFree (0x1012dac8)
>>> argus[459]: 06 Aug 09 10:17:19.989816 ArgusFree (0x1012d430)
>>> argus[459]: 06 Aug 09 10:17:19.989852 ArgusDeleteList (0x1012d430,  
>>> 3) returning
>>> argus[459]: 06 Aug 09 10:17:19.989886 ArgusCloseSource(0x30070008)  
>>> deleting source
>>> argus[459]: 06 Aug 09 10:17:19.989928 ArgusModelerCleanUp  
>>> ArgusProcessQueue(0x1012d3e8) processing status queue with 0 records
>>> argus[459]: 06 Aug 09 10:17:19.989962 ArgusPopQueue (0x1012d3e8)  
>>> returning 0x0
>>> argus[459]: 06 Aug 09 10:17:19.989998 ArgusFree (0x1012d3e8)
>>> argus[459]: 06 Aug 09 10:17:19.990031 ArgusDeleteQueue  
>>> (0x1012d3e8) returning
>>> argus[459]: 06 Aug 09 10:17:19.990063 ArgusModelerCleanUp ()  
>>> returning
>>> argus[459]: 06 Aug 09 10:17:19.990112 ArgusFree (0x3002f008)
>>> argus[459]: 06 Aug 09 10:17:19.990152 ArgusFree (0x1012d360)
>>> argus[459]: 06 Aug 09 10:17:19.990194 ArgusCalloc (1, 660)  
>>> returning 0x1012de18
>>> argus[459]: 06 Aug 09 10:17:19.990231 ArgusMallocListRecord (632)  
>>> returning 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990265 ArgusGenerateListRecord  
>>> (0x1012d008, 0x0, 48) done
>>> argus[459]: 06 Aug 09 10:17:19.990299 ArgusPushBackList  
>>> (0x1012d330, 0x1012de34, 1) returning 1
>>> argus[459]: 06 Aug 09 10:17:19.990333  
>>> ArgusCloseModeler(0x1012d008) pushing close record 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990370 ArgusFree (0x1012d378)
>>> argus[459]: 06 Aug 09 10:17:19.990406 ArgusFree (0x1012d978)
>>> argus[459]: 06 Aug 09 10:17:19.990436 ArgusCloseModeler(0x1012d008)
>>> argus[459]: 06 Aug 09 10:17:19.990471 ArgusCloseOutput()  
>>> scheduling closure after writing records
>>> argus[459]: 06 Aug 09 10:17:19.990504  
>>> ArgusOutputProcess(0x1012d9f0) starting
>>> argus[459]: 06 Aug 09 10:17:19.990538  
>>> ArgusOutputStatusTime(0x1012d9f0) done
>>> argus[459]: 06 Aug 09 10:17:19.990574 ArgusLoadList (0x1012d330,  
>>> 0x1012dd38) load 1 objects
>>> argus[459]: 06 Aug 09 10:17:19.990608 ArgusPopFrontList  
>>> (0x1012de34) returning
>>> argus[459]: 06 Aug 09 10:17:19.990643 ArgusOutputProcess()  
>>> received rec 0x1012de34 totals 1 seq 0
>>> argus[459]: 06 Aug 09 10:17:19.990677 ArgusFreeListRecord  
>>> (0x1012de34) returning
>>> argus[459]: 06 Aug 09 10:17:19.990711 ArgusMallocListRecord (632)  
>>> returning 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990751  
>>> ArgusGenerateStatusMarRecord(0x1012d9f0, 48) returning 0x1012de34
>>> argus[459]: 06 Aug 09 10:17:19.990785 ArgusOutputProcess()  
>>> received stop record 0 records on the list
>>> argus[459]: 06 Aug 09 10:17:19.990820 ArgusFreeListRecord  
>>> (0x1012de34) returning
>>> argus[459]: 06 Aug 09 10:17:19.990853 ArgusFree (0x1012d330)
>>> argus[459]: 06 Aug 09 10:17:19.990884 ArgusDeleteList (0x1012d330,  
>>> 4) returning
>>> argus[459]: 06 Aug 09 10:17:19.990920 ArgusFree (0x1012dd38)
>>> argus[459]: 06 Aug 09 10:17:19.990953 ArgusDeleteList (0x1012dd38,  
>>> 4) returning
>>> argus[459]: 06 Aug 09 10:17:19.990986 ArgusFree (0x1012dd68)
>>> argus[459]: 06 Aug 09 10:17:19.991017 ArgusCloseOutput(0x1012d9f0)  
>>> done
>>> argus[459]: 06 Aug 09 10:17:19.991050 ArgusFree (0x1012d9f0)
>>> argus[459]: 06 Aug 09 10:17:19.991083 ArgusFree (0x1012d008)
>>> argus[459]: 06 Aug 09 10:17:19.991168 ArgusFree (0x30070008)
>>> argus[459]: 06 Aug 09 10:17:19.991220 ArgusShutDown()
>>
>> Peter Van Epp
>>
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York  10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>

More information about the argus mailing list