Argus on Bivio 7500
Peter Van Epp
vanepp at sfu.ca
Mon Aug 10 00:42:19 EDT 2009
On Sun, Aug 09, 2009 at 08:16:29PM -0400, Jason Carr wrote:
> Adding some debug code or running gdb and setting a breakpoint on
> pcap_dispatch, it doesn't seem like the pcap_dispatch code is ever
> executing.
>
> I'm not sure if their pcap supports selectable fd's or how to check.
> There's also two types of interfaces I'm dealing with, the physical
> interfaces and the default pseudo interface.
>
> Thanks,
>
> Jason
>
It looks to me like it would be profitable to add a debug statement
like this after argus/ArgusSource.c line 2249:
} while (noerror && src->eNflag != 0) && (!(ArgusShutDownStarted)));
#ifdef ARGUSDEBUG
ArgusDebug(4, "ArgusGetPackets returning: noerror %d eNflag %d ArgusShutDownStarted %d\n". noerror, src->eNflag, ArgusShutDownStarted);
#endif
That should tell us what triggered the shutdown. With the lack of any
pcap related error messages my guess is a timeout setting ArgusShutDownStarted
as I think any pcap related fault should give a debug message which isn't
present (note I assumed all the values are int without checking :-)).
Peter Van Epp
More information about the argus
mailing list