Argus on Bivio 7500
Carter Bullard
carter at qosient.com
Mon Aug 10 09:38:35 EDT 2009
We discover if there is pcap_get_selectable_fd support at configure
time, so
the ./configure should be finding Bivio's libpcap library and testing
its capability.
Could you send the ./configure output to the list?
The routine that handles the packet reading is the routine
ArgusGetPackets(),
which has a " do {...} while " loop that keeps reading packets, as
long as
pcap_dispatch() doesn't report any errors.
If you break in ArgusGetPackets(), you should be able to step through
to see
what is not working:
% gdb argus
(gdb) break ArgusGetPackets
Breakpoint 1 at 0x142c2: file ArgusSource.c, line 1995.
(gdb) run (with whatever parameters you normally run argus with)
Breakpoint 1, ArgusGetPackets (src=0x17e000) at ArgusSource.c:1995
1995 int tmp, i, width = 0, noerror = 1, fd;
(gdb) n
keep repeating the 'n'ext command to see where it goes.
Carter
On Aug 9, 2009, at 8:16 PM, Jason Carr wrote:
> Adding some debug code or running gdb and setting a breakpoint on
> pcap_dispatch, it doesn't seem like the pcap_dispatch code is ever
> executing.
>
> I'm not sure if their pcap supports selectable fd's or how to
> check. There's also two types of interfaces I'm dealing with, the
> physical interfaces and the default pseudo interface.
>
> Thanks,
>
> Jason
>
> On Aug 7, 2009, at 10:16 AM, Carter Bullard wrote:
>
>> Hey Jason,
>> Yes, Peter is right!!!
>> Argus takes the "default" string, and the libpcap interface is
>> giving us a pcap handle for
>> that device. And we're getting a valid argus callback routine for
>> the interface type, so
>> all looks good. Problem is we're calling pcap_dispatch() but not
>> getting a return code
>> we like.
>>
>> Does the Bivio have gdb()? Need to find out what the return code
>> is that
>> pcap_dispatch() is returning. Does Bivio libpcap support
>> selectable fd's?
>>
>> Carter
>>
>> On Aug 6, 2009, at 8:14 PM, Peter Van Epp wrote:
>>
>>> On Thu, Aug 06, 2009 at 10:22:27AM -0400, Jason Carr wrote:
>>>> Sorry, maybe I was not clear... what I meant to say is that if
>>>> you run
>>>> tethereal -i default it will capture everything on any devices
>>>> that the
>>>> node has been assigned to use (tcpdump doesn't work right on
>>>> Bivio but
>>>> tethereal does).
>>>
>>> This seems to be a wireshark varient. From the online man page
>>> try
>>>
>>> tehtereal -D
>>>
>>> that should give you a list of the interfaces supported (same as -
>>> D in
>>> tcpdump). That should give you a list of the available interfaces
>>> which
>>> likely includes default since it seems to be opening correctly.
>>> Looking at the trace (comments inline) it looks like pcap in the
>>> end doesn't return any packets and thus argus closes. Perhaps
>>> something
>>> odd with the Bivio pcap when default is the interface type (I'm
>>> assuming
>>> argus works if you specify a single interface)?
>>>
>>>>
>>>> I attached the debug log for argus when I run argus:
>>>>
>>>> /usr/local/sbin/argus -X -U 128 -i default -P 561 -e 1 -D 999
>>> <various argus housekeeping snipped>
>>>
>>>> argus[459]: 06 Aug 09 10:17:19.928253 ArgusOpenInterface()
>>>> pcap_open_live(default) returned 0x1012dae8
>>>
>>> This looks to be after a successful pcap open in line 108 of
>>> ArgusSource.c (at least in beta.5). If the open had errored we
>>> should see
>>> a different message from line 137 with an error message, so it
>>> looks like
>>> it has accepted "default" as a valid pcap device to open and
>>> returned a
>>> handle to it.
>>>
>>>> argus[459]: 06 Aug 09 10:17:19.928339
>>>> Arguslookup_pcap_callback(1) returning 0x1000e940
>>>
>>> This looks to have returned a handler for the callback
>>> successfully.
>>>
>>>> argus[459]: 06 Aug 09 10:17:19.928379
>>>> ArgusOpenInterface(0x30070008, 'default') returning
>>>
>>> and returns an argus device and device name of "default" which it
>>> looks
>>> to have opened successfully.
>>>
>>>> argus[459]: 06 Aug 09 10:17:19.928411 ArgusPushBackList
>>>> (0x1012d430, 0x1012dac8, 1) returning 1
>>>> argus[459]: 06 Aug 09 10:17:19.928512 ArgusInitSource() returning
>>>> argus[459]: 06 Aug 09 10:17:19.928553 ArgusCalloc (1, 40)
>>>> returning 0x1012dd38
>>>> argus[459]: 06 Aug 09 10:17:19.928586 ArgusNewList () returning
>>>> 0x1012dd38
>>>> argus[459]: 06 Aug 09 10:17:19.928626 ArgusCalloc (1, 128)
>>>> returning 0x1012dd68
>>>> argus[459]: 06 Aug 09 10:17:19.928663 ArgusGenerateInitialMar()
>>>> returning
>>>> argus[459]: 06 Aug 09 10:17:19.933547 ArgusEstablishListen(561,
>>>> 0x7f8c3258) binding: any:561 family: 2
>>>> argus[459]: 06 Aug 09 10:17:19.933646 ArgusEstablishListen(561,
>>>> 0x7f8c3258) returning 4
>>>> argus[459]: 06 Aug 09 10:17:19.933685 ArgusInitOutput() done
>>>> argus[459]: 06 Aug 09 10:17:19.933729 started
>>>> argus[459]: 06 Aug 09 10:17:19.933874 ArgusCalloc (1, 32)
>>>> returning 0x1012ddf0
>>>> argus[459]: 06 Aug 09 10:17:19.933911 ArgusInitMallocList (632)
>>>> returning
>>>> argus[459]: 06 Aug 09 10:17:19.933943 ArgusInitModeler() done
>>>> argus[459]: 06 Aug 09 10:17:19.933980 ArgusGetPackets
>>>> (0x30070008) starting
>>>> argus[459]: 06 Aug 09 10:17:19.934034 ArgusPopFrontList
>>>> (0x1012dac8) returning
>>>> argus[459]: 06 Aug 09 10:17:19.934071 ArgusPushFrontList
>>>> (0x1012d430, 0x1012dac8, 1) returning 0xd032
>>>> argus[459]: 06 Aug 09 10:17:19.953894 setArgusInterfaceStatus(0)
>>>> argus[459]: 06 Aug 09 10:17:19.989382
>>>> ArgusProcessQueueTimeout(0x1012d008, 0x1012d3e8) done
>>>> argus[459]: 06 Aug 09 10:17:19.989445 ArgusQueueManager() turns
>>>> 1 statusQueue 0 qs 0 items 0 cache 0 resort 0
>>>> reclaim 0 new 0 sends 0 bsends 0
>>>> argus[459]: 06 Aug 09 10:17:19.989498
>>>> ArgusOutputProcess(0x1012d9f0) starting
>>>> argus[459]: 06 Aug 09 10:17:19.989551
>>>> ArgusOutputStatusTime(0x1012d9f0) done
>>>
>>> It appears the open pcap process doesn't return anything and thus
>>> Argus returns thinking there aren't any more (or any in this case)
>>> packets
>>> coming and shuts down.
>>>
>>>> argus[459]: 06 Aug 09 10:17:19.989588 ArgusGetPackets () returning
>>>> argus[459]: 06 Aug 09 10:17:19.989621 main() ArgusGetPackets
>>>> returned: shuting down
>>>>
>>>> argus[459]: 06 Aug 09 10:17:19.989673 ArgusShutDown(Normal
>>>> Shutdown)
>>>>
>>>> argus[459]: 06 Aug 09 10:17:19.989707
>>>> ArgusCloseSource(0x30070008) starting
>>>> argus[459]: 06 Aug 09 10:17:19.989744 ArgusPopFrontList
>>>> (0x1012dac8) returning
>>>> argus[459]: 06 Aug 09 10:17:19.989775 ArgusFree (0x1012dac8)
>>>> argus[459]: 06 Aug 09 10:17:19.989816 ArgusFree (0x1012d430)
>>>> argus[459]: 06 Aug 09 10:17:19.989852 ArgusDeleteList
>>>> (0x1012d430, 3) returning
>>>> argus[459]: 06 Aug 09 10:17:19.989886
>>>> ArgusCloseSource(0x30070008) deleting source
>>>> argus[459]: 06 Aug 09 10:17:19.989928 ArgusModelerCleanUp
>>>> ArgusProcessQueue(0x1012d3e8) processing status queue with 0
>>>> records
>>>> argus[459]: 06 Aug 09 10:17:19.989962 ArgusPopQueue (0x1012d3e8)
>>>> returning 0x0
>>>> argus[459]: 06 Aug 09 10:17:19.989998 ArgusFree (0x1012d3e8)
>>>> argus[459]: 06 Aug 09 10:17:19.990031 ArgusDeleteQueue
>>>> (0x1012d3e8) returning
>>>> argus[459]: 06 Aug 09 10:17:19.990063 ArgusModelerCleanUp ()
>>>> returning
>>>> argus[459]: 06 Aug 09 10:17:19.990112 ArgusFree (0x3002f008)
>>>> argus[459]: 06 Aug 09 10:17:19.990152 ArgusFree (0x1012d360)
>>>> argus[459]: 06 Aug 09 10:17:19.990194 ArgusCalloc (1, 660)
>>>> returning 0x1012de18
>>>> argus[459]: 06 Aug 09 10:17:19.990231 ArgusMallocListRecord (632)
>>>> returning 0x1012de34
>>>> argus[459]: 06 Aug 09 10:17:19.990265 ArgusGenerateListRecord
>>>> (0x1012d008, 0x0, 48) done
>>>> argus[459]: 06 Aug 09 10:17:19.990299 ArgusPushBackList
>>>> (0x1012d330, 0x1012de34, 1) returning 1
>>>> argus[459]: 06 Aug 09 10:17:19.990333
>>>> ArgusCloseModeler(0x1012d008) pushing close record 0x1012de34
>>>> argus[459]: 06 Aug 09 10:17:19.990370 ArgusFree (0x1012d378)
>>>> argus[459]: 06 Aug 09 10:17:19.990406 ArgusFree (0x1012d978)
>>>> argus[459]: 06 Aug 09 10:17:19.990436 ArgusCloseModeler(0x1012d008)
>>>> argus[459]: 06 Aug 09 10:17:19.990471 ArgusCloseOutput()
>>>> scheduling closure after writing records
>>>> argus[459]: 06 Aug 09 10:17:19.990504
>>>> ArgusOutputProcess(0x1012d9f0) starting
>>>> argus[459]: 06 Aug 09 10:17:19.990538
>>>> ArgusOutputStatusTime(0x1012d9f0) done
>>>> argus[459]: 06 Aug 09 10:17:19.990574 ArgusLoadList (0x1012d330,
>>>> 0x1012dd38) load 1 objects
>>>> argus[459]: 06 Aug 09 10:17:19.990608 ArgusPopFrontList
>>>> (0x1012de34) returning
>>>> argus[459]: 06 Aug 09 10:17:19.990643 ArgusOutputProcess()
>>>> received rec 0x1012de34 totals 1 seq 0
>>>> argus[459]: 06 Aug 09 10:17:19.990677 ArgusFreeListRecord
>>>> (0x1012de34) returning
>>>> argus[459]: 06 Aug 09 10:17:19.990711 ArgusMallocListRecord (632)
>>>> returning 0x1012de34
>>>> argus[459]: 06 Aug 09 10:17:19.990751
>>>> ArgusGenerateStatusMarRecord(0x1012d9f0, 48) returning 0x1012de34
>>>> argus[459]: 06 Aug 09 10:17:19.990785 ArgusOutputProcess()
>>>> received stop record 0 records on the list
>>>> argus[459]: 06 Aug 09 10:17:19.990820 ArgusFreeListRecord
>>>> (0x1012de34) returning
>>>> argus[459]: 06 Aug 09 10:17:19.990853 ArgusFree (0x1012d330)
>>>> argus[459]: 06 Aug 09 10:17:19.990884 ArgusDeleteList
>>>> (0x1012d330, 4) returning
>>>> argus[459]: 06 Aug 09 10:17:19.990920 ArgusFree (0x1012dd38)
>>>> argus[459]: 06 Aug 09 10:17:19.990953 ArgusDeleteList
>>>> (0x1012dd38, 4) returning
>>>> argus[459]: 06 Aug 09 10:17:19.990986 ArgusFree (0x1012dd68)
>>>> argus[459]: 06 Aug 09 10:17:19.991017
>>>> ArgusCloseOutput(0x1012d9f0) done
>>>> argus[459]: 06 Aug 09 10:17:19.991050 ArgusFree (0x1012d9f0)
>>>> argus[459]: 06 Aug 09 10:17:19.991083 ArgusFree (0x1012d008)
>>>> argus[459]: 06 Aug 09 10:17:19.991168 ArgusFree (0x30070008)
>>>> argus[459]: 06 Aug 09 10:17:19.991220 ArgusShutDown()
>>>
>>> Peter Van Epp
>>>
>>
>> Carter Bullard
>> CEO/President
>> QoSient, LLC
>> 150 E 57th Street Suite 12D
>> New York, New York 10022
>>
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>>
>>
>>
>
>
Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090810/7a231f3f/attachment.bin>
More information about the argus
mailing list