Argus on Bivio 7500

Jason Carr jcarr at andrew.cmu.edu
Mon Aug 10 11:17:36 EDT 2009 

I've attached the gdb output and the configure log.  It looks like  
pcap_get_selectable_fd is not available.

The gdb log doesn't seem indicate that it even touched pcap_dispatch.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: configure-log.txt
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090810/224f1e06/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gdb-out.txt
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090810/224f1e06/attachment-0001.txt>
-------------- next part --------------

On Aug 10, 2009, at 9:38 AM, Carter Bullard wrote:

> We discover if there is pcap_get_selectable_fd support at configure  
> time, so
> the ./configure should be finding Bivio's libpcap library and  
> testing its capability.
> Could you send the ./configure output to the list?
>
> The routine that handles  the packet reading is the routine  
> ArgusGetPackets(),
> which has a " do {...} while " loop that keeps reading packets, as  
> long as
> pcap_dispatch() doesn't report any errors.
>
> If you break in ArgusGetPackets(), you should be able to step  
> through to see
> what is not working:
>
>   % gdb argus
>   (gdb) break ArgusGetPackets
>   Breakpoint 1 at 0x142c2: file ArgusSource.c, line 1995.
>   (gdb) run (with whatever parameters you normally run argus with)
>   Breakpoint 1, ArgusGetPackets (src=0x17e000) at ArgusSource.c:1995
>   1995	   int tmp, i, width = 0, noerror = 1, fd;
>   (gdb) n
>
> keep repeating the 'n'ext command to see where it goes.
>
> Carter
>
>
>
> On Aug 9, 2009, at 8:16 PM, Jason Carr wrote:
>
>> Adding some debug code or running gdb and setting a breakpoint on  
>> pcap_dispatch, it doesn't seem like the pcap_dispatch code is ever  
>> executing.
>>
>> I'm not sure if their pcap supports selectable fd's or how to  
>> check.  There's also two types of interfaces I'm dealing with, the  
>> physical interfaces and the default pseudo interface.
>>
>> Thanks,
>>
>> Jason
>>
>> On Aug 7, 2009, at 10:16 AM, Carter Bullard wrote:
>>
>>> Hey Jason,
>>> Yes, Peter is right!!!
>>> Argus takes the "default" string, and the libpcap interface is  
>>> giving us a pcap handle for
>>> that device.   And we're getting a valid argus callback routine  
>>> for the interface type, so
>>> all looks good.  Problem is we're calling pcap_dispatch() but not  
>>> getting a return code
>>> we like.
>>>
>>> Does the Bivio have gdb()?  Need to find out what the return code  
>>> is that
>>> pcap_dispatch() is returning.  Does Bivio libpcap support  
>>> selectable fd's?
>>>
>>> Carter
>>>
>>> On Aug 6, 2009, at 8:14 PM, Peter Van Epp wrote:
>>>
>>>> On Thu, Aug 06, 2009 at 10:22:27AM -0400, Jason Carr wrote:
>>>>> Sorry, maybe I was not clear...  what I meant to say is that if  
>>>>> you run
>>>>> tethereal -i default it will capture everything on any devices  
>>>>> that the
>>>>> node has been assigned to use (tcpdump doesn't work right on  
>>>>> Bivio but
>>>>> tethereal does).
>>>>
>>>> 	This seems to be a wireshark varient. From the online man page
>>>> try
>>>>
>>>> tehtereal -D
>>>>
>>>> that should give you a list of the interfaces supported (same as - 
>>>> D in
>>>> tcpdump). That should give you a list of the available interfaces  
>>>> which
>>>> likely includes default since it seems to be opening correctly.
>>>> 	Looking at the trace (comments inline) it looks like pcap in the
>>>> end doesn't return any packets and thus argus closes. Perhaps  
>>>> something
>>>> odd with the Bivio pcap when default is the interface type (I'm  
>>>> assuming
>>>> argus works if you specify a single interface)?
>>>>
>>>>>
>>>>> I attached the debug log for argus when I run argus:
>>>>>
>>>>> /usr/local/sbin/argus -X -U 128 -i default -P 561 -e 1 -D 999
>>>> <various argus housekeeping snipped>
>>>>
>>>>> argus[459]: 06 Aug 09 10:17:19.928253 ArgusOpenInterface()  
>>>>> pcap_open_live(default) returned 0x1012dae8
>>>>
>>>> 	This looks to be after a successful pcap open in line 108 of
>>>> ArgusSource.c (at least in beta.5). If the open had errored we  
>>>> should see
>>>> a different message from line 137 with an error message, so it  
>>>> looks like
>>>> it has accepted "default" as a valid pcap device to open and  
>>>> returned a
>>>> handle to it.
>>>>
>>>>> argus[459]: 06 Aug 09 10:17:19.928339  
>>>>> Arguslookup_pcap_callback(1) returning 0x1000e940
>>>>
>>>> 	This looks to have returned a handler for the callback  
>>>> successfully.
>>>>
>>>>> argus[459]: 06 Aug 09 10:17:19.928379  
>>>>> ArgusOpenInterface(0x30070008, 'default') returning
>>>>
>>>> 	and returns an argus device and device name of "default" which  
>>>> it looks
>>>> to have opened successfully.
>>>>
>>>>> argus[459]: 06 Aug 09 10:17:19.928411 ArgusPushBackList  
>>>>> (0x1012d430, 0x1012dac8, 1) returning 1
>>>>> argus[459]: 06 Aug 09 10:17:19.928512 ArgusInitSource() returning
>>>>> argus[459]: 06 Aug 09 10:17:19.928553 ArgusCalloc (1, 40)  
>>>>> returning 0x1012dd38
>>>>> argus[459]: 06 Aug 09 10:17:19.928586 ArgusNewList () returning  
>>>>> 0x1012dd38
>>>>> argus[459]: 06 Aug 09 10:17:19.928626 ArgusCalloc (1, 128)  
>>>>> returning 0x1012dd68
>>>>> argus[459]: 06 Aug 09 10:17:19.928663 ArgusGenerateInitialMar()  
>>>>> returning
>>>>> argus[459]: 06 Aug 09 10:17:19.933547 ArgusEstablishListen(561,  
>>>>> 0x7f8c3258) binding: any:561 family: 2
>>>>> argus[459]: 06 Aug 09 10:17:19.933646 ArgusEstablishListen(561,  
>>>>> 0x7f8c3258) returning 4
>>>>> argus[459]: 06 Aug 09 10:17:19.933685 ArgusInitOutput() done
>>>>> argus[459]: 06 Aug 09 10:17:19.933729 started
>>>>> argus[459]: 06 Aug 09 10:17:19.933874 ArgusCalloc (1, 32)  
>>>>> returning 0x1012ddf0
>>>>> argus[459]: 06 Aug 09 10:17:19.933911 ArgusInitMallocList (632)  
>>>>> returning
>>>>> argus[459]: 06 Aug 09 10:17:19.933943 ArgusInitModeler() done
>>>>> argus[459]: 06 Aug 09 10:17:19.933980 ArgusGetPackets  
>>>>> (0x30070008) starting
>>>>> argus[459]: 06 Aug 09 10:17:19.934034 ArgusPopFrontList  
>>>>> (0x1012dac8) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.934071 ArgusPushFrontList  
>>>>> (0x1012d430, 0x1012dac8, 1) returning 0xd032
>>>>> argus[459]: 06 Aug 09 10:17:19.953894 setArgusInterfaceStatus(0)
>>>>> argus[459]: 06 Aug 09 10:17:19.989382  
>>>>> ArgusProcessQueueTimeout(0x1012d008, 0x1012d3e8) done
>>>>> argus[459]: 06 Aug 09 10:17:19.989445 ArgusQueueManager() turns  
>>>>> 1    statusQueue 0    qs 0  items 0    cache 0      resort  
>>>>> 0      reclaim 0      new 0      sends 0        bsends 0
>>>>> argus[459]: 06 Aug 09 10:17:19.989498  
>>>>> ArgusOutputProcess(0x1012d9f0) starting
>>>>> argus[459]: 06 Aug 09 10:17:19.989551  
>>>>> ArgusOutputStatusTime(0x1012d9f0) done
>>>>
>>>> 	It appears the open pcap process doesn't return anything and thus
>>>> Argus returns thinking there aren't any more (or any in this  
>>>> case) packets
>>>> coming and shuts down.
>>>>
>>>>> argus[459]: 06 Aug 09 10:17:19.989588 ArgusGetPackets () returning
>>>>> argus[459]: 06 Aug 09 10:17:19.989621 main() ArgusGetPackets  
>>>>> returned: shuting down
>>>>>
>>>>> argus[459]: 06 Aug 09 10:17:19.989673 ArgusShutDown(Normal  
>>>>> Shutdown)
>>>>>
>>>>> argus[459]: 06 Aug 09 10:17:19.989707  
>>>>> ArgusCloseSource(0x30070008) starting
>>>>> argus[459]: 06 Aug 09 10:17:19.989744 ArgusPopFrontList  
>>>>> (0x1012dac8) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.989775 ArgusFree (0x1012dac8)
>>>>> argus[459]: 06 Aug 09 10:17:19.989816 ArgusFree (0x1012d430)
>>>>> argus[459]: 06 Aug 09 10:17:19.989852 ArgusDeleteList  
>>>>> (0x1012d430, 3) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.989886  
>>>>> ArgusCloseSource(0x30070008) deleting source
>>>>> argus[459]: 06 Aug 09 10:17:19.989928 ArgusModelerCleanUp  
>>>>> ArgusProcessQueue(0x1012d3e8) processing status queue with 0  
>>>>> records
>>>>> argus[459]: 06 Aug 09 10:17:19.989962 ArgusPopQueue (0x1012d3e8)  
>>>>> returning 0x0
>>>>> argus[459]: 06 Aug 09 10:17:19.989998 ArgusFree (0x1012d3e8)
>>>>> argus[459]: 06 Aug 09 10:17:19.990031 ArgusDeleteQueue  
>>>>> (0x1012d3e8) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.990063 ArgusModelerCleanUp ()  
>>>>> returning
>>>>> argus[459]: 06 Aug 09 10:17:19.990112 ArgusFree (0x3002f008)
>>>>> argus[459]: 06 Aug 09 10:17:19.990152 ArgusFree (0x1012d360)
>>>>> argus[459]: 06 Aug 09 10:17:19.990194 ArgusCalloc (1, 660)  
>>>>> returning 0x1012de18
>>>>> argus[459]: 06 Aug 09 10:17:19.990231 ArgusMallocListRecord  
>>>>> (632) returning 0x1012de34
>>>>> argus[459]: 06 Aug 09 10:17:19.990265 ArgusGenerateListRecord  
>>>>> (0x1012d008, 0x0, 48) done
>>>>> argus[459]: 06 Aug 09 10:17:19.990299 ArgusPushBackList  
>>>>> (0x1012d330, 0x1012de34, 1) returning 1
>>>>> argus[459]: 06 Aug 09 10:17:19.990333  
>>>>> ArgusCloseModeler(0x1012d008) pushing close record 0x1012de34
>>>>> argus[459]: 06 Aug 09 10:17:19.990370 ArgusFree (0x1012d378)
>>>>> argus[459]: 06 Aug 09 10:17:19.990406 ArgusFree (0x1012d978)
>>>>> argus[459]: 06 Aug 09 10:17:19.990436  
>>>>> ArgusCloseModeler(0x1012d008)
>>>>> argus[459]: 06 Aug 09 10:17:19.990471 ArgusCloseOutput()  
>>>>> scheduling closure after writing records
>>>>> argus[459]: 06 Aug 09 10:17:19.990504  
>>>>> ArgusOutputProcess(0x1012d9f0) starting
>>>>> argus[459]: 06 Aug 09 10:17:19.990538  
>>>>> ArgusOutputStatusTime(0x1012d9f0) done
>>>>> argus[459]: 06 Aug 09 10:17:19.990574 ArgusLoadList (0x1012d330,  
>>>>> 0x1012dd38) load 1 objects
>>>>> argus[459]: 06 Aug 09 10:17:19.990608 ArgusPopFrontList  
>>>>> (0x1012de34) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.990643 ArgusOutputProcess()  
>>>>> received rec 0x1012de34 totals 1 seq 0
>>>>> argus[459]: 06 Aug 09 10:17:19.990677 ArgusFreeListRecord  
>>>>> (0x1012de34) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.990711 ArgusMallocListRecord  
>>>>> (632) returning 0x1012de34
>>>>> argus[459]: 06 Aug 09 10:17:19.990751  
>>>>> ArgusGenerateStatusMarRecord(0x1012d9f0, 48) returning 0x1012de34
>>>>> argus[459]: 06 Aug 09 10:17:19.990785 ArgusOutputProcess()  
>>>>> received stop record 0 records on the list
>>>>> argus[459]: 06 Aug 09 10:17:19.990820 ArgusFreeListRecord  
>>>>> (0x1012de34) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.990853 ArgusFree (0x1012d330)
>>>>> argus[459]: 06 Aug 09 10:17:19.990884 ArgusDeleteList  
>>>>> (0x1012d330, 4) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.990920 ArgusFree (0x1012dd38)
>>>>> argus[459]: 06 Aug 09 10:17:19.990953 ArgusDeleteList  
>>>>> (0x1012dd38, 4) returning
>>>>> argus[459]: 06 Aug 09 10:17:19.990986 ArgusFree (0x1012dd68)
>>>>> argus[459]: 06 Aug 09 10:17:19.991017  
>>>>> ArgusCloseOutput(0x1012d9f0) done
>>>>> argus[459]: 06 Aug 09 10:17:19.991050 ArgusFree (0x1012d9f0)
>>>>> argus[459]: 06 Aug 09 10:17:19.991083 ArgusFree (0x1012d008)
>>>>> argus[459]: 06 Aug 09 10:17:19.991168 ArgusFree (0x30070008)
>>>>> argus[459]: 06 Aug 09 10:17:19.991220 ArgusShutDown()
>>>>
>>>> Peter Van Epp
>>>>
>>>
>>> Carter Bullard
>>> CEO/President
>>> QoSient, LLC
>>> 150 E 57th Street Suite 12D
>>> New York, New York  10022
>>>
>>> +1 212 588-9133 Phone
>>> +1 212 588-9134 Fax
>>>
>>>
>>>
>>
>>
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York  10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>

More information about the argus mailing list