Argus on Bivio 7500

Carter Bullard carter at qosient.com
Tue Aug 11 10:36:03 EDT 2009 

Hey Peter,
Its possible the routine ArgusGetInterfaceStatus(), called from  
ArgusGetPackets(), around
line 2044, which does some interface housekeeping, is broken on the  
Bivio and maybe closing
the pcap interfaces?

Carter

On Aug 10, 2009, at 11:08 PM, Peter Van Epp wrote:

> 	Well thats interesting :-), in that the while shouldn't have fallen
> through. Looking at the code there are probably more things we need  
> (it may
> be easiest to step through with gdb as Carter suggested though :-)).  
> The
> variable found is interesting, if we don't find an active interface  
> that will
> cause a break that will likely end the while even though the  
> variables are
> OK. There is a break at line 2078, but that should be only the  
> enclosing
> for loop. That break (which isn't in the alternate call just below  
> it which
> may be suspicious) will bypass incrementing found and may be a bug.  
> The
> break at line 2239 if found is 0 may be the issue since I believe it  
> will break
> out of the do {} while with the terminate variables all OK (and with  
> no
> debug message) which is what you seem to be seeing. The base issue  
> does seem
> to be that your libpcap isn't returning packets as expected. Your  
> trace doesn't
> show any of the debug messages that should have shown up from a pcap  
> error
> which suggests you are finding a path that doesn't cross any of  
> those debug
> calls :-).
>
> Peter Van Epp
>
> On Mon, Aug 10, 2009 at 11:25:26AM -0400, Jason Carr wrote:
>> argus[5874]: 10 Aug 09 11:24:04.039909 ArgusGetPackets returning:
>> noerror 1 eNflag -1 ArgusShutDownStarted 0
>>
>> On Aug 10, 2009, at 12:42 AM, Peter Van Epp wrote:
>>
>>> On Sun, Aug 09, 2009 at 08:16:29PM -0400, Jason Carr wrote:
>>>> Adding some debug code or running gdb and setting a breakpoint on
>>>> pcap_dispatch, it doesn't seem like the pcap_dispatch code is ever
>>>> executing.
>>>>
>>>> I'm not sure if their pcap supports selectable fd's or how to  
>>>> check.
>>>> There's also two types of interfaces I'm dealing with, the physical
>>>> interfaces and the default pseudo interface.
>>>>
>>>> Thanks,
>>>>
>>>> Jason
>>>>
>>>
>>> 	It looks to me like it would be profitable to add a debug statement
>>> like this after argus/ArgusSource.c line 2249:
>>>
>>> } while (noerror && src->eNflag != 0) && (!(ArgusShutDownStarted)));
>>>
>>> #ifdef ARGUSDEBUG
>>>   ArgusDebug(4, "ArgusGetPackets returning: noerror %d eNflag %d
>>> ArgusShutDownStarted %d\n". noerror, src->eNflag,
>>> ArgusShutDownStarted);
>>> #endif
>>>
>>> 	That should tell us what triggered the shutdown. With the lack of  
>>> any
>>> pcap related error messages my guess is a timeout setting
>>> ArgusShutDownStarted
>>> as I think any pcap related fault should give a debug message which
>>> isn't
>>> present (note I assumed all the values are int without  
>>> checking :-)).
>>>
>>> Peter Van Epp
>>>
>>
>

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090811/1c6f61fa/attachment.bin>

More information about the argus mailing list