argus-clients-3.0.2.beta.10 segfault when reading argus 2 data

Robert Kerr r.kerr at cranfield.ac.uk
Fri Jul 31 09:07:27 EDT 2009


On Fri, 2009-07-31 at 10:28 +0100, Robert Kerr wrote:

> I can't really share this file as it's from a production network, but
> the problem is very reproducible - I'm not sure this system has produced
> a single readable file. I will see if I can either reproduce in a lab or
> with an anonymised version of the same data.

Some further experiments reveal the problem does not occur if I filter
all udp out of the files. Judging from the data output prior to ra dying
it appears to be something to do with rtcp. Flows detected as rtcp never
seem to output correctly, instead you get:

,T        ,,(null),,<->,(null),,,,

Sometimes ra continues processing the file after outputting this,
sometimes it exits with a return code of 0 and sometimes it segfaults. I
guess it depends on what address the corrupted pointer ends up pointing
to.

-- 
 Robert Kerr





More information about the argus mailing list