argus-clients-3.0.2.beta.10 segfault when reading argus 2 data

Carter Bullard carter at qosient.com
Fri Jul 31 12:06:15 EDT 2009 

Hey Robert,
Found the argus-2.x conversion bug.  Fixes on the server at:
     ftp://qosient.com/dev/argus-3.0/argus-clients-3.0.2.beta.11.tar.gz
    http://qosient.com/argus/dev/argus-clients-3.0.2.beta.11.tar.gz

I didn't get a chance to fully test this, so if you have any problems
configuring, making, compiling, whatever, please send email soon.

Bascially, argus-2.x had only rudimentary support for reporting
rtp and rtcp.  In converting the record, we generated a RTCP
DSR for the indication, but with a truncated length (4 bytes).
This is not a problem.  But the problem was that when you
write out the record, on a little endian machine, we would
have to convert the output buffers to big_endian byte represenation,
and the conversion would corrupt other DSR content, possibly
in other records.

Whew, OK, give this a run.  Hopefully it will solve our problem.

Carter


On Jul 31, 2009, at 9:07 AM, Robert Kerr wrote:

> On Fri, 2009-07-31 at 10:28 +0100, Robert Kerr wrote:
>
>> I can't really share this file as it's from a production network, but
>> the problem is very reproducible - I'm not sure this system has  
>> produced
>> a single readable file. I will see if I can either reproduce in a  
>> lab or
>> with an anonymised version of the same data.
>
> Some further experiments reveal the problem does not occur if I filter
> all udp out of the files. Judging from the data output prior to ra  
> dying
> it appears to be something to do with rtcp. Flows detected as rtcp  
> never
> seem to output correctly, instead you get:
>
> ,T        ,,(null),,<->,(null),,,,
>
> Sometimes ra continues processing the file after outputting this,
> sometimes it exits with a return code of 0 and sometimes it  
> segfaults. I
> guess it depends on what address the corrupted pointer ends up  
> pointing
> to.
>
> -- 
> Robert Kerr
>
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090731/576c4772/attachment.bin>

More information about the argus mailing list