Argus on Bivio 7500

Tue Jun 23 17:48:01 EDT 2009

Here you go!

- Eric

[redacted] root at CPU-X argus-3.0.1.beta.3$ make clean
### Make clean in /root/argus-3.0.1.beta.3/common
make[1]: Entering directory `/bivio/shared/root/argus-3.0.1.beta.3/common'
rm -f ../lib/argus_common.a  argus_util.o argus_code.o argus_filter.o
grammar.o scanner.o version.o  scanner.c grammar.c tokdefs.h version.c
lex.yy.c
make[1]: Leaving directory `/bivio/shared/root/argus-3.0.1.beta.3/common'
### Done with /root/argus-3.0.1.beta.3/common
### Make clean in /root/argus-3.0.1.beta.3/argus
make[1]: Entering directory `/bivio/shared/root/argus-3.0.1.beta.3/argus'
rm -f argus.o ArgusModeler.o ArgusSource.o ArgusUtil.o ArgusOutput.o
ArgusUdp.o ArgusTcp.o ArgusIcmp.o ArgusIgmp.o ArgusEsp.o ArgusArp.o
ArgusFrag.o ArgusAuth.o ArgusApp.o ../bin/argus
make[1]: Leaving directory `/bivio/shared/root/argus-3.0.1.beta.3/argus'
### Done with /root/argus-3.0.1.beta.3/argus
[redacted] root at CPU-X argus-3.0.1.beta.3$ ./configure
--with-libpcap=/usr/lib/zcp
checking build system type... powerpc-unknown-linux-gnu
checking host system type... powerpc-unknown-linux-gnu
checking target system type... powerpc-unknown-linux-gnu
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking gcc version... 4
checking for inline... inline
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking how to run the C preprocessor... gcc -E
checking whether make sets $(MAKE)... yes
checking for ranlib... ranlib
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking sys/sockio.h usability... no
checking sys/sockio.h presence... no
checking for sys/sockio.h... no
checking for string.h... (cached) yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking sys/file.h usability... yes
checking sys/file.h presence... yes
checking for sys/file.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking sys/vfs.h usability... yes
checking sys/vfs.h presence... yes
checking for sys/vfs.h... yes
checking for vfprintf... yes
checking for strcasecmp... yes
checking for strlcat... no
checking for strlcpy... no
checking for strdup... yes
checking for strftime... yes
checking for setlinebuf... yes
checking for alarm... yes
checking for strerror... yes
checking for strtof... yes
checking for floorf... no
checking for remainderf... no
checking sys/bitypes.h usability... yes
checking sys/bitypes.h presence... yes
checking for sys/bitypes.h... yes
checking for int8_t... yes
checking for u_int8_t... yes
checking for int16_t... yes
checking for u_int16_t... yes
checking for int32_t... yes
checking for u_int32_t... yes
checking for int64_t... yes
checking for u_int64_t... yes
checking for inttypes.h... (cached) yes
checking whether inttypes.h defines the PRI[doxu]64 macros... yes
checking for vsnprintf... yes
checking for snprintf... yes
checking for getaddrinfo... yes
checking for library containing gethostbyname... none required
checking for library containing socket... none required
checking for library containing putmsg... none required
checking for ether_hostton... yes
checking netinet/ether.h usability... yes
checking netinet/ether.h presence... yes
checking for netinet/ether.h... yes
checking whether ether_hostton is declared... yes
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... 64
checking for specified library... /usr/lib/zcp/libpcap.a
checking for specified pcap.h... configure: WARNING: not found
checking for pcap_list_datalinks... no
checking for pcap_set_datalink... no
checking for pcap_datalink_name_to_val... no
checking for pcap_breakloop... no
checking for pcap_dump_ftell... no
checking for local tcp_wrappers library... not found
checking for system tcp_wrappers library... yes
checking for flex... flex
checking for flex 2.4 or higher... yes
checking for bison... bison
checking for ranlib... ranlib
checking if unaligned accesses fail... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking for ANSI C header files... (cached) yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating ./common/Makefile
config.status: creating ./argus/Makefile

On Tue, Jun 23, 2009 at 4:42 AM, <carter at qosient.com> wrote:

> Hey Eric,
> Could you send the output of your ./configure run?
> Thanks!!!
>
> Carter
>
> Sent from my Verizon Wireless BlackBerry
>
> ------------------------------
> *From*: Eric Gustafson
> *Date*: Mon, 22 Jun 2009 22:07:04 -0700
> *To*: <argus-info at lists.andrew.cmu.edu>
>
> *Subject*: Re: [ARGUS] Argus on Bivio 7500
> Hey guys,
> Thanks for the info on this.  Bivio has been happy to do a few special
> requests for us in the past, so maybe if we bug them, we'll see an updated
> libpcap! :)
> Carter, it sounds like the easiest way to figure out if we're on a bivio or
> not would be some configure-time voodoo involving either the kernel version
> string or checking for key bivio folder structures.
> Here's what we have for pre-defined macros:
> #define__DBL_MIN_EXP__ (-1021)
> #define__FLT_MIN__ 1.17549435e-38F
> #define__CHAR_BIT__ 8
> #define__WCHAR_MAX__ 2147483647
> #define__DBL_DENORM_MIN__ 4.9406564584124654e-324
> #define__FLT_EVAL_METHOD__ 0
> #define__DBL_MIN_10_EXP__ (-307)
> #define__FINITE_MATH_ONLY__ 0
> #define__GNUC_PATCHLEVEL__ 0
> #define__SHRT_MAX__ 32767
> #define__LDBL_MAX__ 1.79769313486231580793728971405301e+308L
> #define__UINTMAX_TYPE__ long long unsigned int
> #define__linux 1
> #define__CHAR_UNSIGNED__ 1
> #define__LDBL_MAX_EXP__ 1024
> #define__linux__ 1
> #define__SCHAR_MAX__ 127
> #define__USER_LABEL_PREFIX__
> #define__STDC_HOSTED__ 1
> #define__LDBL_HAS_INFINITY__ 1
> #define__DBL_DIG__ 15
> #define__FLT_EPSILON__ 1.19209290e-7F
> #define_CALL_SYSV 1
> #define__LDBL_MIN__ 2.00416836000897277799610805135016e-292L
> #define__unix__ 1
> #define__DECIMAL_DIG__ 33
> #define__gnu_linux__ 1
> #define__LDBL_HAS_QUIET_NAN__ 1
> #define__GNUC__ 4
> #define__DBL_MAX__ 1.7976931348623157e+308
> #define__DBL_HAS_INFINITY__ 1
> #define__DBL_MAX_EXP__ 1024
> #define__LONG_LONG_MAX__ 9223372036854775807LL
> #define__PPC__ 1
> #define__GXX_ABI_VERSION 1002
> #define__FLT_MIN_EXP__ (-125)
> #define__DBL_MIN__ 2.2250738585072014e-308
> #define__DBL_HAS_QUIET_NAN__ 1
> #define__REGISTER_PREFIX__
> #define__NO_INLINE__ 1
> #define_ARCH_PPC 1
> #define__FLT_MANT_DIG__ 24
> #define__VERSION__ "4.1.0 20060304 (Red Hat 4.1.0-3)"
> #define__BIG_ENDIAN__ 1
> #define__powerpc__ 1
> #define unix 1
> #define__SIZE_TYPE__ unsigned int
> #define__ELF__ 1
> #define__FLT_RADIX__ 2
> #define__LDBL_EPSILON__ 4.94065645841246544176568792868221e-324L
> #define__GNUC_RH_RELEASE__ 3
> #define__LDBL_DIG__ 31
> #define__FLT_HAS_QUIET_NAN__ 1
> #define__FLT_MAX_10_EXP__ 38
> #define__LONG_MAX__ 2147483647L
> #define__FLT_HAS_INFINITY__ 1
> #define__unix 1
> #define_BIG_ENDIAN 1
> #define linux 1
> #define__PPC 1
> #define__LDBL_MANT_DIG__ 106
> #define__WCHAR_TYPE__ long int
> #define__FLT_DIG__ 6
> #define__powerpc 1
> #define__INT_MAX__ 2147483647
> #define__LONG_DOUBLE_128__ 1
> #define__FLT_MAX_EXP__ 128
> #define__DBL_MANT_DIG__ 53
> #define__WINT_TYPE__ unsigned int
> #define__LDBL_MIN_EXP__ (-968)
> #define__LDBL_MAX_10_EXP__ 308
> #define__DBL_EPSILON__ 2.2204460492503131e-16
> #define PPC 1
> #define powerpc 1
> #define__INTMAX_MAX__ 9223372036854775807LL
> #define__FLT_DENORM_MIN__ 1.40129846e-45F
> #define__FLT_MAX__ 3.40282347e+38F
> #define__FLT_MIN_10_EXP__ (-37)
> #define__INTMAX_TYPE__ long long int
> #define__GNUC_MINOR__ 1
> #define__DBL_MAX_10_EXP__ 308
> #define__LDBL_DENORM_MIN__ 4.94065645841246544176568792868221e-324L
> #define__STDC__ 1
> #define__PTRDIFF_TYPE__ int
> #define__LDBL_MIN_10_EXP__ (-291)
>
> I'll skim through the developer manual tomorrow and see if I can find the
> "right way".
>
> To answer you question Jason, we have been running Argus, as well as Snort
> and a handful of open-source IDS and network analysis tools on a fleet of
> Dell servers with fiber cards as sensors for years, but our network backbone
> and network demand have far outpaced what those can handle.  Bivio boxes
> with 10G interfaces were the next logical step, and argus is the last thing
> running on our old Dells.   We're pretty excited to soon finally get
> everything running on our Bivios, as it's been a lengthy deployment process,
> and have seen huge performance gains with the apps running so far.
> The two apps we use the most, however, are Snort, and SHADOW, which, in
> case you haven't heard of it, is a (rather dated, but still really useful)
> set of wrappers around tcpdump for capturing a lot of raw data in an
> organized fashion.
>
> Let me know if I can help further!
>
> Thanks again,
> Eric
>
> On Mon, Jun 22, 2009 at 7:21 PM, <carter at qosient.com> wrote:
>
>> Hey Eric,
>> Jason has done the most with Bivio on the list.  We were slowing working
>> on workarounds, thinking Bivio was releasing the newer libpcap any day, but
>> that has been a while.
>>
>> On line 2015 of the file ./argus/ArgusSource.c you should be able to
>> comment out the call to pcap_get_selectable_fd(),all the code in the "#if
>> !defined(CYGWIN..." and it should get past one hurdle, but the
>> pcap_next_ex() replacement needs some work.  I'll see what I can do
>> tonight/tomorrow.
>>
>> Is there a BIVIO compiler directive that I can use to ifdef the code?
>>
>> Carter
>>
>> Sent from my Verizon Wireless BlackBerry
>>
>> -----Original Message-----
>> From: Jason Carr <jcarr at andrew.cmu.edu>
>>
>> Date: Mon, 22 Jun 2009 21:39:57
>> To: Eric Gustafson<subwire at gmail.com>
>> Cc: <argus-info at lists.andrew.cmu.edu>
>> Subject: Re: [ARGUS] Argus on Bivio 7500
>>
>>
>> Hi Eric,
>>
>> We also had the same problem compiling the 3.x series on our Bivio
>> units.  Bivio ships (even with the newest OS 5.0.5) with an older
>> libpcap.  We were told that the new libpcap that implements the
>> pcap_get_selectable_fd method is in beta and should be released with
>> the next OS release.
>>
>> Right now we're running argus 2.x and running rastream 3.x on a non-
>> Bivio machine.  The 2.x series compiles just fine (but no IPv6).
>>
>> This was before Carter implemented any sort of Bivio changes, so I
>> have not tested those.
>>
>> Let me know if you have any questions.  I'm also interested in what
>> else you might be using your Bivio for.
>>
>> - Jason
>>
>>
>> On Jun 22, 2009, at 4:49 PM, Eric Gustafson wrote:
>>
>> > Hi Carter et al,
>> > I'm trying to compile the latest test argus (3.0.2 beta8) on one of
>> > our Bivio 7500s, and am running into linking trouble.
>> >
>> > gcc -O3 -I.  -I./../include  -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=
>> > \"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -
>> > DPACKAGE_BUGREPORT=\"\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -
>> > DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -
>> > DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -
>> > DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STRING_H=1 -
>> > DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 -
>> > DHAVE_SYS_VFS_H=1 -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 -
>> > DHAVE_STRDUP=1 -DHAVE_STRFTIME=1 -DHAVE_SETLINEBUF=1 -DHAVE_ALARM=1 -
>> > DHAVE_STRERROR=1 -DHAVE_STRTOF=1 -DHAVE_SYS_BITYPES_H=1 -
>> > DHAVE_INTTYPES_H=1 -DHAVE_VSNPRINTF=1 -DHAVE_SNPRINTF=1 -
>> > DHAVE_GETADDRINFO=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_NETINET_ETHER_H=1 -
>> > DNETINET_ETHER_H_DECLARES_ETHER_HOSTTON= -DHAVE_DECL_ETHER_HOSTTON=1
>> > -D_FILE_OFFSET_BITS=64 -DHAVE_TCP_WRAPPER=1 -DLBL_ALIGN=1 -
>> > DSTDC_HEADERS=1 -DARGUS_SYSLOG=1 -o ../bin/argus argus.o
>> > ArgusModeler.o ArgusSource.o ArgusUtil.o ArgusOutput.o ArgusUdp.o
>> > ArgusTcp.o ArgusIcmp.o ArgusIgmp.o ArgusEsp.o ArgusArp.o ArgusFrag.o
>> > ArgusAuth.o ArgusApp.o  ../lib/libpcap.a -lwrap -lnsl  ../lib/
>> > argus_common.a -lm
>> > ArgusSource.o: In function `ArgusGetPackets':ArgusSource.c:(.text
>> > +0x2cf8): undefined reference to `pcap_get_selectable_fd'
>> > :ArgusSource.c:(.text+0x2d90): undefined reference to `pcap_next_ex'
>> > :ArgusSource.c:(.text+0x2dcc): undefined reference to `pcap_next_ex'
>> > :ArgusSource.c:(.text+0x2e08): undefined reference to `pcap_next_ex'
>> > :ArgusSource.c:(.text+0x2e44): undefined reference to `pcap_next_ex'
>> > :ArgusSource.c:(.text+0x2eac): undefined reference to `pcap_next_ex'
>> > ArgusSource.o:ArgusSource.c:(.text+0x2ec8): more undefined
>> > references to `pcap_next_ex' follow
>> > collect2: ld returned 1 exit status
>> > make[1]: *** [../bin/argus] Error 1
>> > make[1]: Leaving directory `/bivio/shared/root/argus-3.0.1.beta.3/
>> > argus'
>> > ### Done with /root/argus-3.0.1.beta.3/argus
>> >
>> > I configured with --with-libpcap=/usr/lib/zcp/, which is where Bivio
>> > stashes its special version of libpcap.
>> > I noticed your mention of "changes to support Bivio hardware" for
>> > this release, but I didn't see any instructions regarding extra
>> > steps to get it to work.
>> > Any ideas?
>> >
>> > Thanks so much,
>> > Eric
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20090623/e93bf619/attachment.html>