racluster segv reading argus v2 file

Carter Bullard carter at qosient.com
Wed Mar 11 13:38:30 EDT 2009 

Hey Mike,
Thanks for the report, this is very useful for fixing bugs!!!!

In gdb(), at the prompt where it dies, we need to test what
is generating the segfault, which seems to be the value of
"net", which is probably zero, or something very low.  So
where the program dies, in gdb, type:

(gdb) print net

A few things.  Your racluster.conf file is really a rarc file.
You are using it correctly by specifying using the '-F' option,
but this is not an aggregation configuration.  An example of
that is in ./support/Config/racluster.conf, and its feed to
racluster using the '-f' option.

The -A option is not a useful option for racluster().


This fix for this is really simple.  Insert these lines in the routine
ArgusProcessTCPAvailability() in the file, ./common/argus_client.c,
just after the variable declarations:

    if (net == NULL)
       return retn;

So make this:
--------------------------------------------
int
ArgusProcessTCPAvailability (struct ArgusParserStruct *parser, struct  
ArgusRecordStruct *argus)
{
    struct ArgusMetricStruct *metric = (struct ArgusMetricStruct  
*)argus->dsrs[ARGUS_METRIC_INDEX];
    struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct  
*)argus->dsrs[ARGUS_NETWORK_INDEX];
    int retn = RA_SVCPASSED, status = 0;

    switch (net->hdr.subtype) {
-------------------------------------------

Look like this:
-------------------------------------------
int
ArgusProcessTCPAvailability (struct ArgusParserStruct *parser, struct  
ArgusRecordStruct *argus)
{
    struct ArgusMetricStruct *metric = (struct ArgusMetricStruct  
*)argus->dsrs[ARGUS_METRIC_INDEX];
    struct ArgusNetworkStruct *net = (struct ArgusNetworkStruct  
*)argus->dsrs[ARGUS_NETWORK_INDEX];
    int retn = RA_SVCPASSED, status = 0;

    if (net == NULL)
       return retn;

    switch (net->hdr.subtype) {
-------------------------------------------

Carter


On Mar 11, 2009, at 1:04 PM, Mike Iglesias wrote:

> We're still running argus v2 (haven't had time to upgrade), and I'm  
> playing
> around with racluster trying to duplicate the output of ragator as  
> we have
> some processes that use that data format for reports and such.  I  
> downloaded
> the latest argus-clients (3.0.2.beta.2) and used that for this work.
>
> I have an racluster.conf file that looks like this:
>
> RA_FIELD_SPECIFIER= stime flgs proto saddr sport dir daddr dport  
> spkts dpkts
> sbytes dbytes state
> RA_TIME_FORMAT="%d %b %g %T"
>
> (some lines may have wrapped)
>
> I ran racluster like this against a current v2 file:
>
> racluster -F /home/racluster.conf -A -nn -r /log/argus/argus.out
>
> and got a seg fault.
>
> I rebuilt the clients with .debug and .devel, and here's the output  
> of running
> racluster under gdb.  I've snipped a bunch of the lines out of the  
> middle
> because the output would be really long otherwise.
>
>
>
> Script started on Wed 11 Mar 2009 08:51:03 AM PDT
> [root at argrh bin]# gdb racluster
> GNU gdb Fedora (6.8-23.fc9)
> Copyright (C) 2008 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html 
> >
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show  
> copying"
> and "show warranty" for details.
> This GDB was configured as "i386-redhat-linux-gnu"...
> (gdb) run -D 5 -F /home/racluster.conf -A -nn -r /log/argus/argus.out
> Starting program: /home/src/argus-clients-3.0.2.beta.2/bin/racluster  
> -D 5 -F
> /home/racluster.conf -A -nn -r /log/argus/argus.out
> [Thread debugging using libthread_db enabled]
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusParseResourceFile
> (/home/racluster.conf) returning 1
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusAddFileList  
> (0xb7ed3008,
> /log/argus/argus.out, 1, -1, -1) returning -1
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusNewQueue ()  
> returning
> 0x95a8498
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusNewHashTable  
> (65536)
> returning 0x95a8a98
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusReadConnection()  
> read 16 bytes
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusReadConnection()
> ARGUS_V2_START Mar.
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13  
> ArgusParseInit(0xb7ed3008
> 0xb7e71008
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13  
> ArgusReadConnection(0xb7e71008,
> 1) returning 1
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusReadStreamSocket
> (0xb7e71008) read 262144 bytes
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x95e8c30
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x95e8fb8
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x95e9248
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x95e9480
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x95e9690
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x95e9920
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x95e9b30
>
> [snip]
>
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96ee200
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96ee410
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96ee6a0
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96ee930
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96eeb40
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96eed50
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96eefe0
> racluster[17330.4069f1b7]: 11 Mar 09 08:51:13 ArgusCopyRecordStruct
> (0xb7e71528) retn 0x96ef270
> [New Thread 0xb7f16940 (LWP 17330)]
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x080a8660 in ArgusProcessTCPAvailability (parser=0xb7ed3008,
> argus=0xb7e71528) at ./argus_client.c:6426
> 6426	   switch (net->hdr.subtype) {
> Missing separate debuginfos, use: debuginfo-install glibc.i686  
> zlib.i386
> (gdb) where
> #0  0x080a8660 in ArgusProcessTCPAvailability (parser=0xb7ed3008,
> argus=0xb7e71528) at ./argus_client.c:6426
> #1  0x080a84b9 in ArgusProcessServiceAvailability (parser=0xb7ed3008,
> argus=0xb7e71528) at ./argus_client.c:6364
> #2  0x0804b601 in RaProcessRecord (parser=0xb7ed3008, ns=0xb7e71528)  
> at
> ./racluster.c:362
> #3  0x08059065 in RaScheduleRecord (parser=0xb7ed3008,  
> argus=0xb7e71528) at
> ./argus_util.c:1958
> #4  0x0805949a in ArgusHandleDatum (parser=0xb7ed3008,  
> input=0xb7e71008,
> ptr=0x95a8c28, filter=0xb7ef3668) at ./argus_util.c:2045
> #5  0x0809c3ef in ArgusReadStreamSocket (parser=0xb7ed3008,  
> input=0xb7e71008)
> at ./argus_client.c:1697
> #6  0x0809c5cf in ArgusReadFileStream (parser=0xb7ed3008,  
> input=0xb7e71008) at
> ./argus_client.c:1748
> #7  0x0804ce16 in main (argc=9, argv=0xbfb27944) at ./argus_main.c:230
> (gdb)
>
>
> -- 
> Mike Iglesias                          Email:       iglesias at uci.edu
> University of California, Irvine       phone:       949-824-6926
> Network & Academic Computing Services  FAX:         949-824-2270
>

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax

More information about the argus mailing list