ArgusEstablishListen: bind() error

Carter Bullard carter at qosient.com
Mon Apr 26 14:49:22 EDT 2010 

Hey Mike,
Since we're using the ArgusNullPacket() routine to parse the packets, I may not
have a proper packet parser for the tun interface you're using.  Not a problem....
If you could capture some packets (> 50) in a pcap dump file, say using tcpdump.
I'll use it to debug.  Test that argus dies on the pcap file to make sure it
tickles the bug.

   # tcpdump -i tun0 -w test.out  ( or whatever interface your capturing from)
   # argus -r test.out -w argus.out

Carter

On Apr 26, 2010, at 2:43 PM, Mike Tancsa wrote:

> At 02:26 PM 4/26/2010, Carter Bullard wrote:
>> Hey Mike,
>> When you run independent images of argus on multiple interfaces, you need each
>> of them to have
>>   1. unique ARGUS_MONITOR_IDs,
> 
> Hi,
>        Thanks for the quick and detailed reply!  It was the ARGUS_MONITOR_ID that I had forgot to change. That fixed it!
> 
> However, I have come across a new problem. It seems that on ppp style tun interfaces on FreeBSD, argus coredumps
> 
> I recompiled 3.0.2 with -g and I get the following coredump
> 
> gdb argus argus.core
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-marcel-freebsd"...
> Core was generated by `argus'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libpcap.so.5...done.
> Loaded symbols for /lib/libpcap.so.5
> Reading symbols from /usr/lib/libwrap.so.5...done.
> Loaded symbols for /usr/lib/libwrap.so.5
> Reading symbols from /lib/libm.so.5...done.
> Loaded symbols for /lib/libm.so.5
> Reading symbols from /lib/libc.so.7...done.
> Loaded symbols for /lib/libc.so.7
> Reading symbols from /libexec/ld-elf.so.1...done.
> Loaded symbols for /libexec/ld-elf.so.1
> #0  ArgusCreateIPv4Flow (model=0x28301400, ip=0x0) at ArgusModeler.c:3734
> 3734       unsigned char *nxtHdr = (unsigned char *)((char *)ip + (ip->ip_hl << 2));
> (gdb) bt full
> #0  ArgusCreateIPv4Flow (model=0x28301400, ip=0x0) at ArgusModeler.c:3734
>        nxtHdr = Variable "nxtHdr" is not available.
> (gdb) bt
> #0  ArgusCreateIPv4Flow (model=0x28301400, ip=0x0) at ArgusModeler.c:3734
> #1  0x080531a5 in ArgusProcessIpPacket (model=0x28301400, ip=0x283aa018, length=71, tvp=0xbfbfe524) at ArgusModeler.c:1462
> #2  0x08054c1e in ArgusIpPacket (user=0x2834e000 "", h=0xbfbfe5b8, p=0x283aa018 "EÀ") at ArgusSource.c:1437
> #3  0x08054d79 in ArgusNullPacket (user=0x2834e000 "", h=0xbfbfe60c, p=0x283aa014 "\002") at ArgusSource.c:1998
> #4  0x280d1b44 in pcap_open_live () from /lib/libpcap.so.5
> #5  0x280d1f64 in pcap_dispatch () from /lib/libpcap.so.5
> #6  0x08056bf5 in ArgusGetPackets (src=0x2834e000) at ArgusSource.c:2143
> #7  0x0804c581 in main (argc=9, argv=0xbfbfec40) at argus.c:564
> 
> 
> 
> 
> 
> 
> 
> 

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100426/c0bb3698/attachment.bin>

More information about the argus mailing list