rafilteraddr issue
Carter Bullard
carter at qosient.com
Fri Feb 5 15:13:25 EST 2010
Hey Phillip,
If you feel adventurous, give these patches a try to see if it fixes your
rafilteraddr() bug.
Carter
==== //depot/argus/clients/clients/rafilteraddr.c#9 - /home/carter/argus/clients/clients/rafilteraddr.c ====
79,81c79,82
< #define ARGUS_EXACT_MATCH 0
< #define ARGUS_LONGEST_MATCH 1
< #define ARGUS_ANY_MATCH 2
---
> #define ARGUS_EXACT_MATCH 0x00
> #define ARGUS_LONGEST_MATCH 0x01
> #define ARGUS_ANY_MATCH 0x02
> #define ARGUS_NODE_MATCH 0x04
113,114c114,115
< RaMapLabelMol (ArgusLabeler, labeler->ArgusAddrTree[AF_INET], 0, 0, 0, 0);
< RaPrintLabelMol (ArgusLabeler, labeler->ArgusAddrTree[AF_INET], 0, 0, 0, 0);
---
> RaMapLabelMol (labeler, labeler->ArgusAddrTree[AF_INET], 0, 0, 0, 0);
> RaPrintLabelMol (labeler, labeler->ArgusAddrTree[AF_INET], 0, 0, 0, 0);
120c121
< RaPrintLabelTree (ArgusLabeler, labeler->ArgusAddrTree[AF_INET], 0, 0);
---
> RaPrintLabelTree (labeler, labeler->ArgusAddrTree[AF_INET], 0, 0);
217c218
< if ((raddr = RaFindAddress (parser, labeler->ArgusAddrTree[AF_INET], &node, ARGUS_EXACT_MATCH)) != NULL) {
---
> if ((raddr = RaFindAddress (parser, labeler->ArgusAddrTree[AF_INET], &node, ARGUS_NODE_MATCH)) != NULL) {
==== //depot/argus/clients/common/argus_label.c#15 - /home/carter/argus/clients/common/argus_label.c ====
843a844,850
> case ARGUS_NODE_MATCH:
> if (tree->status & ARGUS_NODE) {
> retn = tree;
> done++;
> break;
> }
>
899a907,908
> node->status |= ARGUS_NODE;
>
==== //depot/argus/clients/include/argus_label.h#5 - /home/carter/argus/clients/include/argus_label.h ====
40a41
> #define ARGUS_NODE 0x04
79,81c80,83
< #define ARGUS_EXACT_MATCH 0
< #define ARGUS_LONGEST_MATCH 1
< #define ARGUS_ANY_MATCH 2
---
> #define ARGUS_EXACT_MATCH 0x00
> #define ARGUS_LONGEST_MATCH 0x01
> #define ARGUS_ANY_MATCH 0x02
> #define ARGUS_NODE_MATCH 0x04
On Feb 5, 2010, at 1:17 PM, Phillip Deneault wrote:
> Hey Carter
>
> Thanks for looking at it... any luck yet?
>
> Phil
>
> On 2/3/2010 10:23 PM, carter at qosient.com wrote:
>> Hey Phillip,
>> rafilteraddr() should do the right thing.
>> I'll take a look tonight to see if its straightforward.
>>
>> Carter
>>
>> ------Original Message------
>> From: Phillip G Deneault
>> Sender: argus-info-bounces+carter=qosient.com at lists.andrew.cmu.edu
>> To: Argus
>> Subject: [ARGUS] rafilteraddr issue
>> Sent: Feb 3, 2010 10:09 PM
>>
>> Hello all,
>>
>> I'm attempting to use rafilteraddr and I must be using it wrong, but there
>> isn't any authorative documentation on it. I'm using argus-clients-3.0.2
>> from http://qosient.com/argus/dev/ from the tarball dated 1/26/10.
>>
>> Right now I'm just attemping to take a file and filter it to get a smaller
>> subset of records. My source file has only a handful of records and
>> contains my targeted IP.
>>
>> I'm running:
>> rafilteraddr -f filtertest.txt -r /data/argusinput -w /data/argusoutput
>>
>> with a file containing my one target address. If I try this command with
>> the one line '192.168.1.1' or '192.168.1.1/32', I get the records I
>> expect.
>>
>> If I try '192.168.1.0/24', I get no records back at all that I should.
>>
>> If I use -vf to invert my results, I get similar behavior. Filters using
>> the /24 are ignored, but entries with the /32 are processed correctly.
>>
>> If I put more than one record in my filter list, mixing /24s and /32s, the
>> /24 records are ignored and the /32s are processed correctly.
>>
>> Could something be parsing the file wrong? or am I doing something wrong?
>>
>> Thanks,
>> Phil
>>
>>
>>
>>
>> Sent from my Verizon Wireless BlackBerry
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100205/c0170788/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100205/c0170788/attachment.bin>
More information about the argus
mailing list