argus-3.0.3.12 on the developer site
Michael Sanderson
sanders at cs.ubc.ca
Wed Jun 23 14:54:18 EDT 2010
On 06/23/10 11:46 AM, Carter Bullard wrote:
> Hey Michael,
>
> Got a fix for the hp->ai_protocol switch problem. Rather than let the value be zero, I explicitly set it now.
> How are specifying IN_ADDR_ANY? Just using the default behavior does it fail?
Just the default behaviour without specifying an address to bind to.
Michael Sanderson
> Carter
>
> On Jun 22, 2010, at 6:19 AM, Michael Sanderson wrote:
>
>> Carter, trying this on Solaris 10 SPARC with the patches I sent to you earlier today, it quietly exits with 'started' and 'ArgusGetInterfaceStatus: interface bge0 is up' syslog() messages showing up.
>>
>> Turning off threads and enabling debugging, I eventually found that after the bind() in ArgusOutput.c'ArgusEstablishListen(), the switch on hp->ai_protocol isn't working as expected, at least in Solaris' case. hp->ai_protocol is set to 0, so the IPPROTO_TCP or IPPROTO_UDP cases fail and it quietly falls through. Knowing that I want TCP sockets, I put in a 'case 0:' before the 'case IPPROTO_TCP:' and it now binds and gets into the LISTEN state. That probably won't work for a bind to a UDP sockets, so the test might need to be against hp->ai_socktype for SOCK_STREAM and SOCK_DGRAM. The remote connection from an 'ra' works in the case of a bind to a specific IP address via argus.conf, but fails in the case of a bind to IN_ADDR_ANY. System logs (hostnames sanitized) show:
>>
>> Jun 22 02:56:58 host argus[8733]: [ID 479164 daemon.warning] 22 Jun 10 02:56:58.741180 ArgusGetInterfaceStatus: interface bge0 is up
>> Jun 22 02:57:11 host argus[8733]: [ID 444193 daemon.notice] connect from rahost with IP options (ignored): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>> Jun 22 02:57:11 host argus[8733]: [ID 899512 daemon.error] setsockopt IP_OPTIONS NULL: Option not supported by protocol
>> Jun 22 02:57:11 host argus[8733]: [ID 902185 daemon.info] 22 Jun 10 02:57:11.904408 connect from rahost
>> Jun 22 02:57:11 host argus[8733]: [ID 507416 daemon.error] 22 Jun 10 02:57:11.905741 ArgusInitOutput: write(): Broken pipe
>>
>> I haven't dug any farther for this.
>>
>> My initial attempts to build on OpenSolaris (x86_64) and 64-bit OpenSuSE 11.2 failed, but that appears to be due to missing headers (byteswap.h) for OpenSolaris and appropriate libpcap libraries for OpenSuSE.
>>
>> Michael Sanderson
>>
>> On 06/21/10 01:02 PM, Carter Bullard wrote:
>>> Gentle people,
>>> A new update to argus is now on the server:
>>>
>>> http://qosient.com/argus/dev/argus-3.0.3.12.tar.gz
>>>
>>> This fixes all the known bugs in the argus server from the mailing
>>> list, except the DAG issue reported by the good folks at NYU. Hopefully
>>> I can get that squared away this week, and we can release argus-3.0.4.
>>>
>>> This round changes only a few portability issues on Ubuntu, FreeBSD,
>>> and a major reworking of the "bond" and "dup" directives for interfaces.
>>> Give this a run, and if there are any problems, don't hesitate to send email !!!
>>>
>>> Hope all is most excellent!!!
>>>
>>> Carter
>>>
>>> Carter Bullard
>>> CEO/President
>>> QoSient, LLC
>>> 150 E 57th Street Suite 12D
>>> New York, New York 10022
>>>
>>> +1 212 588-9133 Phone
>>> +1 212 588-9134 Fax
>>>
>>>
>>>
>>
>>
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York 10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>
More information about the argus
mailing list