argus-3.0.3.12 on the developer site

Carter Bullard carter at qosient.com
Wed Jun 23 15:21:52 EDT 2010 

Hmmmm,   We use setsockopt() to set SO_REUSEPORT and SO_REUSEADDR on the
new socket for the remote client connection (we don't try to set IP_OPTIONS anywhere),
and we use setsockopt() to set the TTL when you use udp multicast transport for argus
records.    So I've put a "LOG_INFO" error message if it has problems with these calls.

In the tcp_wrapper support code, we call a routine, fix_options(), which is in the
tcp_wrappers library.  You can turn this off by commenting out the #define KILL_IP_OPTIONS 1
around line 1572.

Maybe the error message will tell us something.  I've uploaded a new 3.0.3.12 to the
server, that has all these changes in it. 

Carter


On Jun 23, 2010, at 2:54 PM, Michael Sanderson wrote:

> On 06/23/10 11:46 AM, Carter Bullard wrote:
>> Hey Michael,
>> 
>> Got a fix for the hp->ai_protocol switch problem.  Rather than let the value be zero, I explicitly set it now.
>> How are specifying IN_ADDR_ANY?  Just using the default behavior does it fail?
> 
> Just the default behaviour without specifying an address to bind to.
> 
>    Michael Sanderson
> 
>> Carter
>> 
>> On Jun 22, 2010, at 6:19 AM, Michael Sanderson wrote:
>> 
>>> Carter, trying this on Solaris 10 SPARC with the patches I sent to you earlier today, it quietly exits with 'started' and 'ArgusGetInterfaceStatus: interface bge0 is up' syslog() messages showing up.
>>> 
>>> Turning off threads and enabling debugging, I eventually found that after the bind() in ArgusOutput.c'ArgusEstablishListen(), the switch on hp->ai_protocol isn't working as expected, at least in Solaris' case. hp->ai_protocol is set to 0, so the IPPROTO_TCP or IPPROTO_UDP cases fail and it quietly falls through.  Knowing that I want TCP sockets, I put in a 'case 0:' before the 'case IPPROTO_TCP:' and it now binds and gets into the LISTEN state.  That probably won't work for a bind to a UDP sockets, so the test might need to be against hp->ai_socktype for SOCK_STREAM and SOCK_DGRAM.  The remote connection from an 'ra' works in the case of a bind to a specific IP address via argus.conf, but fails in the case of a bind to IN_ADDR_ANY.  System logs (hostnames sanitized) show:
>>> 
>>> Jun 22 02:56:58 host argus[8733]: [ID 479164 daemon.warning] 22 Jun 10 02:56:58.741180 ArgusGetInterfaceStatus: interface bge0 is up
>>> Jun 22 02:57:11 host argus[8733]: [ID 444193 daemon.notice] connect from rahost with IP options (ignored): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>> Jun 22 02:57:11 host argus[8733]: [ID 899512 daemon.error] setsockopt IP_OPTIONS NULL: Option not supported by protocol
>>> Jun 22 02:57:11 host argus[8733]: [ID 902185 daemon.info] 22 Jun 10 02:57:11.904408 connect from rahost
>>> Jun 22 02:57:11 host argus[8733]: [ID 507416 daemon.error] 22 Jun 10 02:57:11.905741 ArgusInitOutput: write(): Broken pipe
>>> 
>>> I haven't dug any farther for this.
>>> 
>>> My initial attempts to build on OpenSolaris (x86_64) and 64-bit OpenSuSE 11.2 failed, but that appears to be due to missing headers (byteswap.h) for OpenSolaris and appropriate libpcap libraries for OpenSuSE.
>>> 
>>>    Michael Sanderson
>>> 
>>> On 06/21/10 01:02 PM, Carter Bullard wrote:
>>>> Gentle people,
>>>> A new update to argus is now on the server:
>>>> 
>>>>    http://qosient.com/argus/dev/argus-3.0.3.12.tar.gz
>>>> 
>>>> This fixes all the known bugs in the argus server from the mailing
>>>> list, except the DAG issue reported by the good folks at NYU.  Hopefully
>>>> I can get that squared away this week, and we can release argus-3.0.4.
>>>> 
>>>> This round changes only a few portability issues on Ubuntu, FreeBSD,
>>>> and a major reworking of the "bond" and "dup" directives for interfaces.
>>>> Give this a run, and if there are any problems, don't hesitate to send email !!!
>>>> 
>>>> Hope all is most excellent!!!
>>>> 
>>>> Carter
>>>> 
>>>> Carter Bullard
>>>> CEO/President
>>>> QoSient, LLC
>>>> 150 E 57th Street Suite 12D
>>>> New York, New York  10022
>>>> 
>>>> +1 212 588-9133 Phone
>>>> +1 212 588-9134 Fax
>>>> 
>>>> 
>>>> 
>>> 
>>> 
>> 
>> Carter Bullard
>> CEO/President
>> QoSient, LLC
>> 150 E 57th Street Suite 12D
>> New York, New York  10022
>> 
>> +1 212 588-9133 Phone
>> +1 212 588-9134 Fax
>> 
>> 
>> 
> 
> 

Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York  10022

+1 212 588-9133 Phone
+1 212 588-9134 Fax



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100623/b3d2028f/attachment.bin>

More information about the argus mailing list