argus-3.0.3.12 on the developer site

Michael Sanderson sanders at cs.ubc.ca
Wed Jun 23 17:27:33 EDT 2010 

Carter, the configure.in is still slightly broken on Solaris 10.  You have

needsnprintf=no
AC_CHECK_FUNCS(vsnprintf snprintf,,
	[needsnprintf=yes])
if test $needsnprintf = yes; then
	AC_LIBOBJ(snprintf)
fi

AC_CHECK_FUNCS(getaddrinfo)

#
# Do this before checking for ether_hostton(), as it's a
# "gethostbyname() -ish function".
#
AC_LBL_LIBRARY_NET
AC_CHECK_FUNCS(getaddrinfo ether_hostton)


The getaddrinfo prior to AC_LBL_LIBRARY_NET needs to go away so that we 
get the -lnsl -lsocket in the library list before testing for getaddrinfo().


 >>> Got a fix for the hp->ai_protocol switch problem.  Rather than let
 >>> the value be zero, I explicitly set it now.

This doesn't appear to have had any effect on Solaris and may be a 
Solaris getaddrinfo() implementation issue.  After the getaddrinfo() 
call in ArgusEstablishListen()

(gdb) print *host
$2 = {ai_flags = 8, ai_family = 26, ai_socktype = 2, ai_protocol = 0,
   ai_addrlen = 32, ai_canonname = 0x0, ai_addr = 0x547140, ai_next = 
0x547168}

(gdb) print hints
$3 = {ai_flags = 8, ai_family = 0, ai_socktype = 2, ai_protocol = 6,
   ai_addrlen = 0, ai_canonname = 0x0, ai_addr = 0x0, ai_next = 0x0}

So Solaris has set ai_protocol to zero, despite the setting of 
hints.ai_protocol to IPPROTO_TCP and we subsequently fall through the 
switch (hp->ai_protocol) after the bind().

Putting back my tests on hp->ai_family in order to get the LISTEN to 
happen, argus is now working with binding to IN_ADDR_ANY.  Not sure how 
to explain that unless I did something bad during code modifications 
when I was testing earlier.

As I mentioned in other email, it was necessary to remove thread support 
to make this work.  Any hints on debugging the threads code to find out 
what is going on?

     Michael Sanderson

On 06/23/10 12:21 PM, Carter Bullard wrote:
> Hmmmm,   We use setsockopt() to set SO_REUSEPORT and SO_REUSEADDR on the
> new socket for the remote client connection (we don't try to set IP_OPTIONS anywhere),
> and we use setsockopt() to set the TTL when you use udp multicast transport for argus
> records.    So I've put a "LOG_INFO" error message if it has problems with these calls.
>
> In the tcp_wrapper support code, we call a routine, fix_options(), which is in the
> tcp_wrappers library.  You can turn this off by commenting out the #define KILL_IP_OPTIONS 1
> around line 1572.
>
> Maybe the error message will tell us something.  I've uploaded a new 3.0.3.12 to the
> server, that has all these changes in it.
>
> Carter
>
>
> On Jun 23, 2010, at 2:54 PM, Michael Sanderson wrote:
>
>> On 06/23/10 11:46 AM, Carter Bullard wrote:
>>> Hey Michael,
>>>
>>> How are specifying IN_ADDR_ANY?  Just using the default behavior does it fail?
>>
>> Just the default behaviour without specifying an address to bind to.
>>
>>     Michael Sanderson
>>
>>> Carter
>>>
>>> On Jun 22, 2010, at 6:19 AM, Michael Sanderson wrote:
>>>
>>>> Carter, trying this on Solaris 10 SPARC with the patches I sent to you earlier today, it quietly exits with 'started' and 'ArgusGetInterfaceStatus: interface bge0 is up' syslog() messages showing up.
>>>>
>>>> Turning off threads and enabling debugging, I eventually found that after the bind() in ArgusOutput.c'ArgusEstablishListen(), the switch on hp->ai_protocol isn't working as expected, at least in Solaris' case. hp->ai_protocol is set to 0, so the IPPROTO_TCP or IPPROTO_UDP cases fail and it quietly falls through.  Knowing that I want TCP sockets, I put in a 'case 0:' before the 'case IPPROTO_TCP:' and it now binds and gets into the LISTEN state.  That probably won't work for a bind to a UDP sockets, so the test might need to be against hp->ai_socktype for SOCK_STREAM and SOCK_DGRAM.  The remote connection from an 'ra' works in the case of a bind to a specific IP address via argus.conf, but fails in the case of a bind to IN_ADDR_ANY.  System logs (hostnames sanitized) show:
>>>>
>>>> Jun 22 02:56:58 host argus[8733]: [ID 479164 daemon.warning] 22 Jun 10 02:56:58.741180 ArgusGetInterfaceStatus: interface bge0 is up
>>>> Jun 22 02:57:11 host argus[8733]: [ID 444193 daemon.notice] connect from rahost with IP options (ignored): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>>> Jun 22 02:57:11 host argus[8733]: [ID 899512 daemon.error] setsockopt IP_OPTIONS NULL: Option not supported by protocol
>>>> Jun 22 02:57:11 host argus[8733]: [ID 902185 daemon.info] 22 Jun 10 02:57:11.904408 connect from rahost
>>>> Jun 22 02:57:11 host argus[8733]: [ID 507416 daemon.error] 22 Jun 10 02:57:11.905741 ArgusInitOutput: write(): Broken pipe
>>>>
>>>> I haven't dug any farther for this.
>>>>
>>>> My initial attempts to build on OpenSolaris (x86_64) and 64-bit OpenSuSE 11.2 failed, but that appears to be due to missing headers (byteswap.h) for OpenSolaris and appropriate libpcap libraries for OpenSuSE.
>>>>
>>>>     Michael Sanderson
>>>>
>>>> On 06/21/10 01:02 PM, Carter Bullard wrote:
>>>>> Gentle people,
>>>>> A new update to argus is now on the server:
>>>>>
>>>>>     http://qosient.com/argus/dev/argus-3.0.3.12.tar.gz
>>>>>
>>>>> This fixes all the known bugs in the argus server from the mailing
>>>>> list, except the DAG issue reported by the good folks at NYU.  Hopefully
>>>>> I can get that squared away this week, and we can release argus-3.0.4.
>>>>>
>>>>> This round changes only a few portability issues on Ubuntu, FreeBSD,
>>>>> and a major reworking of the "bond" and "dup" directives for interfaces.
>>>>> Give this a run, and if there are any problems, don't hesitate to send email !!!
>>>>>
>>>>> Hope all is most excellent!!!
>>>>>
>>>>> Carter
>>>>>
>>>>> Carter Bullard
>>>>> CEO/President
>>>>> QoSient, LLC
>>>>> 150 E 57th Street Suite 12D
>>>>> New York, New York  10022
>>>>>
>>>>> +1 212 588-9133 Phone
>>>>> +1 212 588-9134 Fax
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>> Carter Bullard
>>> CEO/President
>>> QoSient, LLC
>>> 150 E 57th Street Suite 12D
>>> New York, New York  10022
>>>
>>> +1 212 588-9133 Phone
>>> +1 212 588-9134 Fax
>>>
>>>
>>>
>>
>>
>
> Carter Bullard
> CEO/President
> QoSient, LLC
> 150 E 57th Street Suite 12D
> New York, New York  10022
>
> +1 212 588-9133 Phone
> +1 212 588-9134 Fax
>
>
>

More information about the argus mailing list