Argus SrcID And SrcID filtering

Carter Bullard carter at qosient.com
Thu Dec 8 20:06:48 EST 2011 

Yes argus's current filter support is a subset pf the clients.  It will be updated prior to release.  This filter will work:

    ra ....... - local srcid \"eth0\"

This will provide filtering by the local ra, rather than the remote argus.  Temporary work around.

Carter

Carter Bullard, QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax

On Dec 8, 2011, at 6:12 PM, CS Lee <geek00l at gmail.com> wrote:

> hi Carter,
> 
> I did try to escape the quote -
> 
> ./ra -L0 -S url://127.0.0.1 -s srcid saddr sport dir daddr dport - srcid \"eth0\"
> ra[18428]: 15:12:55.910966 remote Filter error
> 
> From argus side, I got this - 
> 
> argus -mAJZRU 512 -i eth0/\"eth0\" -B 127.0.0.1 -P 561
> 
> argus[16475]: 08 Dec 11 08:29:51.336199 started
> argus[16475]: 08 Dec 11 08:29:51.371174 ArgusGetInterfaceStatus: interface eth0 is up
> 
>  argus[18382]: 08 Dec 11 15:09:05.085784 illegal char '"'
> argus[18388]: 08 Dec 11 15:09:52.731229 illegal char '"'
> argus[18401]: 08 Dec 11 15:10:17.372676 illegal char '"'
> 
> 
> 
> 
> On Fri, Dec 9, 2011 at 3:55 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey CS Lee,
> You need to escape the double quotes, so that they make it into the compiler:
> 
>    ra -S URI://127.0.0.1:561 -s srcid saddr sport dir daddr dport - srcid \"eth0\"
> 
> without the quotes, ra will think you are looking for the IP address of the host 'eth0',
> which probably is not in your namespace.
> 
> So without making a bit of a change in the srcid DSR definition, you only get 4 bytes
> for the srcid.  This can change in 3.0.8, but right now you're limited to only
> 4 chars (32-bits).
> 
> Carter
> 
> On Dec 8, 2011, at 3:40 AM, CS Lee wrote:
> 
>> hi Carter,
>> 
>> I would like to assign network interface name as srcid for argus, however in most condition 4 bytes looks enough, if I use freebsd and some of intel nic, it does have ixgbe as nic name, can it change from 4 bytes to say 8 bytes instead.
>> 
>> By the way filtering by srcid is not working -
>> 
>> argus -mAJZRU 512 -i eth0/\"eth0\" -B 127.0.0.1 -P 561
>> ra -S URI://127.0.0.1:561 -s srcid saddr sport dir daddr dport - srcid "eth0"
>> ra[13898]: 00:42:09.339847 srcid eth0 unknown
>> ra[13897]: 00:42:09.554215 srcid eth0 filter syntax error
>> 
>> 
>> -- 
>> Best Regards,
>> 
>> CS Lee<geek00L[at]gmail.com>
>> 
>> http://geek00l.blogspot.com
>> http://defcraft.net
> 
> 
> 
> 
> -- 
> Best Regards,
> 
> CS Lee<geek00L[at]gmail.com>
> 
> http://geek00l.blogspot.com
> http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20111208/e10ed819/attachment.html>

More information about the argus mailing list