ra clients (3.0.5.16) segfault when displaying a flow record with protocol 33079 (IPX)
Carter Bullard
carter at qosient.com
Tue Jul 12 13:42:06 EDT 2011
Hey Kevin,
if you could send an argus file that generates the setfault, I can debug tonight.
Carter
On Jul 12, 2011, at 12:11 PM, The Branches <branchbunch at gmail.com> wrote:
> Carter,
>
> On a 32 bit CentOS 5.6 host, when I use argus on a tcpdump capture file consisting of a single packet of IP protocol 33079 (coming from an HP network printer I believe)
>
> argus -X -r ipx.cap -w ipx.arg
>
> I get an immediate segfault if I then run
>
> # ra -r ipx.arg -n
> Segmentation fault
>
> but if I force it to not resolve the protocol name, it works fine
>
> # ra -r ipx.arg -nn
> 10:00:02.549418 e 33079 0:30:c1:c4:80:b1.0 -> ff:ff:ff:ff:ff:ff.0 1 110 INT
>
> It also works fine if I use a -w parameter instead of having ra send textual flow summaries to stdout.
>
> When I originally encountered this issue, I had a full tcpdump cap file with these IPX packets interspersed. When I tried to use ra on the file, the records scrolled by until an IPX flow was hit, at which point it segfaulted.
>
> Sounds like an easy bug fix to me. If it would help, I'm happy to pass on the tcpdump cap file with the offending packet in it.
>
> Kevin
>
More information about the argus
mailing list