Strange Argus Client IPv6 Filter Behavior
Carter Bullard
carter at qosient.com
Fri Jul 15 10:11:38 EDT 2011
Hey Dave,
I'm sorry for the delayed response!! Yes I found the bug. We were setting the mask length for
default IPv6 to zero, rather than 128. So, explicitly setting the masklen corrected the error.
Its now in the code base, which I will upload later today/tomorrow.
Again sorry for the delay.
Hope all is most excellent,
Carter
On Jul 6, 2011, at 9:55 PM, Dave Edelman wrote:
> This one is strange even by my standards, I've had the same results on both
> Fedora 14 - 64 bit and Fedora 12 32 bit systems.
> The environment is mixed IPv4 and IPv6. I have used both argus 3.0.3.3 and
> argus 3.0.5.3 to capture the flows and that doesn't seem to make any
> difference.
>
> ra -r argus.out - host 2001:470:8d5c:1:1552:bef3:8139:3cce
> ra[21832]: 07-06-11 21:38:21.996 host 2001:470:8d5c:1:1552:bef3:8139:3cce
> filter syntax error
>
>
> ra -r argus.out - net 2001:470:8d5c:1:1552:bef3:8139:3cce/128
> StartTime Flgs Proto SrcAddr
> Sport Dir DstAddr Dport TotPkts
> TotBytes State
> 07-06-11 21:07:31.469 e tcp 2001:470:8d5c:1:1552:bef*.vmsvc-2
> -> 2001:1890:1c00:1701::2011.http 98 74771 CON
> 07-06-11 21:07:31.468 e ipv6-* 2001:470:8d5c:1:1552:bef*.135
> -> ff02::1:ffb2:b3b2.0 1 86 NNS
> 07-06-11 21:07:31.469 e ipv6-* 2001:470:8d5c:1::1.135
> <-> 2001:470:8d5c:1:1552:bef*.0 4 344 NNS
>
>
> I do not have this problem with argus clients 3.0.4.1 on the same data set.
>
> I can send a capture sample if you need one but I'm not sure if I need a
> permit to transport toxic waste (aka IPv6)
>
> Argus bugreport says the following:
>
> System: Linux xxx.net 2.6.32.26-175.fc12.i686.PAE #1 SMP Wed Dec 1 21:45:50
> UTC 2010 i686 i686 i386 GNU/Linux
> Arch: i686
>
> Paths: /usr/local/bin/ra /usr/bin/make /usr/bin/gmake /usr/lib/ccache/gcc
> /usr/lib/ccache/cc
>
> RA: Ra Version 3.0.5.16
>
> GCC: Using built-in specs.
> Target: i686-redhat-linux
> Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
> --infodir=/usr/share/info --with-bugurl=http://bugzil
> la.redhat.com/bugzilla --enable-bootstrap --enable-shared
> --enable-threads=posix --enable-checking=release --with-system-
> zlib --enable-__cxa_atexit --disable-libunwind-exceptions
> --enable-gnu-unique-object --enable-languages=c,c++,objc,obj-c+
> +,java,fortran,ada --enable-java-awt=gtk --disable-dssi --enable-plugin
> --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.
> 0.0/jre --enable-libgcj-multifile --enable-java-maintainer-mode
> --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-
> libjava-multilib --with-ppl --with-cloog --with-tune=generic
> --with-arch=i686 --build=i686-redhat-linux
> Thread model: posix
> gcc version 4.4.4 20100630 (Red Hat 4.4.4-10) (GCC)
>
> LIBC:
> lrwxrwxrwx 1 root root 14 2010-12-31 21:30 /lib/libc.so.6 -> libc-2.11.2.so
> -rwxr-xr-x 1 root root 1831904 2010-10-22 14:07 /lib/libc-2.11.2.so
> -rw-r--r-- 1 root root 238 2010-10-22 13:36 /usr/lib/libc.so
> -rwxr-xr-x 1 root root 1112432 2009-09-16 15:24 /usr/lib/libc-client.so.2007
>
> --Dave
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20110715/53c4fde5/attachment.bin>
More information about the argus
mailing list