Argus 3.0.6 and dnaclusters

Chris Wakelin c.d.wakelin at reading.ac.uk
Thu Dec 13 16:30:19 EST 2012


I've just tried 3.0.7.2 with latest PF_RING svn (post v5.5.1) and DNA
clusters on a test machine. It looks like we do still need the name
change (added "dna" to the list of interfaces that includes "dag" and
"napa") and it still uses 100% of CPU, but otherwise appears to work.

Best Wishes,
Chris

On 13/12/12 15:35, Carter Bullard wrote:
> Hey Craig,
> We worked this out quite a bit a few months ago, on the list, and argus-3.0.7.2
> has a lot of changes to make non-selectable interfaces work better.  All tested
> on Napatech interfaces.
> 
> Here is a preliminary copy of argus-3.0.7.2 that should work well, but we may
> have to make an additional name change, if the dnacluster interface doesn't
> respond to the ioctl's properly.
> 
> Please give this a try;  yell if it doesn't work, and send a note if it does.
> If you have any problems, yell at me !!!!
> 
> Carter
> 
> 
> 
> 
> On Dec 12, 2012, at 8:37 PM, Craig Merchant <cmerchant at responsys.com 
> <mailto:cmerchant at responsys.com>> wrote:
> 
>> I saw this thread about how to run Argus using PF_RING DNA/libzero:
>> http://comments.gmane.org/gmane.network.argus/8608
>> When I looked the ArgusSource.c file, it looks like the logic for detecting 
>> the devices has changed.
>> If I compile argus with the native files and start it with –i 
>> dnacluster:10 at 18, it doesn’t start.
>> I tried copying the logic for a “dag” adapter and changed it to “dna” since 
>> the physical interface shows up as dna0:
>>    if (strstr(device->name, "dna")) {
>>       for (i = 0; i < src->ArgusInterfaces; i++) {
>>          if (src->ArgusInterface[i].ArgusPd && 
>> (pcap_fileno(src->ArgusInterface[i].ArgusPd) > 0))
>>             bzero ((char *)&src->ArgusInterface[i].ifr, sizeof(ifr));
>>          src->ArgusInterface[i].ifr.ifr_flags |= IFF_UP;
>>          setArgusInterfaceStatus(src, 1);
>>       }
>>       return;
>>    }
>> Argus compiled with that setting is able to start, but it runs at 100% CPU and 
>> doesn’t display any traffic.
>> I can do tcpdump –i dnacluster:10 at 18 and see traffic from pfdnacluster_master, 
>> so that libzero interface is available.
>> How can I adjust that file so Argus can use a dnacluster:X at Y interface?  It 
>> doesn’t need to put the interface into promiscuous mode or anything like 
>> that.  I’m not a developer at all…
>> Thx.
>>
>> Craig
> 
> =
> 


-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094



More information about the argus mailing list