Argus 3.0.6 and dnaclusters

Thu Dec 13 17:11:56 EST 2012

If I remember, the 100% CPU was a bug in the DNA code itself?
Was there a resolution to that?
If you would be a guinea pig, we can play around with it?

Carter 

On Dec 13, 2012, at 4:30 PM, Chris Wakelin <c.d.wakelin at reading.ac.uk> wrote:

> I've just tried 3.0.7.2 with latest PF_RING svn (post v5.5.1) and DNA
> clusters on a test machine. It looks like we do still need the name
> change (added "dna" to the list of interfaces that includes "dag" and
> "napa") and it still uses 100% of CPU, but otherwise appears to work.
> 
> Best Wishes,
> Chris
> 
> On 13/12/12 15:35, Carter Bullard wrote:
>> Hey Craig,
>> We worked this out quite a bit a few months ago, on the list, and argus-3.0.7.2
>> has a lot of changes to make non-selectable interfaces work better.  All tested
>> on Napatech interfaces.
>> 
>> Here is a preliminary copy of argus-3.0.7.2 that should work well, but we may
>> have to make an additional name change, if the dnacluster interface doesn't
>> respond to the ioctl's properly.
>> 
>> Please give this a try;  yell if it doesn't work, and send a note if it does.
>> If you have any problems, yell at me !!!!
>> 
>> Carter
>> 
>> 
>> 
>> 
>> On Dec 12, 2012, at 8:37 PM, Craig Merchant <cmerchant at responsys.com 
>> <mailto:cmerchant at responsys.com>> wrote:
>> 
>>> I saw this thread about how to run Argus using PF_RING DNA/libzero:
>>> http://comments.gmane.org/gmane.network.argus/8608
>>> When I looked the ArgusSource.c file, it looks like the logic for detecting 
>>> the devices has changed.
>>> If I compile argus with the native files and start it with –i 
>>> dnacluster:10 at 18, it doesn’t start.
>>> I tried copying the logic for a “dag” adapter and changed it to “dna” since 
>>> the physical interface shows up as dna0:
>>>   if (strstr(device->name, "dna")) {
>>>      for (i = 0; i < src->ArgusInterfaces; i++) {
>>>         if (src->ArgusInterface[i].ArgusPd && 
>>> (pcap_fileno(src->ArgusInterface[i].ArgusPd) > 0))
>>>            bzero ((char *)&src->ArgusInterface[i].ifr, sizeof(ifr));
>>>         src->ArgusInterface[i].ifr.ifr_flags |= IFF_UP;
>>>         setArgusInterfaceStatus(src, 1);
>>>      }
>>>      return;
>>>   }
>>> Argus compiled with that setting is able to start, but it runs at 100% CPU and 
>>> doesn’t display any traffic.
>>> I can do tcpdump –i dnacluster:10 at 18 and see traffic from pfdnacluster_master, 
>>> so that libzero interface is available.
>>> How can I adjust that file so Argus can use a dnacluster:X at Y interface?  It 
>>> doesn’t need to put the interface into promiscuous mode or anything like 
>>> that.  I’m not a developer at all…
>>> Thx.
>>> 
>>> Craig
>> 
>> =
>> 
> 
> 
> -- 
> --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
> Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
> IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
> Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/5aae12ea/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20121213/5aae12ea/attachment.bin>