Argus 3.0.6 and dnaclusters

Chris Wakelin c.d.wakelin at reading.ac.uk
Thu Dec 13 19:17:06 EST 2012 

Here goes :)

> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.169756 ArgusNewModeler() returning 0x96d010
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.169941 ArgusNewSource(0x96d010) returning 0x7fe3f76f5010
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.169958 ArgusNewOutput() returning retn 0x96dd00
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171094 setArgusID(0x7fe3f76f5010, 0x7fff9bee08fc, 0x1) done
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171151 setArgusPortNum(561) returning
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171172 ArgusParseResourceFile: ArgusBindAddr "(null)" 
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171196 clearArgusDevice(0x7fe3f76f5010) returning
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171210 setArgusDevice(dnacl:1 at 12) returning
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.171741 setArgusInterfaceStatus(0x7fe3f76f5010, 1)
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.172926 ArgusEstablishListen(0x96dd00, 0x7fff9bee2960) binding: ::1:561 family: 10
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.172990 ArgusEstablishListen(0x96dd00, 0x7fff9bee2960) binding: 127.0.0.1:561 family: 2
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173010 ArgusEstablishListen(0x96dd00, 0x7fff9bee2960) returning 4
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173060 ArgusNewSocket (5) returning 0x7fe3f8f1d010
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173167 ArgusInitOutput() done
> argus-3.0.7.2-cdw[14851]: 14 Dec 12 00:14:48.173200 started
> argus-3.0.7.2-cdw[14851.0017abf6e37f0000]: 14 Dec 12 00:14:48.173198 ArgusOutputProcess(0x96dd00) starting
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173281 ArgusCloneSource(0x7fe3f76f5010) returning 0x7fe3f5ea6010
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.173298 clearArgusDevice(0x7fe3f5ea6010) returning
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200604 ArgusOpenInterface() pcap_open_live(dnacl:1 at 12) returned 0x97d7f0
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200657 Arguslookup_pcap_callback(1) returning 0x413a50
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200668 ArgusOpenInterface(0x7fe3f5ea6010, 'dnacl:1 at 12') returning 1
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200888 ArgusInitModeler(0x99b1b0) done
> argus-3.0.7.2-cdw[14851.0007fff8e37f0000]: 14 Dec 12 00:14:48.200898 ArgusInitSource(0x7fe3f5ea6010) returning 1
> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201035 ArgusGetPackets (0x7fe3f5ea6010) starting
> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201079 setArgusInterfaceStatus(0x7fe3f5ea6010, 1)
> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201093 ArgusGetPackets: interface  is selectable
> argus-3.0.7.2-cdw[14851.00273ee2e37f0000]: 14 Dec 12 00:14:48.201105 setArgusInterfaceStatus(0x7fe3f5ea6010, 1)

Best Wishes,
Chris

On 14/12/12 00:05, Carter Bullard wrote:
> Hey Chris,
> If its not there, I would say there is a problem.  If you run it with "-D 3" for a few packets,
> where is it saying that it is ?  ArgusGetPackets ?
> 
> Carter
> 
> 
> On Dec 13, 2012, at 7:01 PM, Chris Wakelin <c.d.wakelin at reading.ac.uk> wrote:
> 
>> That doesn't seem to make any difference, even with no traffic, or if I
>> make it 5 millseconds. Perhaps it doesn't get to that point in the code?
>>
>> Best Wishes,
>> Chris
>>
>> On 13/12/12 23:51, Carter Bullard wrote:
>>> Hmmmm,
>>> Well on line 3907 in ArgusSource.c, we come out of a series
>>> of select() calls, and various workarounds, for various bugs, 
>>> and if we don't have any packets, we set the global time and
>>> continue.  We could put a nanosleep() there, to give up the
>>> run queue for a little while.  I'd put it right before the getimeofday()
>>> call on line 3908.  Maybe sleep for 50 uSeconds?
>>>
>>> Try this patch:
>>>
>>> ==== //depot/argus/argus/argus/ArgusSource.c#104 - /Volumes/Users/carter/argus/argus/argus/ArgusSource.c ====
>>> 3907a3908,3910
>>>>                                 struct timespec tsbuf = {0, 50000}, *ts = &tsbuf;
>>>>                                 nanosleep(ts, NULL);
>>>>
>>>
>>> To see if that doesn't do something?
>>>
>>> Carter 

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094

More information about the argus mailing list