Segmentation fault error in racluster 3.0.7.7 and 3.0.7.9

Carter Bullard carter at qosient.com
Mon Aug 19 11:08:31 EDT 2013 

Hey Sebastian,
Looking at the file you sent, it has been mangled a number of times.
Some records don't have a flow descriptor, so no protocol, no addresses,
when they have addresses they are all /8 CIDR addresses, and many
of the records don't have any metrics in them at all, or the metrics
are non-sensical;  10's of thousands of packets, and only 1 byte,
just as an example.

I've fixed the bug, and we can process the file now, but I'm thinking
that it may have been better, in this case, to segfault.

So how did you generate this file?

Carter



On Aug 19, 2013, at 8:30 AM, Sebastian Garcia <sebastian.garcia at agents.fel.cvut.cz> wrote:

> Hi list, I wanted to report a segfault error on racluster.
> 
> For some unknown reasons, when processing a certain argus file with
> racluster, I've got a segmentation fault. I'm providing the example
> argus file.
> 
> If you run:
> racluster -N 27 -n -r segfault1
> 
> Ther is no problems.
> 
> If you run:
> racluster -N 28 -n -r segfault1
> 
> And you will get:
> Segmentation fault
> 
> 
> I'm not sure why we have this problem. I was playing with filters and
> labels when I found it. First I saw that the labels had an strange
> character at the end. For example:
> 
> 2011/08/17 12:01:04.143218        5.142595             udp
>        x.x.x.x     *         <->                   y.y.y.y     domain
>     CON     0       0         40              4150    20     0.000415
>       0.000395          7.583720
> 
> To-Normal-DNS-Server�:To-Normal-DNS-Server�:To-Normal-DNS-Server9:To-Normal-DNS-Server!:To-Normal-*
> 
> Here we should be getting only one label: "To-Normal-DNS-Server" and
> not a lot of them.
> I thought that may be the error was related to the labels, but then I
> modify the argus file with ranonymizer and run racluster without
> labels and it had the segfault error too.
> 
> I'm providing this for analysis. If you need more information just tell me.
> 
> Versions:
> Argus: 3.0.6.1
> Argus-clients with the problem (at least): 3.0.7.7 and 3.0.7.9
> 
> Thanks
> sebastian
> <segfault1>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7322 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130819/27b472c6/attachment.bin>

More information about the argus mailing list