new argus-clients-3.0.7.14 on the server

Carter Bullard carter at qosient.com
Tue Aug 20 15:50:31 EDT 2013 

Hey Sebas,
Here is a patch for your segmentation fault bug, if
you're comfortable making the changes yourself.


thoth:common carter$ p4 diff argus_label.c
==== //depot/argus/clients/common/argus_label.c#51 - /Volumes/Users/carter/argus/clients/common/argus_label.c ====
1011a1012
>             str = strbuf;

If not, I've also included a new argus_label.c, so replace your ./common/argus_label.c with this one,
and recompile.  All should work well.

I'll have a new client package up in a few days.

Carter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus_label.c
Type: application/octet-stream
Size: 133726 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130820/640a258e/attachment.obj>
-------------- next part --------------

On Aug 20, 2013, at 3:21 PM, el draco <eldraco at gmail.com> wrote:

> Hi Carter. ralabel still has the segfault
> 
> RaLabeler Version 3.0.7.14
> 
> ./bin/ralabel -f ralabel.segfault.conf
> Segmentation fault
> 
> Thanks for the great job you are doing!
> Tell me if you need more tests.
> sebas
> 
> 
> On Tue, Aug 20, 2013 at 4:59 PM, Carter Bullard <carter at qosient.com> wrote:
>> Gentle people,
>> New client code up on the server.  This release fixes all
>> known bugs that has been reported on the list, as well as
>> having major modifications to rapath().
>> 
>> New code has been added as guards around the reported
>> label problems, but I am not sure that it has fixed
>> the problem.  If we could test that, that would be great !!!
>> 
>> We've made some big changes to rapath().  rapath() extracts
>> topology information from argus data.  Basically it takes all
>> data that has ICMP TXD messages mapped to it, and tabulates path
>> information where it can.  This has the effect of capturing all
>> traceroutes() that are observed by argus, regardless of the
>> techniqu;  UDP, TCP or ICMP based, weather its vanilla or paris method,
>> or several of the proprietary strategies seen in intrusions.
>> 
>> We've changed the default output of the graph that rapath.1
>> generates (using the -A option) to include the srcid, saddr
>> and daddr, so that you can build topology from just the
>> graphs.  I'll add the stime and duration as well, but need
>> to figure out some command line options to control all these
>> new fields.  Also rapath() is going to get a realtime mode,
>> currently, its a " read a file, generate some output " type of
>> tool.
>> 
>> Please grab this code and give it a run.  I'm hoping to
>> release 3.0.7.x as 3.0.8 in the next month, so if there are
>> any gotchas, don't hold back.
>> 
>> Carter
>> 
> <ralabel.segfault.conf><test-flowfilter.conf>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7322 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130820/640a258e/attachment.bin>

More information about the argus mailing list