Argus 3.0.2/3.0.6.1 segfaults
Robert Kerr
r.kerr at cranfield.ac.uk
Wed May 29 12:09:02 EDT 2013
On 28/05/13 18:03, Carter Bullard wrote:
> Hey Robert,
> Sorry you're having problems.
> The warning messages are indicative of some weird issue(s), but
> argus does tolerate this situation pretty well. The wire can come up
> with strange protocols, or different encapsulations that causes us to
> try to formulate a 5-tuple flow key, but in a protocol that we don't know
> how to parse.
As far as I can recall I've always had the odd warning message and as
you say it hasn't caused crashes before. Happy to help you investigate
these once the crash is resolved.
[snip debug info]
> A way to debug this, I suspect, is to capture the packets on the same
> wire, to see if we can get argus to fail with a reproducible packet
> stream. I suspect that if you captured non-IP packets using
> tcpdump, we would find the offending packet, any opportunity
> to do that?
Possibly... do you think IPv6 traffic is a likely culprit or something
purely layer 2? Reason I ask is it's a dual stack segment with a healthy
amount of IPv6 traffic. Capturing non-IP should be relatively easy, but
capturing non-IPv4 is likely to run me out of disk space before the
issue reoccurs.
Thanks,
--
Robert Kerr
More information about the argus
mailing list