drop request firstseqnum is 0
Carter Bullard
carter at qosient.com
Tue Nov 4 07:26:08 EST 2014
Hey /Elof,
Yes, this is caused by poorly formed UDT packets. UDT is a pretty cool
high performance transport protocol that is used in super computer and
cloud environments and argus has specific logic to track it. Argus
has detected a bad UDT control packet, but it should be a debug/info message,
not a terminating situation, even though its a protocol violation.
Apply this patch which comments out the test for protocol correctness, and changes
the log message from a LOG_ERR to LOG_INFO, and all will be well:
==== //depot/argus/argus/argus/ArgusUdt.c#8 - /Users/carter/argus/argus/argus/ArgusUdt.c ====
285a286
> #ifdef ARGUSDEBUG
288,289c289
< ArgusLog(LOG_ERR, "drop request firstseqnum is 0");
< #ifdef ARGUSDEBUG
---
> ArgusLog(LOG_INFO, "drop request firstseqnum is 0");
534a535
> #ifdef ARGUSDEBUG
537,538c538
< ArgusLog(LOG_ERR, "drop request firstseqnum is 0");
< #ifdef ARGUSDEBUG
---
> ArgusLog(LOG_INFO, "drop request firstseqnum is 0");
695a696
> /*
698a700
> */
757a760
> /*
760a764
> */
Carter
> On Nov 4, 2014, at 7:10 AM, elof2 at sentor.se wrote:
>
>
> Hi Carter!
>
> Do you know what kind of traffic might cause argus to die like this:
>
> 04 Nov 14 12:10:01.590219 drop request firstseqnum is 0
> 04 Nov 14 12:10:01.597120 stopped
>
>
> It happens on one sensor approximately every two weeks. This makes things very hard to debug and to create a pcap that contain the problematic data.
>
> /Elof
>
More information about the argus
mailing list