ranonymize segfaults when doing specific host translations

Carter Bullard carter at qosient.com
Tue Mar 3 10:59:20 EST 2015


Hey Brad,
Sorry you’re having problems.  The configuration specifies the
mapping of addresses, 1st CIDR is changed to the 2nd CIDR.

The specific host exception is corrupting the target lookup
hash table chain, which leaves the last element without a
return pointer (I know … knowing the reason doesn’t make it
work better, but at least you know that I know there is a
problem).  This will take a little time to trouble shoot,
but since its causing a segfault, I’ll try to get to it today.

There is a group at cs.colostate.edu <http://cs.colostate.edu/> that has been working on
performance improvements in ranonymize.c, it maybe that they
have seen this problem as well ???

Carter

> On Mar 3, 2015, at 10:23 AM, Brad <brad at vt.edu> wrote:
> 
> Argus devs,
> 
> We are using argus-clients-3.0.8 (current stable) on Centos 6.6 (Final x86_64). We built argus-clients with the default configuration:
> 
>     ./configure
>     make
>     make install
> 
> In this environment, ranonymize segfaults when doing specific host to host translations. Here is the line in the ranonymize conf file (which when used) causes the segfault:
> 
>     RANON_SPECIFY_HOST_TRANSLATION=128.173.1.1::192.168.1.1
> 
> We've tried this line both ways original_ip::anon_ip and anon_ip::original_ip. Unless we missed it, the documentation is not clear on what side is the original_ip and what side is the anon_ip. We've also tried using different RFC 1918 addys as the anon_ip. In all cases, the segfault occurs.
> 
> We touched .devel and then re-built the clients. Here is the line number where the segfault occurs.
> 
> # valgrind
> ==31829== Invalid read of size 4
> ==31829==    at 0x406C68: RaMapFindHashObject (ranonymize.c:1461)
> ==31829==    by 0x40683C: RaMapInventory (ranonymize.c:1338)
> ==31829==    by 0x407E18: ArgusAnonymizeFlow (ranonymize.c:1996)
> ==31829==    by 0x405425: RaProcessRecord (ranonymize.c:703)
> ==31829==    by 0x4176CD: RaScheduleRecord (argus_util.c:2664)
> ==31829==    by 0x417CDD: ArgusHandleRecord (argus_util.c:2778)
> ==31829==    by 0x46329C: ArgusReadStreamSocket (argus_client.c:440)
> ==31829==    by 0x463473: ArgusReadFileStream (argus_client.c:496)
> ==31829==    by 0x408AEC: main (argus_main.c:253)
> ==31829==  Address 0x14 is not stack'd, malloc'd or (recently) free'd
> 
> # gdb
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000406c68 in RaMapFindHashObject (table=0x712ba0, obj=0x7ffff7e3b33c, type=16, len=4)
>     at ./ranonymize.c:1461
> /root/argus-clients-3.0.8/clients/ranonymize.c:1461:48073:beg:0x406c68
> 
> Please let us know if we can do anything to test this further.
> 
> Brad

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150303/7ee22353/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150303/7ee22353/attachment.sig>


More information about the argus mailing list