RA --net Filter Limit Questions

[Clayton Hamilton via Argus-info]

Hi all,

Asking for a friend (cc'd):

The below query works great as is. However, when the "iparray" array has
more than ~250 IP addresses, it doesn't work. I can clearly see that it's
running and attempts to pull files, but it fails. If the array has less
than 250 IP addresses, it works fine and creates all the files based on the
filter. This led me to believe there was a limit put on ra either in a .h
file, .conf file, or hardcodes into ra itself. Searching through as many .h
and .conf files as I could find, I couldn't find any indication of a filter
limitation that I could've changed.

Does anyone have answers for the questions below? Script provided below for
reference:

1. Does 'ra' have a limit on its filter, specifically with the 'net' option?
2. If it does have a limit, are we able to change the limit in a .conf or
.h file?
3. If it has a limit hard coded into 'ra' itself, can we request the limit
be lifted?
4. If there is no limit, I request this issue be entered as a bug, and to
please fix with the next package update.

We have thousands of malicious IPs that I would love to input directly into
a ra filter to read existing ra binaries. If we don't have to spend the
time to split the array into 250 IP address chunks, it would save a great
deal of time.

---BEGIN---

date="20160710"
iparray=(192.168.1.100 10.10.10.1)
servers="AAA BBB"
NETVAR=$(echo ${iparray[@]} | sed 's/ / or net /g')

for server in ${servers} ; do
    find /argusbinarypath/${server}/binary/${date} -type f -name
"argusbinaryfilename*" -print0 |\
    nice -15 xargs -0 -P4 -I binfile sh -c '
    base=$(basename binfile)
    name=${base##*/}
    server=$(echo binfile | cut -d '/' -f5)
    ra -L -1 -r binfile -w ${server}.${name} -- net '"${NETVAR}"' ' --
binfile
done

---END---

Thank you,
Clay.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160712/a741411f/attachment.html>