Argus 3.0.5.35 bug

Carter Bullard carter at qosient.com
Wed Oct 11 10:08:35 EDT 2017


Hey MIchael,
Well, there is no question that 0.0.128.254, is an ipv4 decoding of fe80:00: which is the upper 4 bytes of an IPv6 link local address.   I have all the code tar balls, but I don’t think that there is much reason to wade through argus-clients-3.0.5.35, as the issue you’re interested in was a bug that is probably corrected in the final distro tarball.  Our bug was so basic (decode an ipv6 buffer with an ipv4 printer) that anyone would be expected to do the same thing at some point in their code lifespan …. We just let ours out ;O). If you would like the tarball, I can send it to you ...

Carter 

> On Oct 11, 2017, at 9:41 AM, Michael Brookes <mgsb81 at gmail.com> wrote:
> 
> Hi
> 
> Reason I ask is because I saw the same munged ipv4 address (0.0.128.254) in a RADIUS log from a Cisco wlan ASC device I was looking at the other day.  So went Googling to find out what this address is all about; didn't really find anything other than the mailing post I mentioned and I'm keen to determine why this weird ipv4 address is in the calling station field in the log - perhaps it's actually an ipv6 address and Cisco have the bug too, or maybe I need to learn to google better. Can't see any 3.0.5 code in https://qosient.com/argus/src/archive/ <https://qosient.com/argus/src/archive/>.
> 
> Many thanks
> 
> 
>  
> 
> On 11 October 2017 at 13:31, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
> Hey Michael,
> Yes, I believe all released and development distros are/were all on the site ... possibly in an archive directory ... The odd distros are development code and the even are stable released code ... So ... whats up with looking at intermediate development code ... can’t imagine what you would be looking for ... can we help you with anything ???
> 
> Carter
>  <http://qosient.com/>	 	
> Carter Bullard  <mailto:carter at qosient.com>• CTO
> 150 E 57th Street Suite <https://maps.google.com/?q=150+E+57th+Street+Suite%C2%A012D+New+York,+New+York+10022&entry=gmail&source=g> 12D <https://maps.google.com/?q=150+E+57th+Street+Suite%C2%A012D+New+York,+New+York+10022&entry=gmail&source=g>
> New York, New York 10022 <https://maps.google.com/?q=150+E+57th+Street+Suite%C2%A012D+New+York,+New+York+10022&entry=gmail&source=g>-2795
> Phone +1.212.588.9133 <tel:(212)%20588-9133> • Mobile +1.917.497.9494 <tel:(917)%20497-9494>
> 
> On Oct 11, 2017, at 5:07 AM, Michael Brookes <mgsb81 at gmail.com <mailto:mgsb81 at gmail.com>> wrote:
> 
>> Very helpful thank you.
>> Don't suppose you have the code for 3.0.5.35 lying around?
>> 
>> On 11 October 2017 at 01:48, Carter Bullard <carter at qosient.com <mailto:carter at qosient.com>> wrote:
>>> Hey Michael,
>>> This bug, I believe, involved passing a buffer to the wrong IP address
>>> decoder/printer, where we told the routine that the address was an IPv4
>>> address, when it was really an IPv6 address.  The bit that indicated that it
>>> was IPv6 was masked off by mistake.  Argus has routines to print dozens of
>>> different types of network addresses, and like the OS, the routines don’t
>>> have much internal checking to verify the address type.  Pass the routine a
>>> buffer, and it will decode the binary based on the type you specify.  So you
>>> have to do some work to assure that the printer routine is appropriate for
>>> the address that is in the buffer you pass.  Seems that the bug was a typo
>>> in this case.
>>> 
>>> Hope this is helpful ...
>>> 
>>> Carter
>>> 
>>> 
>>> On Oct 10, 2017, at 5:53 AM, Michael Brookes <mgsb81 at gmail.com <mailto:mgsb81 at gmail.com>> wrote:
>>> 
>>> Hi
>>> 
>>> Strange one this, in a mailing post on 19 March 2012 a user describes a bug
>>> where a link local ipv6 address is being represented by an ipv4 address of
>>> 0.0.128.254.
>>> 
>>> I'm interested to know what this bug was and more generally how the v4
>>> address was determined.
>>> 
>>> The post is here: http://thread.gmane.org/gmane.network.argus/8405 <http://thread.gmane.org/gmane.network.argus/8405>
>>> 
>>> Many thanks
>>> 
>>> 
>>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20171011/9439b301/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4045 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20171011/9439b301/attachment.bin>


More information about the argus mailing list