[ARGUS] Segfault on proto 58 (server/client v 5.0.2)
Patrick Forsberg
patrick.forsberg at chalmers.se
Mon Mar 17 15:59:59 EDT 2025
After painfully compiling argus-3.0.8.4 and doing a capture with that it
would seems that it is ICMPv6 PTB records that causes the segfault.
ra -r /var/log/argus/icmpv6.ra
StartTime Flgs Proto SrcAddr Sport
Dir DstAddr Dport TotPkts TotBytes State
03/17.19:45:27.0* M 58 ::.128
-> :: 39 3070 ECO
Segmentation fault (core dumped)
ra3 -r /var/log/argus/icmpv6.ra
StartTime Flgs Proto SrcAddr Sport
Dir DstAddr Dport TotPkts TotBytes State
19:32:08.761843 man 0
0 0 0 0 0 STA
19:45:27.004724 M 58 ::.128
-> ::.0 39 3070 ECO
19:45:28.683723 e 58 ::.2
-> ::.0 1 1294 PTB
Attached is some argus data containing ipv6 icmp captured with
argus-3.0.8.4 that causes the segfault
/Patrick
On 2025-03-17 19:25, Patrick Forsberg wrote:
>
> I installed and compiled argus and clients today, but when I run ra on
> captured data it segfaults pretty quickly.
>
> I've managed to narrow it down to being a problem with ipv6-icmp
> (protocol 58) since I can run 'ra -r <capture file> - not proto
> ipv6-icmp' without problems.
>
> Any suggestions on how I can dig further or even a suggestion on what
> the problem could be?
>
> Installation was pretty straightforward
>
> git clone https://github.com/openargus/argus
> git clone https://github.com/openargus/clients
>
> cd argus; ./configure && make && make install
> cd client; ./configure && make && make install
>
> All done on Ubuntu 24.04
>
> Regards,
>
> /Patrick
>
> --
> *Patrick Forsberg*
> IT-säkerhetsspecialist | IT Security Specialist
> Chalmers Cyber- och informationssäkerhetsgrupp (CCIG) | Chalmers IRT
> <abuse at chalmers.se> <mailto:abuse at chalmers.se>
>
> Chalmers verksamhetsstöd | Chalmers Operations Support
> IT-avdelningen | IT Office
> +46(0)31 772 5353
> Besöksadress: Teknikparken / Sven Hultins gata 9C
>
> *CHALMERS*
> Chalmers tekniska högskola | Chalmers University of Technology
> SE-412 96
> Göteborg | Gothenburg
> Sverige | Sweden
> www.chalmers.se <https://www.chalmers.se>
>
--
*Patrick Forsberg*
IT-säkerhetsspecialist | IT Security Specialist
Chalmers Cyber- och informationssäkerhetsgrupp (CCIG) | Chalmers IRT
<abuse at chalmers.se> <mailto:abuse at chalmers.se>
Chalmers verksamhetsstöd | Chalmers Operations Support
IT-avdelningen | IT Office
+46(0)31 772 5353
Besöksadress: Teknikparken / Sven Hultins gata 9C
*CHALMERS*
Chalmers tekniska högskola | Chalmers University of Technology
SE-412 96
Göteborg | Gothenburg
Sverige | Sweden
www.chalmers.se <https://www.chalmers.se>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20250317/a51a9720/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: icmpv6.ra.gz
Type: application/x-gzip
Size: 1540 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20250317/a51a9720/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4696 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20250317/a51a9720/attachment-0003.bin>
More information about the argus
mailing list