Argus client program patch
Jonathan Steel
jon.steel at esentire.com
Mon Mar 15 15:58:25 GMT 2010
There is an issue with the argus-client 2.0.6.fixes.1-3 package on 64
bit machines. The filters basically don't work at all. I have attached a
patch that fixes the issue. It was basically a result of a hard coded
offset into a structure.
Thanks,
Jonathan Steel
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_gencode_amd64_offsets.dpatch by <jon.steel at esentire.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fixes FTBFS #285465 on AMD64.
@DPATCH@
diff -urNad argus-client-2.0.6.fixes.1/common/gencode.c /tmp/dpep.MCZNLM/argus-client-2.0.6.fixes.1/common/gencode.c
--- argus-client-2.0.6.fixes.1/common/gencode.c 2010-03-15 15:10:31.000000000 -0500
+++ /tmp/dpep.MCZNLM/argus-client-2.0.6.fixes.1/common/gencode.c 2010-03-15 15:10:31.000000000 -0500
@@ -68,6 +68,16 @@
#include <argus_def.h>
#include <ethertype.h>
+/*
+ * The ArgusTimeDesc struct was written with two timeval structs. The code
+ * generated for the filters uses an offset for jumping into the acr_union of
+ * an ArgusCanonicalRecord struct. However, before this struct is an
+ * ArgusFarStruct that has an ArgusTimeDesc in it. The offsets generated assumes
+ * that a struct timeval is 8 bytes, but on 64 bit machines it is 16 bytes.
+ * An ArgusTimeDesc has two timevals in it, so these offsets are off by 16
+ * bytes. The following value will account for that.
+ */
+#define ARGUS_TIME_HEADER_OFF ((sizeof(struct timeval) - 8) * 2)
#ifndef __GNUC__
#define inline
@@ -522,11 +532,11 @@
switch (proto) {
case ARGUS_SRC_PKTS_RETRANS:
- b0 = Argusgen_cmp(116, BPF_W, 0);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 116, BPF_W, 0);
Argusgen_not(b0);
break;
case ARGUS_DST_PKTS_RETRANS:
- b0 = Argusgen_cmp(128, BPF_W, 0);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 128, BPF_W, 0);
Argusgen_not(b0);
break;
}
@@ -667,19 +677,19 @@
switch (proto) {
case IPPROTO_RTP:
- b0 = Argusgen_cmp(48, BPF_B, (u_int) IPPROTO_UDP);
- b1 = Argusgen_cmp(49, BPF_B, (u_int) ARGUS_RTP_FLOWTAG);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 48, BPF_B, (u_int) IPPROTO_UDP);
+ b1 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 49, BPF_B, (u_int) ARGUS_RTP_FLOWTAG);
Argusgen_and(b0, b1);
break;
case IPPROTO_RTCP:
- b0 = Argusgen_cmp(48, BPF_B, (u_int) IPPROTO_UDP);
- b1 = Argusgen_cmp(49, BPF_B, (u_int) ARGUS_RTCP_FLOWTAG);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 48, BPF_B, (u_int) IPPROTO_UDP);
+ b1 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 49, BPF_B, (u_int) ARGUS_RTCP_FLOWTAG);
Argusgen_and(b0, b1);
break;
default: /* all the flow protocols */
- b1 = Argusgen_cmp(48, BPF_B, (u_int) proto);
+ b1 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 48, BPF_B, (u_int) proto);
break;
}
@@ -772,21 +782,21 @@
switch (proto) {
case Q_DEFAULT:
- b0 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_ARP, 40, 44);
- b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, 40, 44);
+ b0 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_ARP, ARGUS_TIME_HEADER_OFF + 40, ARGUS_TIME_HEADER_OFF + 44);
+ b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, ARGUS_TIME_HEADER_OFF + 40, ARGUS_TIME_HEADER_OFF + 44);
Argusgen_or(b0, b1);
break;
case Q_IP:
- b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, 40, 44);
+ b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, ARGUS_TIME_HEADER_OFF + 40, ARGUS_TIME_HEADER_OFF + 44);
break;
case Q_ARP:
- b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_ARP, 40, 44);
+ b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_ARP, ARGUS_TIME_HEADER_OFF + 40, ARGUS_TIME_HEADER_OFF + 44);
break;
case Q_RARP:
- b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 40, 44);
+ b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_REVARP, ARGUS_TIME_HEADER_OFF + 40, ARGUS_TIME_HEADER_OFF + 44);
break;
case Q_TCP:
@@ -802,7 +812,7 @@
ArgusLog(LOG_ERR, "'rtcp' modifier applied to host");
case Q_ICMP:
- b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, 112, 116);
+ b1 = Argusgen_hostop(addr, mask, dir, ETHERTYPE_IP, ARGUS_TIME_HEADER_OFF + 112, ARGUS_TIME_HEADER_OFF + 116);
break;
default:
@@ -950,8 +960,8 @@
break;
case Q_ECHO:
- b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x08);
- b1 = Argusgen_cmp(50, BPF_B, (u_int) 0x00);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 50, BPF_B, (u_int) 0x08);
+ b1 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 50, BPF_B, (u_int) 0x00);
Argusgen_or(b0, b1);
b0 = Argusgen_prototype(IPPROTO_ICMP);
Argusgen_and(b0, b1);
@@ -959,7 +969,7 @@
case Q_UNREACH:
b1 = Argusgen_prototype(IPPROTO_ICMP);
- b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x03);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 50, BPF_B, (u_int) 0x03);
Argusgen_and(b0, b1);
b0 = Argusgen_Farstatustype(ARGUS_ICMPUNREACH_MAPPED);
@@ -968,7 +978,7 @@
case Q_REDIRECT:
b1 = Argusgen_prototype(IPPROTO_ICMP);
- b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x05);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 50, BPF_B, (u_int) 0x05);
Argusgen_and(b0, b1);
b0 = Argusgen_Farstatustype(ARGUS_ICMPREDIREC_MAPPED);
@@ -977,7 +987,7 @@
case Q_TIMEXED:
b1 = Argusgen_prototype(IPPROTO_ICMP);
- b0 = Argusgen_cmp(50, BPF_B, (u_int) 0x0B);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 50, BPF_B, (u_int) 0x0B);
Argusgen_and(b0, b1);
b0 = Argusgen_Farstatustype(ARGUS_ICMPTIMXCED_MAPPED);
@@ -1050,25 +1060,25 @@
static struct ablock *
Argusgen_ttlatom(int off, u_int v)
{
- return Argusgen_cmp(60 + off, BPF_B, (u_int)v);
+ return Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 60 + off, BPF_B, (u_int)v);
}
static struct ablock *
Argusgen_tosatom(int off, u_int v)
{
- return Argusgen_cmp(62 + off, BPF_B, v);
+ return Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 62 + off, BPF_B, v);
}
static struct ablock *
Argusgen_vidatom(int off, u_int v)
{
- return Argusgen_cmp(316 + off, BPF_H, v);
+ return Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 316 + off, BPF_H, v);
}
static struct ablock *
Argusgen_midatom(int off, u_int v)
{
- return Argusgen_cmp(324 + off, BPF_W, v);
+ return Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 324 + off, BPF_W, v);
}
static struct ablock *
@@ -1076,7 +1086,7 @@
int off;
long v;
{
- return Argusgen_cmp(50 + off, BPF_H, (u_int)v);
+ return Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 50 + off, BPF_H, (u_int)v);
}
struct ablock *
@@ -1462,19 +1472,19 @@
case Q_FRAG: {
proto = ARGUS_FRAGMENTS;
switch (dir) {
- case Q_SRC: b1 = Argusgen_mcmp(56, BPF_H, (u_int) proto, proto); break;
- case Q_DST: b1 = Argusgen_mcmp(58, BPF_H, (u_int) proto, proto); break;
+ case Q_SRC: b1 = Argusgen_mcmp(ARGUS_TIME_HEADER_OFF + 56, BPF_H, (u_int) proto, proto); break;
+ case Q_DST: b1 = Argusgen_mcmp(ARGUS_TIME_HEADER_OFF + 58, BPF_H, (u_int) proto, proto); break;
case Q_AND:
- b0 = Argusgen_mcmp(56, BPF_H, (u_int) proto, proto);
- b1 = Argusgen_mcmp(58, BPF_H, (u_int) proto, proto);
+ b0 = Argusgen_mcmp(ARGUS_TIME_HEADER_OFF + 56, BPF_H, (u_int) proto, proto);
+ b1 = Argusgen_mcmp(ARGUS_TIME_HEADER_OFF + 58, BPF_H, (u_int) proto, proto);
Argusgen_or(b0, b1);
break;
default:
case Q_OR:
- b0 = Argusgen_mcmp(56, BPF_H, (u_int) proto, proto);
- b1 = Argusgen_mcmp(58, BPF_H, (u_int) proto, proto);
+ b0 = Argusgen_mcmp(ARGUS_TIME_HEADER_OFF + 56, BPF_H, (u_int) proto, proto);
+ b1 = Argusgen_mcmp(ARGUS_TIME_HEADER_OFF + 58, BPF_H, (u_int) proto, proto);
Argusgen_or(b0, b1);
break;
}
@@ -1485,7 +1495,7 @@
}
case Q_FRAG_ONLY: {
- b1 = Argusgen_cmp(49, BPF_B, (u_int) ARGUS_FRAG_FLOWTAG);
+ b1 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 49, BPF_B, (u_int) ARGUS_FRAG_FLOWTAG);
break;
}
@@ -2240,9 +2250,9 @@
case Q_IP:
case Q_DEFAULT:
- b1 = Argusgen_cmp(40, BPF_B, (u_int) 224);
+ b1 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 40, BPF_B, (u_int) 224);
b1->s.code = JMP(BPF_JGE);
- b0 = Argusgen_cmp(44, BPF_B, (u_int) 224);
+ b0 = Argusgen_cmp(ARGUS_TIME_HEADER_OFF + 44, BPF_B, (u_int) 224);
b0->s.code = JMP(BPF_JGE);
Argusgen_or(b0, b1);
b0 = Argusgen_Farstatustype(ETHERTYPE_IP);
More information about the Ubuntu-motu
mailing list