Re: Upgrading to 1.1.0.

2005-03-10 Thread Marko Riedel 

Hello there,

thank you for pointing out that the "from" field was empty. This
helped me track down the problem to the following spot:

while ($n = select ($niovec = $iovec, undef, undef, $sleep)) {
my $tm1 = [gettimeofday];

if ($! != &EINTR)
{
#
# mon trap
#
if (vec ($niovec, fileno (TRAPSERVER), 1)) {
my ($from, $trapbuf);
if (!defined ($from = recv (TRAPSERVER, $trapbuf, 65536, 0))) {
syslog ('err', "error trying to recv a trap: $!");
} else {
open DEBUG, '>>/tmp/dbg';
print DEBUG $trapbuf . "FROM: <$from>\n";
close DEBUG;

handle_trap ($trapbuf, $from);
}
next;


It turns out that "recv" returns a nonsensical value. The debug output
is as follows (excerpt):

pro='0.3807'
usr='mon'
pas='pwprotected'
spc='1'
seq='0'
typ='trap'
grp='ehring'
svc='DNS'
sta='255'
spc='1'
tsp='1110466508'
sum='ehring\20dns\20okay'
dtl='ehring\20dns\20okay'
FROM: <[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL 
PROTECTED]@^@>



The machines that are submitting traps are on a VPN using CIPE with
the CIPEX patch over UDP. Not an unusual configuration, I would
think.

Can you help me out here?

Best regards,

Marko Riedel

-- 
++
| Marko Riedel, EDV Neue Arbeit gGmbH, [EMAIL PROTECTED] |
| http://www.geocities.com/markoriedelde/index.html  |
++

___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon

Re: Upgrading to 1.1.0.

2005-03-10 Thread David Nolan 

--On Thursday, March 10, 2005 3:58 PM +0100 Marko Riedel 
<[EMAIL PROTECTED]> wrote:

} else {
open DEBUG, '>>/tmp/dbg';
print DEBUG $trapbuf . "FROM: <$from>\n";
close DEBUG;
handle_trap ($trapbuf, $from);
}
next;
It turns out that "recv" returns a nonsensical value. The debug output
is as follows (excerpt):

$from isn't a simple string, you need to do something like:
my ($port, $addr) = sockaddr_in ($from);
my $fromip = inet_ntoa ($addr);
-David
David Nolan<*>[EMAIL PROTECTED]
curses: May you be forced to grep the termcap of an unclean yacc while
 a herd of rogue emacs fsck your troff and vgrind your pathalias!
___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon

Re: Upgrading to 1.1.0.

2005-03-10 Thread Marko Riedel 

Hello there,

I moved the debug statement:

if ($intended)
{
   $sref->{"_intended"} = $intended;
}

open DEBUG, '>>/tmp/dbg';
print DEBUG "FROMIP: <$fromip>\n";
close DEBUG;

syslog ('info', "trap $trap{typ} $trap{spc} from " .
"$fromip grp=$trap{grp} svc=$trap{svc}, sta=$trap{sta}\n");

and now I get

FROMIP: <>
FROMIP: <>
FROMIP: <>
FROMIP: <>
FROMIP: <>
FROMIP: <>

Best regards,

Marko

-- 
++
| Marko Riedel, EDV Neue Arbeit gGmbH, [EMAIL PROTECTED] |
| http://www.geocities.com/markoriedelde/index.html  |
++

___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon

Re: Upgrading to 1.1.0.

2005-03-10 Thread David Nolan 

--On Thursday, March 10, 2005 5:22 PM +0100 Marko Riedel 
<[EMAIL PROTECTED]> wrote:

Hello there,
I moved the debug statement:
if ($intended)
{
   $sref->{"_intended"} = $intended;
}
open DEBUG, '>>/tmp/dbg';
print DEBUG "FROMIP: <$fromip>\n";
close DEBUG;
syslog ('info', "trap $trap{typ} $trap{spc} from " .
"$fromip grp=$trap{grp} svc=$trap{svc}, sta=$trap{sta}\n");
and now I get
FROMIP: <>
FROMIP: <>
FROMIP: <>
FROMIP: <>
FROMIP: <>
FROMIP: <>

Interesting...  I wonder what exactly recv is returning and why it's 
failing in this way.  Lets add a bit more debugging.  In handle_trap change
my ($port, $addr) = sockaddr_in ($from);
my $fromip = inet_ntoa ($addr);

To:
my ($port, $addr) = sockaddr_in ($from);
my $fromip = inet_ntoa ($addr);
open DEBUG, '>>/tmp/dbg';
print DEBUG "From paddr family: ".sockaddr_family($from)."\n";
print DEBUG "From paddr: ".Data::Dumper->Dump([\$from],['from'])."\n";
print DEBUG "From port: $port\nFrom iaddr: ".Data::Dumper->Dump([\$addr], 
'addr'])."\n";
print DEBUG "From IP: $fromip\n";


Run that and grab the output.  And then change sockaddr_in to 
unpack_sockaddr_in and grab that output.  Then post both...

-David
David Nolan<*>[EMAIL PROTECTED]
curses: May you be forced to grep the termcap of an unclean yacc while
 a herd of rogue emacs fsck your troff and vgrind your pathalias!
___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon

Re: Upgrading to 1.1.0.

2005-03-10 Thread Jim Trocki 
On Thu, 10 Mar 2005, David Nolan wrote:
$from isn't a simple string, you need to do something like:
yes, so i plucked code from mon to make this separate test program
which receives traps and decodes what recv returns, and it does
just as i expect:
#!/usr/bin/perl
use Socket;
$bindaddr = INADDR_ANY;
$udpproto = getprotobyname ('udp');
socket (TRAPSERVER, PF_INET, SOCK_DGRAM, $udpproto);
bind (TRAPSERVER, sockaddr_in (2583, $bindaddr));
$a = recv (TRAPSERVER, $buf, 65536, 0);
($port, $addr) = sockaddr_in ($a);
$addr = inet_ntoa ($addr);
print "port=$port\n";
print "addr=[$addr]\n";
send a trap to that, and you'll see it report something like
this:
$ ./tst
port=33002
addr=[127.0.0.1]
dunno, i'll have to look at it harder.
___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon