Hi,we've been using nfdump/NfSen for several years, but until yesterday I wasn't responsible for the software itself. We had been using nfdump 1.5.4 and all our devices were exporting netflow version 5. Because I now want to support IPv6 as well I upgraded to 1.6.10. I configured nfdump on a RHEL 5 system like this:
./configure --enable-nsel --enable-compat15 --enable-nfprofileThen I changed one of our routers to export netflow version 9 and enabled flows for IPv6. Now I'm getting crashes when I try to use nfdump on nfcapd files from that router, e.g.:
nfdump -r /var/local/nfsen/profiles/live/bordergw/nfcapd.201305211525 -c 1 'proto tcp' Date first seen Event XEvent Proto Src IP Addr:Port Dst IP Addr:Port X-Src IP Addr:Port X-Dst IP Addr:Port In Byte Out Byte
Verify map id 0: ERROR: Expected 7 elements in map, but found 2!2013-05-21 15:24:42.820 IGNORE Ignore TCP REDACTED:58335 -> REDACTED:445 0.0.0.0:0 -> 0.0.0.0:445 48 0 Summary: total flows: 1, total bytes: 48, total packets: 1, avg bps: 0, avg pps: 0, avg bpp: 0
Time window: 2013-05-21 15:23:47 - 2013-05-21 15:29:58 Total flows processed: 18701, Blocks skipped: 0, Bytes read: 1048560 Sys: 0.009s flows/second: 1870474.1 Wall: 0.003s flows/second: 4813642.2 *** glibc detected *** nfdump: free(): invalid pointer: 0x0944c848 *** ======= Backtrace: ========= /lib/libc.so.6[0x4fec65] /lib/libc.so.6(cfree+0x59)[0x502c59] nfdump[0x80615bf] nfdump[0x804aca6] /lib/libc.so.6(__libc_start_main+0xdc)[0x4aaebc] nfdump[0x80494a1] ======= Memory map: ======== 00410000-00411000 r-xp 00410000 00:00 0 [vdso] 00476000-00491000 r-xp 00000000 08:01 870123 /lib/ld-2.5.so 00491000-00492000 r-xp 0001a000 08:01 870123 /lib/ld-2.5.so 00492000-00493000 rwxp 0001b000 08:01 870123 /lib/ld-2.5.so 00495000-005ec000 r-xp 00000000 08:01 870125 /lib/libc-2.5.so 005ec000-005ee000 r-xp 00156000 08:01 870125 /lib/libc-2.5.so 005ee000-005ef000 rwxp 00158000 08:01 870125 /lib/libc-2.5.so 005ef000-005f2000 rwxp 005ef000 00:00 0 006e7000-006f8000 r-xp 00000000 08:01 870295 /lib/libresolv-2.5.so 006f8000-006f9000 r-xp 00010000 08:01 870295 /lib/libresolv-2.5.so 006f9000-006fa000 rwxp 00011000 08:01 870295 /lib/libresolv-2.5.so 006fa000-006fc000 rwxp 006fa000 00:00 005716000-05721000 r-xp 00000000 08:01 870280 /lib/libgcc_s-4.1.2-20080825.so.1 05721000-05722000 rwxp 0000a000 08:01 870280 /lib/libgcc_s-4.1.2-20080825.so.1
08048000-08079000 r-xp 00000000 08:01 1069771 /usr/local/bin/nfdump 08079000-0807c000 rw-p 00031000 08:01 1069771 /usr/local/bin/nfdump 0807c000-08091000 rw-p 0807c000 00:00 0 0944b000-0946c000 rw-p 0944b000 00:00 0 [heap] b74b1000-b79b2000 rw-p b74b1000 00:00 0 b7eb3000-b7ef6000 rw-p b7eb3000 00:00 0 b7f01000-b7f02000 rw-p b7f01000 00:00 0 bfaba000-bfacf000 rw-p bffe9000 00:00 0 [stack] Aborted Verifying the file shows no errors, as far as I can tell:nfdump -v /var/local/nfsen/profiles/live/bordergw/nfcapd.201305211525
File : /var/local/nfsen/profiles/live/bordergw/nfcapd.201305211525 Version : 1 - compressed Blocks : 70 Type 1 : 0 Type 2 : 70 Type 3 : 0 Records : 1262294What's more, there don't seem to be any IPv6 flows. Any ideas or suggestions?
Cheers,
Sebastian
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
p7saoo_7jPjPM.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
