Stig Thormodsrud
Mon, 17 Aug 2009 20:31:15 -0700
I'm getting a segv fault when using the following conf file: s...@io:~/git/pmacct-0.11.4/src$ cat pm.conf daemonize: false debug: true promisc: true pidfile: /var/run/pmacctd-eth0.pid imt_path: /tmp/pmacctd-eth0.pipe aggregate: src_host,dst_host,proto,src_port,dst_port,tos,flows interface: eth0 !syslog: daemon pcap_filter: !ether src 00:15:17:0b:d2:16 plugins: memory,sfprobe sfprobe_agentsubid: 5 sfprobe_receiver: 172.16.117.25:6343
s...@io:~/git/pmacct-0.11.4/src$ sudo ./pmacctd -f pm.conf
INFO ( default/memory ): 131070 bytes are available to address shared
memory segment; buffer size is 132 bytes.
INFO ( default/memory ): Trying to allocate a shared memory segment of
4325244 bytes.
INFO ( default/sfprobe ): Pipe size obtained: 131070 / 49348.
OK ( default/core ): link type is: 1
DEBUG ( default/sfprobe ): Creating sFlow agent.
INFO ( default/sfprobe ): Exporting flows to [172.16.117.25]:6343
INFO ( default/sfprobe ): Sampling at: 1/1
DEBUG ( default/memory ): allocating a new memory segment.
DEBUG ( default/memory ): allocating a new memory segment.
OK ( default/memory ): waiting for data on: '/tmp/pmacctd-eth0.pipe'
DEBUG ( default/memory ): Selecting bucket 16151.
Segmentation fault
In gdb it stops at:
(gdb) run -f pm.conf
Starting program: /home/stig/git/pmacct-0.11.4/src/pmacctd -f pm.conf
[Thread debugging using libthread_db enabled]
INFO ( default/memory ): 131070 bytes are available to address shared
memory segment; buffer size is 132 bytes.
INFO ( default/memory ): Trying to allocate a shared memory segment of
4325244 bytes.
INFO ( default/sfprobe ): Pipe size obtained: 131070 / 49348.
DEBUG ( default/memory ): allocating a new memory segment.
DEBUG ( default/sfprobe ): Creating sFlow agent.
INFO ( default/sfprobe ): Exporting flows to [172.16.117.25]:6343
INFO ( default/sfprobe ): Sampling at: 1/1
DEBUG ( default/memory ): allocating a new memory segment.
OK ( default/memory ): waiting for data on: '/tmp/collect.pipe'
OK ( default/core ): link type is: 1
[New Thread 0xb788fa90 (LWP 23213)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb788fa90 (LWP 23213)]
0x080649f3 in src_port_handler (chptr=0x80c3ce0, pptrs=0xbf90dca8,
data=0xbf90dc6c) at pkt_handlers.c:353
(gdb)
(gdb) where
#0 0x080649f3 in src_port_handler (chptr=0x80c3ce0, pptrs=0xbf90dca8,
data=0xbf90dc6c) at pkt_handlers.c:353
#1 0x0805d218 in exec_plugins (pptrs=0xbf90dca8) at plugin_hooks.c:219
#2 0x08059b72 in pcap_cb (user=0xbf90de8c "\031\"", pkthdr=0xbf90dd88,
buf=0x883d1ba "") at pmacctd.c:665
#3 0xb7ebbd45 in ?? () from /usr/lib/libpcap.so.0.8
#4 0xbf90de8c in ?? ()
#5 0xbf90dd88 in ?? ()
#6 0x0883d1ba in ?? ()
#7 0x00000020 in ?? ()
#8 0xbf90dd74 in ?? ()
#9 0xbf90dd98 in ?? ()
#10 0x00000000 in ?? ()
(gdb)
(gdb) p *pptrs
$1 = {pkthdr = 0xbf90dd88, f_agent = 0xb7e52219 "SMP", f_header = 0x0,
f_data = 0x1 <Address 0x1 out of bounds>, f_tpl = 0x0, f_status = 0x1
<Address 0x1 out of bounds>, idtable = 0x0, bpas_table = 0x756e694c
<Address 0x756e694c out of bounds>, bta_table = 0xbf90e09c "\220\223",
packet_ptr = 0x883d1ba "", mac_ptr = 0x883d1ba "", l3_proto = 2048,
l3_handler = 0x8059c77 <ip_handler>, l4_proto = 6, tag = 0, bpas = 0, bta
= 0, bgp_src = 0xb78900f0 "\003\210\020ii\r", bgp_dst = 0x1 <Address 0x1
out of bounds>, bgp_peer = 0x1 <Address 0x1 out of bounds>, pf = 0,
new_flow = 0 '\0', tcp_flags = 0 '\0', vlan_ptr = 0x0, mpls_ptr = 0x0,
iph_ptr = 0x883d1c8 "E", tlh_ptr = 0x29370 <Address 0x29370 out of
bounds>, payload_ptr = 0x0, class = 0, cst = {tentatives = 20 '\024',
stamp = {tv_sec = 0, tv_usec = 0}, ba = 3213942184, pa = 25312, fa = 240
''}, shadow = 0 '\0', tag_dist = 1 '\001'}
(gdb)
void src_port_handler(struct channels_list_entry *chptr, struct
packet_ptrs *pptrs, char **data)
{
struct pkt_data *pdata = (struct pkt_data *) *data;
if (pptrs->l4_proto == IPPROTO_UDP || pptrs->l4_proto == IPPROTO_TCP)
pdata->primitives.src_port = ntohs(((struct my_tlhdr *)
pptrs->tlh_ptr)->src_port);
else pdata->primitives.src_port = 0;
}
Seems like the problem is dereferencing pptrs->tlh_ptr in
src_port_handler(). If I reverse the plugins to "sfprobe,memory" or
remove the memory plugin, the it works. Could the memory plugin be
corrupting pptrs->tlh_ptr ?
Anyone else seeing this? If I get a chance I'll dig more into this
tomorrow.
stig
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists