Stig Thormodsrud
Tue, 18 Aug 2009 08:27:47 -0700
Great! Thanks for the quick fix. stig
> Hi Stig,
>
> thanks very much for having reported the issue. This is now solved
> in the CVS. I managed to reproduce it.
>
> It was lying in the fact that initialization of the sfprobe plugin
> was explicitely disabling the IP fragment handler in pmacctd; this
> was causing the IMT plugin, configured with L4 primitives (src_port
> for example), to crash because it expects the IP fragment handler
> to be there.
>
> The one-liner fix basically avoids sfprobe to turn the IP fragment
> handler off in case it was previously turned on (hence you see the
> position of the plugins was relevant) as part of operations of a
> concurrent plugin.
>
> Cheers,
> Paolo
>
>
> On Mon, Aug 17, 2009 at 08:27:51PM -0700, Stig Thormodsrud wrote:
> > I'm getting a segv fault when using the following conf file:
> >
> > s...@io:~/git/pmacct-0.11.4/src$ cat pm.conf
> > daemonize: false
> > debug: true
> > promisc: true
> > pidfile: /var/run/pmacctd-eth0.pid
> > imt_path: /tmp/pmacctd-eth0.pipe
> > aggregate: src_host,dst_host,proto,src_port,dst_port,tos,flows
> > interface: eth0
> > !syslog: daemon
> > pcap_filter: !ether src 00:15:17:0b:d2:16
> > plugins: memory,sfprobe
> > sfprobe_agentsubid: 5
> > sfprobe_receiver: 172.16.117.25:6343
> >
> > s...@io:~/git/pmacct-0.11.4/src$ sudo ./pmacctd -f pm.conf
> > INFO ( default/memory ): 131070 bytes are available to address shared
> > memory segment; buffer size is 132 bytes.
> > INFO ( default/memory ): Trying to allocate a shared memory segment of
> > 4325244 bytes.
> > INFO ( default/sfprobe ): Pipe size obtained: 131070 / 49348.
> > OK ( default/core ): link type is: 1
> > DEBUG ( default/sfprobe ): Creating sFlow agent.
> > INFO ( default/sfprobe ): Exporting flows to [172.16.117.25]:6343
> > INFO ( default/sfprobe ): Sampling at: 1/1
> > DEBUG ( default/memory ): allocating a new memory segment.
> > DEBUG ( default/memory ): allocating a new memory segment.
> > OK ( default/memory ): waiting for data on: '/tmp/pmacctd-eth0.pipe'
> > DEBUG ( default/memory ): Selecting bucket 16151.
> > Segmentation fault
> >
> >
> > In gdb it stops at:
> >
> > (gdb) run -f pm.conf
> > Starting program: /home/stig/git/pmacct-0.11.4/src/pmacctd -f pm.conf
> > [Thread debugging using libthread_db enabled]
> > INFO ( default/memory ): 131070 bytes are available to address shared
> > memory segment; buffer size is 132 bytes.
> > INFO ( default/memory ): Trying to allocate a shared memory segment of
> > 4325244 bytes.
> > INFO ( default/sfprobe ): Pipe size obtained: 131070 / 49348.
> > DEBUG ( default/memory ): allocating a new memory segment.
> > DEBUG ( default/sfprobe ): Creating sFlow agent.
> > INFO ( default/sfprobe ): Exporting flows to [172.16.117.25]:6343
> > INFO ( default/sfprobe ): Sampling at: 1/1
> > DEBUG ( default/memory ): allocating a new memory segment.
> > OK ( default/memory ): waiting for data on: '/tmp/collect.pipe'
> > OK ( default/core ): link type is: 1
> > [New Thread 0xb788fa90 (LWP 23213)]
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > [Switching to Thread 0xb788fa90 (LWP 23213)]
> > 0x080649f3 in src_port_handler (chptr=0x80c3ce0, pptrs=0xbf90dca8,
> > data=0xbf90dc6c) at pkt_handlers.c:353
> > (gdb)
> > (gdb) where
> > #0 0x080649f3 in src_port_handler (chptr=0x80c3ce0, pptrs=0xbf90dca8,
> > data=0xbf90dc6c) at pkt_handlers.c:353
> > #1 0x0805d218 in exec_plugins (pptrs=0xbf90dca8) at
plugin_hooks.c:219
> > #2 0x08059b72 in pcap_cb (user=0xbf90de8c "\031\"",
pkthdr=0xbf90dd88,
> > buf=0x883d1ba "") at pmacctd.c:665
> > #3 0xb7ebbd45 in ?? () from /usr/lib/libpcap.so.0.8
> > #4 0xbf90de8c in ?? ()
> > #5 0xbf90dd88 in ?? ()
> > #6 0x0883d1ba in ?? ()
> > #7 0x00000020 in ?? ()
> > #8 0xbf90dd74 in ?? ()
> > #9 0xbf90dd98 in ?? ()
> > #10 0x00000000 in ?? ()
> > (gdb)
> > (gdb) p *pptrs
> > $1 = {pkthdr = 0xbf90dd88, f_agent = 0xb7e52219 "SMP", f_header = 0x0,
> > f_data = 0x1 <Address 0x1 out of bounds>, f_tpl = 0x0, f_status = 0x1
> > <Address 0x1 out of bounds>, idtable = 0x0, bpas_table = 0x756e694c
> > <Address 0x756e694c out of bounds>, bta_table = 0xbf90e09c "\220\223",
> > packet_ptr = 0x883d1ba "", mac_ptr = 0x883d1ba "", l3_proto = 2048,
> > l3_handler = 0x8059c77 <ip_handler>, l4_proto = 6, tag = 0, bpas = 0,
> bta
> > = 0, bgp_src = 0xb78900f0 "\003\210\020ii\r", bgp_dst = 0x1 <Address
0x1
> > out of bounds>, bgp_peer = 0x1 <Address 0x1 out of bounds>, pf = 0,
> > new_flow = 0 '\0', tcp_flags = 0 '\0', vlan_ptr = 0x0, mpls_ptr = 0x0,
> > iph_ptr = 0x883d1c8 "E", tlh_ptr = 0x29370 <Address 0x29370 out of
> > bounds>, payload_ptr = 0x0, class = 0, cst = {tentatives = 20 '\024',
> > stamp = {tv_sec = 0, tv_usec = 0}, ba = 3213942184, pa = 25312, fa =
240
> > ''}, shadow = 0 '\0', tag_dist = 1 '\001'}
> > (gdb)
> >
> > void src_port_handler(struct channels_list_entry *chptr, struct
> > packet_ptrs *pptrs, char **data)
> > {
> > struct pkt_data *pdata = (struct pkt_data *) *data;
> >
> > if (pptrs->l4_proto == IPPROTO_UDP || pptrs->l4_proto ==
IPPROTO_TCP)
> > pdata->primitives.src_port = ntohs(((struct my_tlhdr *)
> > pptrs->tlh_ptr)->src_port);
> > else pdata->primitives.src_port = 0;
> > }
> >
> >
> > Seems like the problem is dereferencing pptrs->tlh_ptr in
> > src_port_handler(). If I reverse the plugins to "sfprobe,memory" or
> > remove the memory plugin, the it works. Could the memory plugin be
> > corrupting pptrs->tlh_ptr ?
> >
> > Anyone else seeing this? If I get a chance I'll dig more into this
> > tomorrow.
> >
> > stig
>
>
>
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists