Cool, thanks! I use nfdump-1.6.16_1 They installed this version of nfdump on many servers. Only on one server, I see core dump. Nfdump installed on FreeBSD box and traffic comes from centos OS. Where I must run nfdump . on FreeBSD box or Centos box? I want know which packages can make cordump. For example which package like tcp or udp packages make core dump? If I run tcpdump how I understand which packet make core dump?
Best Regards Faridi MyWebSite http://mfaridi.com On Thu, 29 Oct 2020, 14:29 Brian Candler, <b.cand...@pobox.com> wrote: > On 28/10/2020 11:46, Mostaf Faridi wrote: > > Hi, > > I use nfdump 1.6 > > That must be very old then. The current version is 1.6.20. I'd start > by upgrading to that. > > > > Sometimes I see this error > > Kernel:pid 75614 (nfdump),uid 0:exited on signal 11 (core dumped) > > > > Kernel:pid 76732 (nfdump), uid 0:exited on signal 10 (core dumped) > > > > I want know which packet make core dump? > > You can use gdb to read the core dump and tell you exactly what line of > code crashed, and inspect all the variables, which will let you work out > the code path and hence the packet. > > Alternatively, you could capture a load of packets at the same time > (e.g. with tcpdump -w file.pcap ...), and then replay them to nfdump > (nfdump -r file.pcap) until you find the offending packet. > > It might not even be a bad packet. signal 11 (SEGV) can also be caused > by hardware errors, e.g. bad RAM. But if you only see this with nfdump, > and not when doing something else which stresses the CPU (e.g. compiling > a kernel), then it's probably nfdump. >
_______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
