Hello,
I've been having a lot of crashes with ntop recently - ntop runs for a few
hours or even a few minutes and crashes. This happens both with a recent CVS
and with the official 3.0 release.
This morning it started crashing repeatedly after only a few minutes so I
decided to try to run it with gdb.
So I ran "ntop v.3.0 SourceForge .tgz MT (SSL)" (compiled on a RedHat
Enterprise 3 AS box) as described in the "GDB ultraMini-tutorial" in the
FAQ, and 3 times in a row, ntop crashed with a segmentation fault after a
few minutes with the following messages in the logs:
Oct 25 15:13:25 gbp2 ntop[7381]: [MSGID0698363] **WARNING** Error: bad
magic number (expected=1968/real=1190)
Oct 25 15:13:25 gbp2 ntop[7381]: [MSGID9086971] **WARNING** Error: wrong
bucketIdx :54:0D:70/13.2 (expected=1190/real=0)
Here is the gdb session (I replaced our actual IP addresses with xxx.xxx)
[EMAIL PROTECTED] run]# gdb /usr/local/ntop3/bin/ntop
GNU gdb Red Hat Linux (6.1post-1.20040607.17rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db
library "/lib/tls/libthread_db.so.1".
(gdb) set args --user root --db-file-path /var/ntop/3.0 -i eth1 -m
xxx.xxx.0.0/16,xxx.xxx.xxx.0/22, xxx.xxx.xxx.0/23, xxx.xxx.xxx.0/24
--trace-level 5 --use-syslog=local2 --http-server 3003
--filter-expression-in-extra-frame --no-mac --track-local-hosts
--max-table-rows 50 --refresh-time 300 --access-log-file
/var/run/ntop/3.0/access.log --skip-version-check -K
(gdb) run
Starting program: /usr/local/ntop3/bin/ntop --user root --db-file-path
/var/ntop/3.0 -i eth1 -m
xxx.xxx.0.0/16,xxx.xxx.xxx.0/22,xxx.xxx.xxx.0/23,xxx.xxx.xxx.0/24
--trace-level 5 --use-syslog=local2 --http-server 3003
--filter-expression-in-extra-frame --no-mac --track-local-hosts
--max-table-rows 50 --refresh-time 300 --access-log-file
/var/run/ntop/3.0/access.log --skip-version-check -K
[Thread debugging using libthread_db enabled]
[New Thread -1218554080 (LWP 7381)]
[New Thread 43629488 (LWP 7390)]
[New Thread 56220592 (LWP 7391)]
[New Thread 81742768 (LWP 7392)]
[New Thread 70810544 (LWP 7393)]
[New Thread 92232624 (LWP 7394)]
[Thread 92232624 (LWP 7394) exited]
[New Thread 130137008 (LWP 7395)]
[New Thread 102722480 (LWP 7396)]
[New Thread 113212336 (LWP 7397)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 113212336 (LWP 7397)]
0x00cadaaa in lookupHost (hostIpAddress=0x6bf5570, ether_addr=0x6bf5900 "",
checkForMultihoming=1 '\001', forceUsingIPaddress=0 '\0', actualDeviceId=0)
at hash.c:890
890 if(el->magic != CONST_MAGIC_NUMBER) {
(gdb) bt
#0 0x00cadaaa in lookupHost (hostIpAddress=0x6bf5570, ether_addr=0x6bf5900
"", checkForMultihoming=1 '\001', forceUsingIPaddress=0 '\0',
actualDeviceId=0) at hash.c:890
#1 0x00cb8a68 in processIpPkt (bp=0x6bf595e "E", h=0x6bf79e0, length=80,
ether_src=0x6bf5906 "", ether_dst=0x6bf5900 "", actualDeviceId=0, vlanId=-1)
at pbuf.c:982
#2 0x00cbea92 in processPacket (_deviceId=0x0, h=0x6bf79e0, p=0x6bf5950 "")
at pbuf.c:3162
#3 0x00cbc1fb in queuePacket (_deviceId=0x0, h=0x6bf79e0, p=0x81c06ca "")
at pbuf.c:2108
#4 0x00a5631a in pcap_read () from /usr/lib/libpcap.so.0.6.2
#5 0x00a5783b in pcap_dispatch () from /usr/lib/libpcap.so.0.6.2
#6 0x00cb4188 in pcapDispatch (_i=0x50) at ntop.c:82
#7 0x0021adec in start_thread () from /lib/tls/libpthread.so.0
#8 0x0081519a in clone () from /lib/tls/libc.so.6
(gdb) print *hostIpAddress
$1 = {hostFamily = 2, addr = {_hostIp4Address = {s_addr = yyyyyyyyyy},
_hostIp6Address = {in6_u = {u6_addr8 =
"\002\r�\204\001\000\000\000\000\000\000\000\001\000\000",
u6_addr16 = {3330, 34002, 1, 0, 0, 0, 1, 0}, u6_addr32 =
{yyyyyyyyyy, 1, 0, 1}}}}}
(gdb) print idx
$2 = 1190
(gdb) print el
$3 = (HostTraffic *) 0x1009
(gdb) print *el
Cannot access memory at address 0x1009
(gdb) print el->hostTrafficBucket
Cannot access memory at address 0x100d
(gdb)
(the s_addr = yyyyyyyyyy was an actual number that I hid - it contained a
valid IP address from one of the nets named in the -m argument)
What I understand is that it seems that "el" contains a value that is
illegal (0x1009). So el->magic is an access to an invalid address and the
program crashes. The value of el comes from the following statement on line
887 of hash.c:
el = myGlobals.device[actualDeviceId].hash_hostTraffic[idx];
I'm pretty new to gdb - I don't really know what to do next. What would be
the next step in figuring out what's happening?
Any help would be greatly appreciated.
Regards,
Marc Mazuhelli
Computer security analyst
Service des technologies de l'information
Universit� de Sherbrooke
_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
