I had a similar problem. I found an e-mail in the archives that recommended turning off compiler optimization when compiling libpcap. Edit the Makefile for libpcap and remove the "-O2" from CCOPTS= variable and try a "make clean; make". -Neil -- Neil Johnson Telecommunications and Network Services The University of Iowa 319 384-0938 (Desk) 319 330-2235 (Cell)
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Bragg Sent: Monday, April 02, 2007 2:22 PM To: [email protected] Subject: [Ntop-misc] Segmentation Fault with ring enabled libpcap Hello, I've ran into a problem with the PF_RING patched version of libpcap. When I run PCOUNT, it processes one packet and then has a segmentation fault. I've made sure that the only libpcap is the PF_RING patched version, before compiling pcount. PFCOUNT runs without error. Here are the steps I took to compile the ring enabled libpcap. I copied the two pcap files from libpcap-0.9.4-ring to libpcap-0.9.4. I modified the libpcap Makefile by adding INCLS=-I/usr/local/include and LIBS=libpfring.a . At this point I copied libpfring.a in the libpcap-0.9.4 directory and the ring enabled libpcap compiles without an error. Then I run 'make install' and the libpcap library is installed. Some of the output from gdb made me think I had faulty memory , but I ran memtest86 and it found no errors with the memory. I'm not sure how to solve the seg fault or what I am doing wrong. In the file attached, I've included a text file of output from troubleshooting, dmesg, strace, and gdb. I need to be able to capture packets on high speed interfaces. Any suggestions or help will be greatly appreciated. Thanks, Mike ### PCOUNT OUTPUT $> ./pcount -v -i eth0 Capturing from eth0 13:13:48.026408 [00:0D:BD:0F:29:89 -> 00:00:0C:07:AC:00] [10.48.192.17 <http://10.48.192.17> -> 172.30.37.103] [caplen=60][len=60] Segmentation fault (core dumped) ### ------------- ### Computer Details - Dell OptiPlex GX260 - P4 2 GHz - 256MB RAM - 18 GB disk space ### ------------- ### Using CRUX linux distro version 2.3 - Ouput from uname -a Linux sniffer 2.6.20.3 #2 SMP PREEMPT Fri Mar 30 14:20:02 EDT 2007 i686 pentium4 i386 GNU/Linux - PF_RING version 3.4.1 - Libpcap 0.9.4 ### ------------- ### DMESG OUTPUT for PF_RING module Welcome to PF_RING 3.4.1 (C) 2004-07 L.Deri < <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] > NET: Registered protocol family 27 PF_RING: bucket length 128 bytes PF_RING: ring slots 4096 PF_RING: sample rate 1 [1=no sampling] PF_RING: capture TX Yes [RX+TX] PF_RING: transparent mode Yes PF_RING initialized correctly. PF_RING: registered /proc/net/pf_ring/ ### ------------- ### PROC INFO for PF_RING Version : 3.4.1 Bucket length : 128 bytes Ring slots : 4096 Sample rate : 1 [1=no sampling] Capture TX : Yes [RX+TX] Total rings : 0 ### ------------- ### STRACE for pcount -v -i eth0 execve("./pcount", ["./pcount", "-v", "-i", "eth0"], [/* 19 vars */]) = 0 brk(0) = 0x806b000 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6d000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=24798, ...}) = 0 mmap2(NULL, 24798, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f66000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20Y\1\000"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1229216, ...}) = 0 mmap2(NULL, 1205660, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e3f000 mmap2(0xb7f60000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x121) = 0xb7f60000 mmap2(0xb7f63000, 9628, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f63000 close(3) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7e3e000 set_thread_area({entry_number:-1 -> 6, base_addr:0xb7e3e6c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 mprotect(0xb7f60000, 4096, PROT_READ) = 0 mprotect(0xb7f88000, 4096, PROT_READ) = 0 munmap(0xb7f66000, 24798) = 0 time(NULL) = 1175531617 brk(0) = 0x806b000 brk(0x808c000) = 0x808c000 open("/etc/localtime", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=1267, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6c000 read(3, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0"..., 4096) = 1267 close(3) = 0 munmap(0xb7f6c000, 4096) = 0 fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(4, 1), ...}) = 0 ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6c000 write(1, "Capturing from eth0\n", 20) = 20 socket(0x1b /* PF_??? */, SOCK_RAW, 768) = 3 bind(3, {sa_family=0x1b /* AF_??? */, sa_data="eth0\0\267\0\0\0\0(\263\373\277"}, 16) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0xb7f6b000 munmap(0xb7f6b000, 4096) = 0 mmap2(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0xb7d3e000 socket(PF_PACKET, SOCK_RAW, 768) = 4 ioctl(4, SIOCGIFFLAGS, {ifr_name="eth0", ifr_flags=IFF_UP|IFF_BROADCAST|IFF_RUNNING|IFF_PROMISC|IFF_MULTICAST}) = 0 ioctl(4, SIOCSIFFLAGS, 0xbffbb030) = 0 close(4) = 0 rt_sigaction(SIGINT, {0x8049702, [INT], SA_RESTART}, {SIG_DFL}, 8) = 0 write(1, "12:33:37.097514 [00:0E:84:1C:55:"..., 108) = 108 gettimeofday({1175531617, 103930}, NULL) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV (core dumped) +++ ### ------------- ### GDB output $> gdb ./pcount ./core GNU gdb 6.6 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... Using host libthread_db library "/lib/libthread_db.so.1". warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld- linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Core was generated by `./pcount -v -i eth0'. Program terminated with signal 11, Segmentation fault. #0 0x05d6ed4d in ?? () (gdb) run Starting program: /usr/src/mypfring/PF_RING/userland/pcount/pcount Capturing from eth0 Program received signal SIGSEGV, Segmentation fault. 0x05d6ed4d in ?? () (gdb) where #0 0x05d6ed4d in ?? () #1 0x0806b958 in ?? () #2 0xffffffff in ?? () #3 0x080499ec in proto2str (proto=Cannot access memory at address 0xa46cb85) at pcount.c:205 Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) quit The program is running. Exit anyway? (y or n) y $> ### -------------
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
