This is a bit of a cross-post from the Bro NSM list, but I'm not sure if
the problem I'm running into is with Bro, PF_RING or my RHEL 6.6
environment. I was originally attempting to compile and install PF_RING
6.0.2 stable, but found that the DNA drivers would not compile without
errors, so I grabbed PF_RING 6.0.3 (9009) from SVN which has newer
drivers amongst other things and this appeared to compile fine. The
problem comes when I try to run Bro against pfdnacluster_master I see a
segfault after a handful of packets get processed. I was able to grab a
backtrace with gdb and was thinking the output might have more meaning
to the pfring team. I do have DNA and libzero licenses installed. I'm
unsure why there is file not found message as the PF_RING source is
present and in my path. I also have PF_RING installed and not just
running out of the build location. I'm running nprobe and suricata fine
against the same PF_RING version on other systems. I can also run
pfcount against dnacluster:21@0 for example without a segfault.
Here is a quick gdb session with a backtrace of when I run bro -i
dnacluster:21@0 when it encounters a segfault:
# gdb /nsm/bro/bin/bro
GNU gdb (GDB) SLES Expanded Support platform (7.2-75.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.
html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /nsm/bro/bin/bro...done.
(gdb) run -i dnacluster:21@0
Starting program: /nsm/bro/bin/bro -i dnacluster:21@0
[Thread debugging using libthread_db enabled]
listening on dnacluster:21@0, capture length 8192 bytes
[New Thread 0x7fff20fd0700 (LWP 36513)]
[New Thread 0x7fff1bfff700 (LWP 36514)]
[New Thread 0x7fff1b5fe700 (LWP 36515)]
[New Thread 0x7fff1abfd700 (LWP 36516)]
[New Thread 0x7fff1a1fc700 (LWP 36517)]
[New Thread 0x7fff197fb700 (LWP 36518)]
[New Thread 0x7fff18dfa700 (LWP 36519)]
[New Thread 0x7fff03fff700 (LWP 36520)]
[New Thread 0x7fff035fe700 (LWP 36521)]
[New Thread 0x7fff02bfd700 (LWP 36522)]
[New Thread 0x7fff021fc700 (LWP 36523)]
[New Thread 0x7fff017fb700 (LWP 36524)]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7959506 in pcap_read_packet (handle=0x2631640,
callback=0x7ffff795d720 <pcap_oneshot>, userdata=0x7fffffffda20
"p\025c\002") at ./pcap-linux.c:1807
1807 ./pcap-linux.c: No such file or directory.
in ./pcap-linux.c
Missing separate debuginfos, use: debuginfo-install
GeoIP-1.5.1-5.el6.x86_64 glibc-2.12-1.149.el6_6.5.x86_64
keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-33.el6.x86_64
libcom_err-1.41.12-21.el6.x86_64 libgcc-4.4.7-11.el6.x86_64
libselinux-2.0.94-5.8.el6.x86_64 libstdc++-4.4.7-11.el6.x86_64
numactl-2.0.9-2.el6.x86_64 openssl-1.0.1e-30.el6_6.5.x86_64
zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x00007ffff7959506 in pcap_read_packet (handle=0x2631640,
callback=0x7ffff795d720 <pcap_oneshot>, userdata=0x7fffffffda20
"p\025c\002") at ./pcap-linux.c:1807
#1 0x00007ffff795d79b in pcap_next (p=<value optimized out>, h=<value
optimized out>) at ./pcap.c:218
#2 0x0000000000a4a490 in iosource::pcap::PcapSource::ExtractNextPacket
(this=0x2631430, pkt=0x2631468) at/nsm/bro/git/bro2.3-419/bro/
src/iosource/pcap/Source.cc:151
#3 0x0000000000a7580c in iosource::PktSrc::ExtractNextPacketInternal
(this=0x2631430) at /nsm/bro/git/bro2.3-419/bro/src/iosource/PktSrc.cc:432
#4 0x0000000000a7511b in iosource::PktSrc::NextTimestamp
(this=0x2631430, local_network_time=0x7fffffffdcb8) at
/nsm/bro/git/bro2.3-419/bro/src/iosource/PktSrc.cc:241
#5 0x0000000000a71193 in iosource::Manager::FindSoonest (this=0xf29bc0,
ts=0x7fffffffddc8) at/nsm/bro/git/bro2.3-419/bro/
src/iosource/Manager.cc:82
#6 0x00000000007895d1 in net_run () at/nsm/bro/git/bro2.3-419/bro/
src/Net.cc:301
#7 0x00000000006d8ed7 in main (argc=3, argv=0x7fffffffe498) at
/nsm/bro/git/bro2.3-419/bro/src/main.cc:1200
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
