This is definitely strange, I should take a look at the bro code to see what it does, is this happening with “dnacluster:X" interafaces only?
Alfredo > On 25 Feb 2015, at 17:12, Gary Faulkner <[email protected]> wrote: > > pcount appears to work fine and doesn't produce any sort of segfault or crash. > > On 2/25/2015 2:48 AM, Alfredo Cardigliano wrote: >> Hi Gary >> I do not see anything obvious from the trace, could you try also with pcount >> (without f, that is our sample application over pcap), >> to figure out where the problem could be? >> >> Thank you >> Alfredo >> >>> On 24 Feb 2015, at 23:38, Gary Faulkner <[email protected]> >>> <mailto:[email protected]> wrote: >>> >>> This is a bit of a cross-post from the Bro NSM list, but I'm not sure if >>> the problem I'm running into is with Bro, PF_RING or my RHEL 6.6 >>> environment. I was originally attempting to compile and install PF_RING >>> 6.0.2 stable, but found that the DNA drivers would not compile without >>> errors, so I grabbed PF_RING 6.0.3 (9009) from SVN which has newer drivers >>> amongst other things and this appeared to compile fine. The problem comes >>> when I try to run Bro against pfdnacluster_master I see a segfault after a >>> handful of packets get processed. I was able to grab a backtrace with gdb >>> and was thinking the output might have more meaning to the pfring team. I >>> do have DNA and libzero licenses installed. I'm unsure why there is file >>> not found message as the PF_RING source is present and in my path. I also >>> have PF_RING installed and not just running out of the build location. I'm >>> running nprobe and suricata fine against the same PF_RING version on other >>> systems. I can also run pfcount against >>> dnaclus >>> ter:21@0 for example without a segfault. >>> >>> Here is a quick gdb session with a backtrace of when I run bro -i >>> dnacluster:21@0 when it encounters a segfault: >>> >>> # gdb /nsm/bro/bin/bro >>> GNU gdb (GDB) SLES Expanded Support platform (7.2-75.el6) >>> Copyright (C) 2010 Free Software Foundation, Inc. >>> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl. >>> html> <http://gnu.org/licenses/gpl.html> >>> This is free software: you are free to change and redistribute it. >>> There is NO WARRANTY, to the extent permitted by law. Type "show copying" >>> and "show warranty" for details. >>> This GDB was configured as "x86_64-redhat-linux". >>> For bug reporting instructions, please see: >>> <http://www.gnu.org/software/gdb/bugs/> >>> <http://www.gnu.org/software/gdb/bugs/>... >>> Reading symbols from /nsm/bro/bin/bro...done. >>> (gdb) run -i dnacluster:21@0 >>> Starting program: /nsm/bro/bin/bro -i dnacluster:21@0 >>> [Thread debugging using libthread_db enabled] >>> listening on dnacluster:21@0, capture length 8192 bytes >>> >>> [New Thread 0x7fff20fd0700 (LWP 36513)] >>> [New Thread 0x7fff1bfff700 (LWP 36514)] >>> [New Thread 0x7fff1b5fe700 (LWP 36515)] >>> [New Thread 0x7fff1abfd700 (LWP 36516)] >>> [New Thread 0x7fff1a1fc700 (LWP 36517)] >>> [New Thread 0x7fff197fb700 (LWP 36518)] >>> [New Thread 0x7fff18dfa700 (LWP 36519)] >>> [New Thread 0x7fff03fff700 (LWP 36520)] >>> [New Thread 0x7fff035fe700 (LWP 36521)] >>> [New Thread 0x7fff02bfd700 (LWP 36522)] >>> [New Thread 0x7fff021fc700 (LWP 36523)] >>> [New Thread 0x7fff017fb700 (LWP 36524)] >>> >>> Program received signal SIGSEGV, Segmentation fault. >>> 0x00007ffff7959506 in pcap_read_packet (handle=0x2631640, >>> callback=0x7ffff795d720 <pcap_oneshot>, userdata=0x7fffffffda20 >>> "p\025c\002") at ./pcap-linux.c:1807 >>> 1807 ./pcap-linux.c: No such file or directory. >>> in ./pcap-linux.c >>> Missing separate debuginfos, use: debuginfo-install >>> GeoIP-1.5.1-5.el6.x86_64 glibc-2.12-1.149.el6_6.5.x86_64 >>> keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-33.el6.x86_64 >>> libcom_err-1.41.12-21.el6.x86_64 libgcc-4.4.7-11.el6.x86_64 >>> libselinux-2.0.94-5.8.el6.x86_64 libstdc++-4.4.7-11.el6.x86_64 >>> numactl-2.0.9-2.el6.x86_64 openssl-1.0.1e-30.el6_6.5.x86_64 >>> zlib-1.2.3-29.el6.x86_64 >>> (gdb) bt >>> #0 0x00007ffff7959506 in pcap_read_packet (handle=0x2631640, >>> callback=0x7ffff795d720 <pcap_oneshot>, userdata=0x7fffffffda20 >>> "p\025c\002") at ./pcap-linux.c:1807 >>> #1 0x00007ffff795d79b in pcap_next (p=<value optimized out>, h=<value >>> optimized out>) at ./pcap.c:218 >>> #2 0x0000000000a4a490 in iosource::pcap::PcapSource::ExtractNextPacket >>> (this=0x2631430, pkt=0x2631468) at/nsm/bro/git/bro2.3-419/bro/ >>> src/iosource/pcap/Source.cc:151 >>> #3 0x0000000000a7580c in iosource::PktSrc::ExtractNextPacketInternal >>> (this=0x2631430) at /nsm/bro/git/bro2.3-419/bro/src/iosource/PktSrc.cc:432 >>> #4 0x0000000000a7511b in iosource::PktSrc::NextTimestamp >>> (this=0x2631430, local_network_time=0x7fffffffdcb8) at >>> /nsm/bro/git/bro2.3-419/bro/src/iosource/PktSrc.cc:241 >>> #5 0x0000000000a71193 in iosource::Manager::FindSoonest (this=0xf29bc0, >>> ts=0x7fffffffddc8) at/nsm/bro/git/bro2.3-419/bro/ >>> src/iosource/Manager.cc:82 >>> #6 0x00000000007895d1 in net_run () at/nsm/bro/git/bro2.3-419/bro/ >>> src/Net.cc:301 >>> #7 0x00000000006d8ed7 in main (argc=3, argv=0x7fffffffe498) at >>> /nsm/bro/git/bro2.3-419/bro/src/main.cc:1200 >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] <mailto:[email protected]> >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
