What version of gdbm? There's an old bug report on the net for 1.8.0
crashing in get_elem...
And BTW, from where it's crashing, it's got nothing to do with
netFlow - the
segfault is in dequeueAddress, i.e. the DNSAR thread.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Nick
Buraglio
Sent: Monday, January 17, 2005 12:22 PM
To: [email protected]
Subject: Re: [Ntop] flow collector segfault
My bad, forgot to paste them in:
(gdb) list
259 /* ************************************ */
260
261 /* That's the meat */
262 #ifdef WIN32
263 int ntop_main(int argc, char *argv[]) {
264 #else
265 int main(int argc, char *argv[]) {
266 #endif
267 int i, rc, userSpecified;
268 char ifStr[196] = {0};
(gdb) info stack
#0 0x29567a2c in get_elem () from /usr/local/lib/libgdbm.so.3
#1 0x29567402 in _gdbm_alloc () from /usr/local/lib/libgdbm.so.3
#2 0x29565e34 in gdbm_store () from /usr/local/lib/libgdbm.so.3
#3 0x2816c386 in ntop_gdbm_store (g=0x807a500, d={dptr = 0xbfabdec8
"2897105977", dsize = 11}, v=
{dptr = 0xbfabdef8 "acae5439.ipt.aol.com", dsize = 72}, r=1) at
util.c:4186
#4 0x2813fb24 in dequeueAddress (notUsed=0x0) at address.c:483
#5 0x29334a8d in pthread_create () from /usr/lib/libpthread.so.1
#6 0x293eec5f in _ctx_start () from /lib/libc.so.5
(gdb) print deviceId
No symbol "deviceId" in current context.
(gdb) bt full
#0 0x29567a2c in get_elem () from /usr/local/lib/libgdbm.so.3 No
symbol
table info available.
#1 0x29567402 in _gdbm_alloc () from /usr/local/lib/libgdbm.so.3 No
symbol
table info available.
#2 0x29565e34 in gdbm_store () from /usr/local/lib/libgdbm.so.3 No
symbol
table info available.
#3 0x2816c386 in ntop_gdbm_store (g=0x807a500, d={dptr = 0xbfabdec8
"2897105977", dsize = 11}, v=
{dptr = 0xbfabdef8 "acae5439.ipt.aol.com", dsize = 72}, r=1) at
util.c:4186
rc = -1079255140
#4 0x2813fb24 in dequeueAddress (notUsed=0x0) at address.c:483
theAddr = "��T9", '\0' <repeats 12 times>
family = 2
size = 4
error_num = 0
addr = {hostFamily = 2, addr = {_hostIp4Address = {s_addr =
2897105977}, _hostIp6Address = {
__u6_addr = {__u6_addr8 = "9Tƨ", '\0' <repeats 11 times>,
__u6_addr16 = {21561, 44206, 0, 0, 0, 0, 0,
0}, __u6_addr32 = {2897105977, 0, 0, 0}}}}}
key_data = {dptr = 0x0, dsize = 4}
data_data = {dptr = 0x852a980 "9Tƨ66.28.46.9", dsize = 4}
#5 0x29334a8d in pthread_create () from /usr/lib/libpthread.so.1 No
symbol
table info available.
#6 0x293eec5f in _ctx_start () from /lib/libc.so.5 No symbol table
info
available.
nb
On Jan 17, 2005, at 12:14 PM, Burton Strauss wrote:
And ???
You forgot the list and show/info commands once it dies...
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Nick Buraglio
Sent: Monday, January 17, 2005 11:51 AM
To: [email protected]
Subject: Re: [Ntop] flow collector segfault
Running the process in the foreground (ntop -K -w 0 -W 3000 --ipv4)
yields
this:
Mon Jan 17 10:55:56 2005 **WARNING** Error: bad magic number
(expected=1968/real=0) [deviceId=1]
Mon Jan 17 10:55:56 2005 **WARNING** Error: wrong bucketIdx /9
(expected=4184/real=2) [deviceId=1]
zsh: segmentation fault ntop -K -w 0 -W 3000 --ipv4
I removed one of the colllectors and let it run and it dies with:
zsh: segmentation fault ntop -K -w 0 -W 3000 --ipv4
gdb shows:
[EMAIL PROTECTED]:~/ntop/docs ] gdb /usr/local/bin/ntop
<134> GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are welcome to change it and/or distribute copies of it under
certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for
details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) set args -u root -w 0 -W 3000 --ipv4 -K
(gdb) run
Starting program: /usr/local/bin/ntop -u root -w 0 -W 3000 --ipv4 -K
Mon Jan 17 11:46:16 2005 Initializing gdbm databases Mon Jan 17
11:46:16 2005 ntop v.3.1 MT (SSL) Mon Jan 17 11:46:16 2005
Configured on Jan 9 2005 15:03:29, built on Jan 9 2005 15:06:02.
Mon Jan 17 11:46:16 2005 Copyright 1998-2004 by Luca Deri
<[EMAIL PROTECTED]> Mon Jan 17 11:46:16 2005 Get the freshest ntop from
http://www.ntop.org/ Mon Jan 17 11:46:16 2005 Initializing ntop Mon
Jan 17 11:46:16 2005 Checking rl0 for additional devices Mon Jan 17
11:46:16 2005 Resetting traffic statistics for device rl0 Mon Jan 17
11:46:16 2005 DLT: Device 0 [rl0] is 1, mtu 1514, header 14 Mon Jan
17 11:46:16 2005 Initializing gdbm databases Mon Jan 17 11:46:16
2005
VENDOR: Loading MAC address table.
Mon Jan 17 11:46:16 2005 VENDOR: Checking for MAC address table file
Mon Jan 17 11:46:16 2005 VENDOR: File
'/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Mon Jan 17 11:46:16 2005 VENDOR: ntop continues ok Mon Jan 17
11:46:16 2005 VENDOR: Checking for MAC address table file Mon Jan 17
11:46:16 2005 VENDOR: File '/usr/local/etc/ntop/oui.txt.gz'
does not need to be reloaded
Mon Jan 17 11:46:16 2005 VENDOR: ntop continues ok Mon Jan 17
11:46:16 2005 Fingeprint: Loading signature file.
Mon Jan 17 11:46:16 2005 Fingeprint: ...loaded 1697 records Mon Jan
17 11:46:16 2005 ASN: Checking for Autonomous System Number table
file Mon Jan 17 11:46:17 2005 **WARNING** ASN: Unable to open file
'AS-list.txt'
Mon Jan 17 11:46:17 2005 I18N: This instance of ntop does not
support
multiple languages Mon Jan 17 11:46:17 2005 IP2CC: Checking for IP
address <-> Country Code mapping file Mon Jan 17 11:46:17 2005
IP2CC:
Loading file '/usr/local/etc/ntop/p2c.opt.table.gz'
Mon Jan 17 11:46:18 2005 IP2CC: ...found 52395 lines Mon Jan 17
11:46:18 2005 GDVERCHK: Guessing at libgd version Mon Jan 17
11:46:18
2005 GDVERCHK: ... as 2.0.21+ Mon Jan 17 11:46:18 2005 Initializing
external applications Mon Jan 17 11:46:18 2005 THREADMGMT: Started
thread (134612992) for network packet analyser Mon Jan 17 11:46:18
2005 THREADMGMT: Started thread (134613504) for fingerprinting Mon
Jan 17 11:46:18 2005 THREADMGMT: Started thread (134614016) for idle
hosts detection Mon Jan 17 11:46:18 2005 THREADMGMT: Started thread
(134614528) for DNS address resolution Mon Jan 17 11:46:18 2005
Calling plugin start functions (if any) Mon Jan 17 11:46:18 2005
SSL:
Initializing...
Mon Jan 17 11:46:18 2005 SSL_PRNG: Automatically initialized!
Mon Jan 17 11:46:18 2005 THREADMGMT: Packet processor thread
running...
Mon Jan 17 11:46:18 2005 THREADMGMT: Fingerprint scan thread
running...
Mon Jan 17 11:46:18 2005 THREADMGMT: Idle host scan thread
running...
Mon Jan 17 11:46:18 2005 THREADMGMT: Address resolution thread
running...
Mon Jan 17 11:46:18 2005 CHKVER: Checking current ntop version at
version.ntop.org/version.xml Mon Jan 17 11:46:18 2005 SSL
initialized
successfully Mon Jan 17 11:46:18 2005 INITWEB: Initializing web
server Mon Jan 17 11:46:18 2005 INITWEB: Initializing tcp/ip socket
connections for web server Mon Jan 17 11:46:18 2005 INITWEB:
Initialized ssl socket, port 3000, address (any) Mon Jan 17 11:46:18
2005 INITWEB: Waiting for HTTPS (SSL) connections on port 3000 Mon
Jan 17 11:46:18 2005 INITWEB: Starting web server Mon Jan 17
11:46:18
2005 THREADMGMT: Started thread (137688576) for web server Mon Jan
17
11:46:18 2005 Listening on [rl0] Mon Jan 17 11:46:18 2005 Loading
Plugins Mon Jan 17 11:46:18 2005 Searching for plugins in
/usr/local/lib/ntop/plugins Mon Jan 17 11:46:18 2005 THREADMGMT: web
connections thread (62182) started...
Mon Jan 17 11:46:18 2005 Note: SIGPIPE handler set (ignore) Mon Jan
17 11:46:18 2005 WEB: ntop's web server is now processing requests
Mon Jan 17 11:46:18 2005 ICMP: Welcome to icmpWatchPlugin. (C)
1999-2004 by Luca Deri
Mon Jan 17 11:46:18 2005 LASTSEEN: Welcome to LastSeenWatchPlugin.
(C)
1999 by Andrea Marangoni
Mon Jan 17 11:46:18 2005 NETFLOW: Welcome to NetFlow.(C) 2002-04 by
Luca Deri Mon Jan 17 11:46:18 2005 NFS: Welcome to nfsWatchPlugin.
(C) 1999-2004 by Luca Deri Mon Jan 17 11:46:18 2005 **WARNING**
Plugin 'nfsPlugin.so' discarded:
compiled for a different ntop version
Mon Jan 17 11:46:18 2005 **WARNING** Expected ntop version '3.0',
actual plugin ntop version '3.1'.
Mon Jan 17 11:46:18 2005 PDA: Welcome to PDAPlugin. (C) 2001-2004 by
L.Deri and W.Brock Mon Jan 17 11:46:18 2005 RRD: Welcome to
rrdPlugin. (C) 2002-04 by Luca Deri.
Mon Jan 17 11:46:18 2005 SFLOW: Welcome to sFlow.(C) 2002-04 by Luca
Deri Mon Jan 17 11:46:18 2005 XML: Welcome to xmldump plugin. (C)
2003-2004 by Burton Strauss Mon Jan 17 11:46:18 2005 SNMP: Welcome
to
snmpPlugin. (C) 2004 by F.Fusco and G.Giardina Mon Jan 17 11:46:18
2005 Calling plugin start functions (if any) Mon Jan 17 11:46:18
2005
RRD: Welcome to the RRD plugin Mon Jan 17 11:46:18 2005 RRD: Mask
for
new directories is 0700 Mon Jan 17 11:46:18 2005 RRD: Mask for new
files is 0066 Mon Jan 17 11:46:18 2005 RRD: Started thread
(137689088) for data collection.
Mon Jan 17 11:46:18 2005 NETFLOW: initializing '2,3,4,5,6,7' devices
Mon Jan 17 11:46:18 2005 NETFLOW: createNetFlowDevice(2) Mon Jan 17
11:46:18 2005 Creating dummy interface, 'NetFlow-device.2'
Mon Jan 17 11:46:18 2005 THREADMGMT: rrd thread (137689088) started
Mon Jan 17 11:46:18 2005 NETFLOW: initializing deviceId=1 Mon Jan 17
11:46:18 2005 NETFLOW: White list initialized to ''
Mon Jan 17 11:46:18 2005 NETFLOW: Black list initialized to ''
Mon Jan 17 11:46:18 2005 NETFLOW: Created a UDP socket (17) Mon Jan
17 11:46:18 2005 NETFLOW: Collector listening on port 6996 Mon Jan
17
11:46:18 2005 NETFLOW: createNetFlowDevice created device 1 Mon Jan
17 11:46:18 2005 NETFLOW: createNetFlowDevice(3) Mon Jan 17 11:46:18
2005 Creating dummy interface, 'NetFlow-device.3'
Mon Jan 17 11:46:18 2005 NETFLOW: initializing deviceId=2 Mon Jan 17
11:46:18 2005 NETFLOW: White list initialized to ''
Mon Jan 17 11:46:18 2005 NETFLOW: Black list initialized to ''
Mon Jan 17 11:46:18 2005 NETFLOW: Created a UDP socket (18) Mon Jan
17 11:46:18 2005 THREADMGMT: netFlow thread(137689600) started Mon
Jan 17 11:46:18 2005 NETFLOW: Collector listening on port 6997 Mon
Jan 17 11:46:19 2005 NETFLOW: createNetFlowDevice created device 2
Mon Jan 17 11:46:19 2005 NETFLOW: createNetFlowDevice(4) Mon Jan 17
11:46:19 2005 Creating dummy interface, 'NetFlow-device.4'
Mon Jan 17 11:46:19 2005 NETFLOW: initializing deviceId=3 Mon Jan 17
11:46:19 2005 NETFLOW: White list initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Black list initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Created a UDP socket (19) Mon Jan
17 11:46:19 2005 THREADMGMT: netFlow thread(137690112) started Mon
Jan 17 11:46:19 2005 NETFLOW: Collector listening on port 6998 Mon
Jan 17 11:46:19 2005 NETFLOW: createNetFlowDevice created device 3
Mon Jan 17 11:46:19 2005 NETFLOW: createNetFlowDevice(5) Mon Jan 17
11:46:19 2005 Creating dummy interface, 'NetFlow-device.5'
Mon Jan 17 11:46:19 2005 THREADMGMT: netFlow thread(137690624)
started Mon Jan 17 11:46:19 2005 NETFLOW: initializing deviceId=4
Mon
Jan 17 11:46:19 2005 NETFLOW: White list initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Black list initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Created a UDP socket (20) Mon Jan
17 11:46:19 2005 NETFLOW: Collector listening on port 6999 Mon Jan
17
11:46:19 2005 NETFLOW: createNetFlowDevice created device 4 Mon Jan
17 11:46:19 2005 NETFLOW: createNetFlowDevice(6) Mon Jan 17 11:46:19
2005 Creating dummy interface, 'NetFlow-device.6'
Mon Jan 17 11:46:19 2005 THREADMGMT: netFlow thread(137068544)
started Mon Jan 17 11:46:19 2005 NETFLOW: initializing deviceId=5
Mon
Jan 17 11:46:19 2005 NETFLOW: White list initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Black list initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Created a UDP socket (21) Mon Jan
17 11:46:19 2005 NETFLOW: Collector listening on port 7000 Mon Jan
17
11:46:19 2005 NETFLOW: createNetFlowDevice created device 5 Mon Jan
17 11:46:19 2005 NETFLOW: createNetFlowDevice(7) Mon Jan 17 11:46:19
2005 Creating dummy interface, 'NetFlow-device.7'
Mon Jan 17 11:46:19 2005 CHKVER: Version file is from
'version.ntop.org'
Mon Jan 17 11:46:19 2005 CHKVER: as of date is '2004-12-01T17:00:00'
Mon Jan 17 11:46:19 2005 CHKVER: This version of ntop is the CURRENT
stable version Mon Jan 17 11:46:19 2005 THREADMGMT: netFlow
thread(137069056) started Mon Jan 17 11:46:19 2005 NETFLOW:
initializing deviceId=6 Mon Jan 17 11:46:19 2005 NETFLOW: White list
initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Black list initialized to ''
Mon Jan 17 11:46:19 2005 NETFLOW: Created a UDP socket (14) Mon Jan
17 11:46:19 2005 NETFLOW: Collector listening on port 7001 Mon Jan
17
11:46:19 2005 NETFLOW: createNetFlowDevice created device 6 Mon Jan
17 11:46:19 2005 Now running as requested user 'root' (0:0) Mon Jan
17 11:46:19 2005 INIT: Created pid file (/var/run/ntop.pid) Mon Jan
17 11:46:19 2005 Note: Reporting device initally set to 2
[TownandCountry.collector] Mon Jan 17 11:46:19 2005 THREADMGMT:
Started thread (137070080) for network packet sniffing on rl0 Mon Jan
17 11:46:19 2005 THREADMGMT: netFlow thread(137069568) started Mon
Jan 17 11:46:19 2005 THREADMGMT: pcapDispatch(rl0) thread running...
Mon Jan 17 11:46:28 2005 RRD: Created directory
(/usr/local/var/ntop/rrd/graphics)
Mon Jan 17 11:46:28 2005 RRD: Created directory
(/usr/local/var/ntop/rrd/flows)
Mon Jan 17 11:46:28 2005 RRD: Created directory
(/usr/local/var/ntop/rrd/interfaces)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 5 (LWP 100096)]
0x29567a2c in get_elem () from /usr/local/lib/libgdbm.so.3
(gdb) run
nb
On Jan 17, 2005, at 10:47 AM, Nick Buraglio wrote:
Thanks, will do.
On Jan 17, 2005, at 7:56 AM, Burton Strauss wrote:
Signal 10 is an unaligned move. You need to figure out where it's
occurring.
Use gdb (instructions are in docs/FAQ - remember to use -K so ntop
doesn't
fork()) to trap the failing code.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf
Of Nick Buraglio
Sent: Sunday, January 16, 2005 7:50 PM
To: [email protected]
Subject: [Ntop] flow collector segfault
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have a freebsd 5.3 machine (9`00mhz, 512mb RAM) running ntop 3.1
(started with ntop -d -w 0 -W 3999 --ipv4) and it's been working
wonderfully as a flow collector / analyzer for about a week.
Recently I added 2 more virtual interfaces (for a total of 7 plus
the actual
interface) and now ntop crashes every few minutes with this error:
Jan 16 19:35:50 collector ntop[59826]: **WARNING** Error: bad
magic
number (expected=1968/real=0) [deviceId=3]
Jan 16 19:35:50 collector ntop[59826]: **WARNING** Error: wrong
bucketIdx / (expected=16/real=2) [deviceId=3] Jan 16 19:35:50
collector
kernel: pid 59826 (ntop), uid 65534: exited on signal 10 Jan 16
19:35:50 collector kernel: rl0: promiscuous mode disabled
Directly above in the syslog is this:
Jan 16 19:33:52 collector ntop[59826]: **WARNING** Address
resolution
queue is full [4096 slots]
Jan 16 19:33:52 collector ntop[59826]: Addresses in excess won't
be
resolved - ntop continues
Is this a known issue? Is there a fix for this? Ideally I'd like
this to be a collector for 20+ exporters (in which case I'd
probably
upgrade hardware). Is there a limit to the number of virtual
interfaces one can have?
nb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (Darwin)
iD8DBQFB6xnWFOm2Sy5bRPQRAiRVAJ4hr87OjiHrfv+/PGWrEVgmxFdqiwCfVvZO
Lrf0b+yp7q/r3bBGH7tEWQU=
=PsTY
-----END PGP SIGNATURE-----
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
