For a large network? Any version of Linux.
That's not as flip as it sounds...
It's not just that I don't use FreeBSD - (I do try and make it work for the
releases), but also some significant internal differences exist. The
internals of the threading model for xBSD's (vs. everyone else) are very,
very different (userland vs. kernel) and we have had a lot of issues with
this. Yes, they both meet the POSIX standard, but that just goes to show
how loose the standard is.
With userland threads, the kernel/os has to schedule interrupts differently
- they go to some type of a manager. The manager can be very sophisticated,
tracking which thread gets which signal etc. Or pretty stupid.
It's actually not ntop, it's libpcap. We depend on libpcap to give us
packets in a timely manner, without stalling or delaying other ntop
processes.
In FreeBSD's libpcap, all of the interrupt driven processes relating to
packet capture are converted into some form of polling calls. This has
significant CPU impact and other issues. Some of this conversion was
automatic, some wasn't - hence the --set-pcapnonblocking, were we converted
the 'wake me when there is a packet' call to 'got one? No? sleep() and try
again'.
FreeBSD 5.x MAY be better. Certainly some of the problems have been fixed
(blocking was fixed so we can use pcap_dispatch vs. pcap_loop), but others
may remain. It's still userland threads and so dependent upon the thread
manager.
When I said that I would be surprised if they fixed things, that's what I
meant - the combination of internal FreeBSD fixes plus changes to libpcap.
I believed any major changes were only in the 5.x branch. But it's ALWAYS
possible that something changed in 4.11 which made things worse.
AFAIK we only have one active FreeBSD user - Stanley Hopcroft - that I know
of here on the list. Certainly there are a lot of FreeBSD users according
to our logs:
582 FreeBSD 5.3
...
248 FreeBSD 4.10
182 FreeBSD 5.2.1
141 FreeBSD 4.11
128 FreeBSD 5.4
...
93 FreeBSD 4.9
34 FreeBSD 4.8
23 FreeBSD 5.2
And they're all over the block as to versions.
You are the only one reporting problems ... That has to say SOMETHING,
either you have a different network card, libpcap version, something...
If it's still failing, it's time for you to start detective work - as I said
earlier, instructions for running under gdb are in docs/FAQ at the end.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Mario Sergio Candian
Sent: Wednesday, May 04, 2005 11:37 AM
To: [email protected]
Subject: RE: [Ntop] Problem with NTOP! (fwd)
Hi Burton,
I tryed with different versions of ntop, and doesnt work with all I tested.
I dont know what I can do to fix this problem (signal 11).
I search in google site and dont found nothing about to fix this problem.
What's the ntop version do you recommend to run in a FreeBSD 4.11 STABLE?
Do you know what the option for large network?
Thanks.
Mario Sergio Candian
-
"Dreams as if you'll live forever. Live as if you'll die today" -- James
Dean
On Tue, 3 May 2005, Burton Strauss wrote:
> You probably should give the cvs version a try - there are some post
> 3.1 patches which are critical for 4.x.
>
> If it still fails, then capture the failing information - at the end
> of docs/FAQ are instructions for running under gdb.
>
> -----Burton
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Mario Sergio Candian
> Sent: Tuesday, May 03, 2005 12:56 PM
> To: [email protected]
> Subject: [Ntop] Problem with NTOP! (fwd)
>
>
> Hi list,
>
> I have a FreeBSD 4.11-STABLE box and I'm running NTOP v.3.1, but I
> have had some problems.
> In my ntop.sh script I have this:
>
> interfaces='wi1'
> userid='nobody'
> http_port='3000'
> https_port='3001'
> logdir='/var/log'
> additional_args=''
> args='-d -L'
>
> I tryed with too:
> args='-d -L --set-pcap-nonblocking --skip-version-check'
>
> When I run the ntop:
>
> base# ps auwwx | grep -i ntop
> nobody 64802 8.7 11.3 39932 29024 ?? Ss 2:46PM 0:01.31
> /usr/local/bin/ntop -d -L -i wi1 -w 3000 -W 3001 -a
> /var/log/ntop.access.log -u nobody
>
> I have this error, that I can see in my messages log:
>
> base# tail -f /var/log/messages
> May 3 14:46:09 base ntop[64802]: **WARNING** INIT: Unable to create pid
> file(/var/db/ntop/ntop.pid)
> May 3 14:46:09 base ntop[64802]: Note: Reporting device initally set to
0
>
> [wi1] (merged)
> May 3 14:46:09 base ntop[64802]: THREADMGMT: Started thread (144627712)
> for
> network packet sniffing on wi1
> May 3 14:46:09 base ntop[64802]: THREADMGMT: rrd thread (144626688)
> started
> May 3 14:46:09 base ntop[64802]: THREADMGMT: pcapDispatch(wi1) thread
> running...
> May 3 14:46:11 base ntop[64802]: CHKVER: Version file is from
> 'version.ntop.org'
> May 3 14:46:11 base ntop[64802]: CHKVER: as of date is
> '2004-12-01T17:00:00'
> May 3 14:46:11 base ntop[64802]: CHKVER: This version of ntop is the
> CURRENT
> stable version
> May 3 14:46:26 base /kernel: pid 64802 (ntop), uid 65534: exited on
> signal
> 11 May 3 14:46:26 base /kernel: wi1: promiscuous mode disabled
>
> What I can do, to fix it? (signal 11).
>
> Thanks,
> Mario Sergio Candian
> -
> "Dreams as if you'll live forever. Live as if you'll die today" --
> James Dean _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
