Re: [pmacct-discussion] master - ndpi on 32bit CentOS 6

Thu, 09 Jul 2020 08:58:22 -0700 


Hi Steve,
I do have avail of a i686-based VM. I can't say everything is tested on i686 but i tend to check every now and then that nothing fundamental is broken. I took the example config you used, compiled master code with the same config switches as you did (essentially --enable-ndpi) and had no joy reproducing the issue.
You could send me privately your capture and i may try with that one (although i am not highly positive it will be a successful test); or you could arrange me access to your box to read the pcap. Let me know. 

Paolo

On 09/07/2020 14:54, Steve Clark wrote:

Hi Paolo,
I have compiled master with nDPI on both 32bit and 64bit CentOS 6 systems. The 64 bit pmacctd seems to work fine. But I get bogus byte counts when I run the 32bit version against the same pcap file.
Just wondered if you have done any testing on 32bit intel system with the above combination.
below is the output when using 32bit pmacctd - first the pmacctd invocation then the nfacctd output 
pmacct/src/pmacctd -f ./mypaolo.conf -I v1.7.5_v9_ndpi_class_paolo.pcap
INFO ( default/core ): Promiscuous Mode Accounting Daemon, pmacctd 1.7.6-git (20200707-01) INFO ( default/core ):  '--enable-ndpi' '--with-ndpi-static-lib=/usr/local/lib/' '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' INFO ( default/core ): Reading configuration file '/var/lib/pgsql/sclark/mypaolo.conf'. INFO ( p4p1/nfprobe ): NetFlow probe plugin is originally based on softflowd 0.9.7 software, Copyright 2002 Damien Miller <d...@mindrot.org> All rights reserved. 
INFO ( p4p1/nfprobe ):           TCP timeout: 3600s
INFO ( p4p1/nfprobe ):  TCP post-RST timeout: 120s
INFO ( p4p1/nfprobe ):  TCP post-FIN timeout: 300s
INFO ( p4p1/nfprobe ):           UDP timeout: 300s
INFO ( p4p1/nfprobe ):          ICMP timeout: 300s
INFO ( p4p1/nfprobe ):       General timeout: 3600s
INFO ( p4p1/nfprobe ):      Maximum lifetime: 604800s
INFO ( p4p1/nfprobe ):       Expiry interval: 60s
INFO ( default/core ): PCAP capture file, sleeping for 2 seconds
INFO ( p4p1/nfprobe ): Exporting flows to [172.24.109.157]:rrac
WARN ( p4p1/nfprobe ): Shutting down on user request.
INFO ( default/core ): OK, Exiting ...

src/nfacctd -f examples/nfacctd-print.conf.example
INFO ( default/core ): NetFlow Accounting Daemon, nfacctd 1.7.6-git (20200623-00) INFO ( default/core ):  '--enable-ndpi' '--with-ndpi-static-lib=/usr/local/lib/' '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' INFO ( default/core ): Reading configuration file '/var/lib/pgsql/sclark/pmacct/examples/nfacctd-print.conf.example'. 
INFO ( default/core ): waiting for NetFlow/IPFIX data on :::5678
INFO ( foo/print ): cache entries=16411 base cache memory=56322552 bytes
WARN ( foo/print ): no print_output_file and no print_output_lock_file defined. 
INFO ( foo/print ): *** Purging cache - START (PID: 21926) ***
CLASS             SRC_IP DST_IP                                         SRC_PORT  DST_PORT PROTOCOL    PACKETS               BYTES NetFlow           172.24.110.104 172.24.109.247                                 41900     2055 udp         26 1576253010996 NetFlow           172.24.110.104 172.24.109.247                                 58131     2055 udp         21                    1576253008620 
INFO ( foo/print ): *** Purging cache - END (PID: 21926, QN: 2/2, ET: 0) ***
^CINFO ( foo/print ): *** Purging cache - START (PID: 21559) ***
INFO ( foo/print ): *** Purging cache - END (PID: 21559, QN: 0/0, ET: X) ***
INFO ( default/core ): OK, Exiting ...

Now the output when using and the same .pcap file 64bit version of pmacctd

sudo /root/pmacctd-176 -f ./mypaolo.conf -I v1.7.5_v9_ndpi_class_paolo.pcap
INFO ( default/core ): Promiscuous Mode Accounting Daemon, pmacctd 1.7.6-git (20200623-00) INFO ( default/core ):  '--enable-ndpi' '--with-ndpi-static-lib=/usr/local/lib/' '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' INFO ( default/core ): Reading configuration file '/var/lib/pgsql/sclark/mypaolo.conf'. INFO ( p4p1/nfprobe ): NetFlow probe plugin is originally based on softflowd 0.9.7 software, Copyright 2002 Damien Miller <d...@mindrot.org> All rights reserved. 
INFO ( default/core ): PCAP capture file, sleeping for 2 seconds
INFO ( p4p1/nfprobe ):           TCP timeout: 3600s
INFO ( p4p1/nfprobe ):  TCP post-RST timeout: 120s
INFO ( p4p1/nfprobe ):  TCP post-FIN timeout: 300s
INFO ( p4p1/nfprobe ):           UDP timeout: 300s
INFO ( p4p1/nfprobe ):          ICMP timeout: 300s
INFO ( p4p1/nfprobe ):       General timeout: 3600s
INFO ( p4p1/nfprobe ):      Maximum lifetime: 604800s
INFO ( p4p1/nfprobe ):       Expiry interval: 60s
INFO ( p4p1/nfprobe ): Exporting flows to [172.24.109.157]:rrac
WARN ( p4p1/nfprobe ): Shutting down on user request.
INFO ( default/core ): OK, Exiting ...

src/nfacctd -f examples/nfacctd-print.conf.example
INFO ( default/core ): NetFlow Accounting Daemon, nfacctd 1.7.6-git (20200623-00) INFO ( default/core ):  '--enable-ndpi' '--with-ndpi-static-lib=/usr/local/lib/' '--enable-l2' '--enable-traffic-bins' '--enable-bgp-bins' '--enable-bmp-bins' '--enable-st-bins' INFO ( default/core ): Reading configuration file '/var/lib/pgsql/sclark/pmacct/examples/nfacctd-print.conf.example'. 
INFO ( default/core ): waiting for NetFlow/IPFIX data on :::5678
INFO ( foo/print ): cache entries=16411 base cache memory=56322552 bytes
WARN ( foo/print ): no print_output_file and no print_output_lock_file defined. 
INFO ( foo/print ): *** Purging cache - END (PID: 17495, QN: 0/0, ET: X) ***
INFO ( foo/print ): *** Purging cache - START (PID: 17707) ***
CLASS             SRC_IP DST_IP                                         SRC_PORT  DST_PORT PROTOCOL    PACKETS               BYTES NetFlow           172.24.110.104 172.24.109.247                                 41900     2055 udp         26 13364 NetFlow           172.24.110.104 172.24.109.247                                 58131     2055 udp         21                    10988 
INFO ( foo/print ): *** Purging cache - END (PID: 17707, QN: 2/2, ET: 0) ***
INFO ( foo/print ): *** Purging cache - START (PID: 18127) ***

cat mypaolo.conf
!interface: p4p1
snaplen: 700
aggregate: src_host, dst_host, src_port, dst_port, proto, tos, class
pcap_filter: not net 172.24.106.0/24
plugins: nfprobe[p4p1]
nfprobe_version: 9
nfprobe_receiver: 172.24.109.157:5678

any suggestions - or more test or information I can provide?

Thanks,
Steve
Email Confidentiality Notice: The information contained in this transmission may contain privileged and confidential and/or protected health information (PHI) and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA). This transmission is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, dissemination, distribution, printing or copying of this transmission is strictly prohibited and may subject you to criminal or civil penalties. If you have received this transmission in error, please contact the sender immediately and delete this email and any attachments from any computer. Vaso Corporation and its subsidiary companies are not responsible for data leaks that result from email messages received that contain privileged and confidential and/or protected health information (PHI). 

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists




_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to