Re: [Ntop-misc] cluster_2_tuple not working as expected

2016-11-10 Thread Chandrika Gautam 
Hi Alfredo,

I tested with latest pfring from github but still packets are segregated to
different applications.
After your latest change, We need to use cluster_per_flow_2_tuple only
right to segregate traffic on outer ip addresses ?

Should we load pfring module with enable_frag_coherence=1? I have tested
with using this or without this with the latest package from github.


Regrads,
Gautam

On Fri, Nov 11, 2016 at 9:12 AM, Chandrika Gautam <
chandrika.iitd.r...@gmail.com> wrote:

> Thanks Alfredo for an update.
> I will update you once merge with latest
> PFRing.
> Regards,
> Gautam
>
> Sent from my iPhone
>
> On Nov 10, 2016, at 10:38 PM, Alfredo Cardigliano 
> wrote:
>
> Hi Gautam
> your traffic is GTP traffic and the hash was computed on the inner headers
> when present,
> I did change the behaviour computing the hash on the outer header when
> using cluster_per_flow_2_tuple, and introduced
> new hash types cluster_per_inner_* for computing hash on inner header,
> when present.
> Please update from github or wait for new packages.
>
> Regards
> Alfredo
>
> On 10 Nov 2016, at 11:41, Chandrika Gautam 
> wrote:
>
> Hi Alfredo
>
> PFA the traces having vlan and not vlan.
>
> To add more details to this, there are 2 observations -
> 1. We ran a bigger file of 1 lakh packets, out of which fragments of same
> packet got distributed across application
>
> 2. We ran with the attached file and observed that the 2 packets were
> going to one application and rest of the packets were to other one.
>
> Thanks & Regards
>
> On Thu, Nov 10, 2016 at 4:04 PM, Alfredo Cardigliano  > wrote:
>
>> Hi Gautam
>> could you provide a pcap we can use to reproduce this?
>>
>> Alfredo
>>
>> > On 10 Nov 2016, at 11:22, Chandrika Gautam <
>> chandrika.iitd.r...@gmail.com> wrote:
>> >
>> > Hi,
>> >
>> > We are using PFRING cluster feature and using cluster_2_tuple and 2
>> applications
>> > are reading from same cluster id.
>> >
>> > We have observed that the packets having same source and destination ip
>> addresses are getting distributed across 2 applications which has
>> completely tossed our logic as we are trying to assemble the fragments in
>> our applications.
>> >
>> > Is there any bug in PFRING clustering mechanism which is causing this.
>> >
>> > Using PFRING 6.2.0 and  pfring is loaded with below command -
>> > insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0
>> >
>> > I tried with this also.
>> > insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0
>> enable_frag_coherence=1
>> >
>> >
>> > Regards,
>> > Gautam
>> >
>> > ___
>> > Ntop-misc mailing list
>> > Ntop-misc@listgateway.unipi.it
>> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>
> 
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] cluster_2_tuple not working as expected

2016-11-10 Thread Chandrika Gautam 
Thanks Alfredo for an update.
I will update you once merge with latest 
PFRing.
Regards,
Gautam

Sent from my iPhone

> On Nov 10, 2016, at 10:38 PM, Alfredo Cardigliano  
> wrote:
> 
> Hi Gautam
> your traffic is GTP traffic and the hash was computed on the inner headers 
> when present,
> I did change the behaviour computing the hash on the outer header when using 
> cluster_per_flow_2_tuple, and introduced
> new hash types cluster_per_inner_* for computing hash on inner header, when 
> present.
> Please update from github or wait for new packages.
> 
> Regards
> Alfredo
> 
>> On 10 Nov 2016, at 11:41, Chandrika Gautam  
>> wrote:
>> 
>> Hi Alfredo 
>> 
>> PFA the traces having vlan and not vlan.
>> 
>> To add more details to this, there are 2 observations - 
>> 1. We ran a bigger file of 1 lakh packets, out of which fragments of same 
>> packet got distributed across application
>> 
>> 2. We ran with the attached file and observed that the 2 packets were going 
>> to one application and rest of the packets were to other one.
>> 
>> Thanks & Regards
>> 
>>> On Thu, Nov 10, 2016 at 4:04 PM, Alfredo Cardigliano  
>>> wrote:
>>> Hi Gautam
>>> could you provide a pcap we can use to reproduce this?
>>> 
>>> Alfredo
>>> 
>>> > On 10 Nov 2016, at 11:22, Chandrika Gautam 
>>> >  wrote:
>>> >
>>> > Hi,
>>> >
>>> > We are using PFRING cluster feature and using cluster_2_tuple and 2 
>>> > applications
>>> > are reading from same cluster id.
>>> >
>>> > We have observed that the packets having same source and destination ip 
>>> > addresses are getting distributed across 2 applications which has 
>>> > completely tossed our logic as we are trying to assemble the fragments in 
>>> > our applications.
>>> >
>>> > Is there any bug in PFRING clustering mechanism which is causing this.
>>> >
>>> > Using PFRING 6.2.0 and  pfring is loaded with below command -
>>> > insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0
>>> >
>>> > I tried with this also.
>>> > insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0 
>>> > enable_frag_coherence=1
>>> >
>>> >
>>> > Regards,
>>> > Gautam
>>> >
>>> > ___
>>> > Ntop-misc mailing list
>>> > Ntop-misc@listgateway.unipi.it
>>> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>> 
>>> ___
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>> 
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> 
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 2.6.32-642.4.2.el6.x86_64

2016-11-10 Thread Luca Deri 
Derek,
this problem is odd because we run continue tests with docker (see 
https://github.com/ntop/packager) and we have never seen this problem.

I have now analysed the use on centos 6.8 and this is what I have

deri@centos6 205> ldd n2disk
linux-vdso.so.1 =>  (0x7fff75ddd000)
librt.so.1 => /lib64/librt.so.1 (0x0030e220)
libm.so.6 => /lib64/libm.so.6 (0x0030e1e0)
libdl.so.2 => /lib64/libdl.so.2 (0x0030e1a0)
libnuma.so.1 => /usr/lib64/libnuma.so.1 (0x7f05a2979000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0030e160)
libc.so.6 => /lib64/libc.so.6 (0x0030e120)
/lib64/ld-linux-x86-64.so.2 (0x0030e0e0)
deri@centos6 206> ls -l /lib64/libc.so.6
0 lrwxrwxrwx. 1 root root 12 Aug  9 10:14 /lib64/libc.so.6 -> libc-2.12.so*
deri@centos6 207> cat /etc/redhat-release 
CentOS release 6.8 (Final)

Can you please check how’s your system configured?

Regards Luca

> On 10 Nov 2016, at 21:37, Spransy, Derek  wrote:
> 
> Hi Luca,
> 
> Yes, although I fully removed n2disk and pfring before reinstalling 
> everything from RPMs (via yum).
> 
> Thanks,
> Derek
> 
> 
> From: ntop-misc-boun...@listgateway.unipi.it 
>  on behalf of Luca Deri 
> 
> Sent: Thursday, November 10, 2016 3:33 PM
> To: ntop-misc@listgateway.unipi.it
> Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
> 2.6.32-642.4.2.el6.x86_64
>  
> Derek
> how did you update? Via yum?
> 
> Luca
> 
>> On 10 Nov 2016, at 20:11, Spransy, Derek  wrote:
>> 
>> Hi Alfredo,
>> 
>> I updated, but now I've run into a different problem. It looks like the new 
>> version of n2disk10g requires glibc 2.14? Was that just changed in this 
>> version? I'm on RHEL 6 and have 2.12:
>> 
>> $ sudo /usr/local/bin/n2disk10g /etc/n2disk/n2disk-eth5.conf 
>> /usr/local/bin/n2disk10g: /lib64/libc.so.6: version `GLIBC_2.14' not found 
>> (required by /usr/local/bin/n2disk10g)
>> 
>> Thanks,
>> Derek
>> 
>> 
>> From: ntop-misc-boun...@listgateway.unipi.it 
>>  on behalf of Alfredo Cardigliano 
>> 
>> Sent: Thursday, November 10, 2016 1:07 PM
>> To: ntop-misc@listgateway.unipi.it
>> Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
>> 2.6.32-642.4.2.el6.x86_64
>>  
>> Hi Derek
>> I tought I updated you on this, but it seems it is not the case,
>> could you try using -R with latest release?
>> 
>> Best Regards
>> Alfredo
>> 
>>> On 3 Nov 2016, at 18:53, Alfredo Cardigliano  wrote:
>>> 
>>> Hi Derek
>>> I need to check if it’s a bug in the n2disk version with -R. Please use it 
>>> without -R in the meantime.
>>> 
>>> Alfredo
>>> 
 On 3 Nov 2016, at 18:52, Spransy, Derek  wrote:
 
 Hi Alfredo,
 
 Commenting that line out in my config allowed n2disk to run properly. Is 
 that an issue with my config issue or a bug?
 
 Thanks,
 Derek
 
 From: ntop-misc-boun...@listgateway.unipi.it 
  on behalf of Alfredo Cardigliano 
 
 Sent: Thursday, November 3, 2016 1:48 PM
 To: ntop-misc@listgateway.unipi.it
 Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
 2.6.32-642.4.2.el6.x86_64
  
 Derek
 please try running n2disk without "-R 8,9,10”
 
 Alfredo
 
> On 3 Nov 2016, at 18:27, Spransy, Derek  wrote:
> 
> Sure, here's the config:
> 
> -i zc:eth5
> -o /data1/captures
> -b 3072
> -p 1024
> -q 1
> -S 0
> -c 6
> -R 8,9,10
> -w 7
> -z 12
> -I
> -A /data1/index
> --max-num-files 43000
> -P=/var/run/n2disk.pid
> --event-log /var/log/n2disk.log
> --index-on-compressor-threads
> --pcap-compression
> --remove-ahead
> --unprivileged-user n2disk
> --verbose
> 
> And starting verbose:
> 
> $ sudo /usr/local/bin/n2disk10g /etc/n2disk/n2disk-eth5.conf 
> 03/Nov/2016 13:26:19 [n2disk.c:4808] Welcome to n2disk10g v.2.6.160917 
> (r4666) [SandyBridge]
> 03/Nov/2016 13:26:19 [n2disk.c:4835] Running on 2 node(s) system with 24 
> core(s). NUMA affinity set to node 1.
> 03/Nov/2016 13:26:19 [n2disk.c:4864] Using PF_RING for packet capture
> 03/Nov/2016 13:26:19 [n2disk.c:4890] WARNING: If you are using standard 
> drivers (packet capture via kernel) please disable time-pulse thread
> 03/Nov/2016 13:26:19 [n2disk.c:4893] Multithread support enabled
> 03/Nov/2016 13:26:19 [n2disk.c:5007] Dump files max size is set to 1024 MB
> 03/Nov/2016 13:26:19 [n2disk.c:5024] Buffer memory is set to 3 GB (x 3 
> pcap files)
> 03/Nov/2016 13:26:19 [n2disk.c:5059] Using directory /data1/captures for 
> dump files
> 03/Nov/2016 13:26:19 [n2disk.c:5064] No sub-directories will

Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 2.6.32-642.4.2.el6.x86_64

2016-11-10 Thread Luca Deri 
Derek
how did you update? Via yum?

Luca

> On 10 Nov 2016, at 20:11, Spransy, Derek  wrote:
> 
> Hi Alfredo,
> 
> I updated, but now I've run into a different problem. It looks like the new 
> version of n2disk10g requires glibc 2.14? Was that just changed in this 
> version? I'm on RHEL 6 and have 2.12:
> 
> $ sudo /usr/local/bin/n2disk10g /etc/n2disk/n2disk-eth5.conf 
> /usr/local/bin/n2disk10g: /lib64/libc.so.6: version `GLIBC_2.14' not found 
> (required by /usr/local/bin/n2disk10g)
> 
> Thanks,
> Derek
> 
> 
> From: ntop-misc-boun...@listgateway.unipi.it 
>  on behalf of Alfredo Cardigliano 
> 
> Sent: Thursday, November 10, 2016 1:07 PM
> To: ntop-misc@listgateway.unipi.it
> Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
> 2.6.32-642.4.2.el6.x86_64
>  
> Hi Derek
> I tought I updated you on this, but it seems it is not the case,
> could you try using -R with latest release?
> 
> Best Regards
> Alfredo
> 
>> On 3 Nov 2016, at 18:53, Alfredo Cardigliano > > wrote:
>> 
>> Hi Derek
>> I need to check if it’s a bug in the n2disk version with -R. Please use it 
>> without -R in the meantime.
>> 
>> Alfredo
>> 
>>> On 3 Nov 2016, at 18:52, Spransy, Derek >> > wrote:
>>> 
>>> Hi Alfredo,
>>> 
>>> Commenting that line out in my config allowed n2disk to run properly. Is 
>>> that an issue with my config issue or a bug?
>>> 
>>> Thanks,
>>> Derek
>>> 
>>> From: ntop-misc-boun...@listgateway.unipi.it 
>>>  
>>> >> > on behalf of Alfredo 
>>> Cardigliano >
>>> Sent: Thursday, November 3, 2016 1:48 PM
>>> To: ntop-misc@listgateway.unipi.it 
>>> Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
>>> 2.6.32-642.4.2.el6.x86_64
>>>  
>>> Derek
>>> please try running n2disk without "-R 8,9,10”
>>> 
>>> Alfredo
>>> 
 On 3 Nov 2016, at 18:27, Spransy, Derek > wrote:
 
 Sure, here's the config:
 
 -i zc:eth5
 -o /data1/captures
 -b 3072
 -p 1024
 -q 1
 -S 0
 -c 6
 -R 8,9,10
 -w 7
 -z 12
 -I
 -A /data1/index
 --max-num-files 43000
 -P=/var/run/n2disk.pid
 --event-log /var/log/n2disk.log
 --index-on-compressor-threads
 --pcap-compression
 --remove-ahead
 --unprivileged-user n2disk
 --verbose
 
 And starting verbose:
 
 $ sudo /usr/local/bin/n2disk10g /etc/n2disk/n2disk-eth5.conf 
 03/Nov/2016 13:26:19 [n2disk.c:4808] Welcome to n2disk10g v.2.6.160917 
 (r4666) [SandyBridge]
 03/Nov/2016 13:26:19 [n2disk.c:4835] Running on 2 node(s) system with 24 
 core(s). NUMA affinity set to node 1.
 03/Nov/2016 13:26:19 [n2disk.c:4864] Using PF_RING for packet capture
 03/Nov/2016 13:26:19 [n2disk.c:4890] WARNING: If you are using standard 
 drivers (packet capture via kernel) please disable time-pulse thread
 03/Nov/2016 13:26:19 [n2disk.c:4893] Multithread support enabled
 03/Nov/2016 13:26:19 [n2disk.c:5007] Dump files max size is set to 1024 MB
 03/Nov/2016 13:26:19 [n2disk.c:5024] Buffer memory is set to 3 GB (x 3 
 pcap files)
 03/Nov/2016 13:26:19 [n2disk.c:5059] Using directory /data1/captures for 
 dump files
 03/Nov/2016 13:26:19 [n2disk.c:5064] No sub-directories will be created
 03/Nov/2016 13:26:19 [n2disk.c:5069] Up to 43000 files will be written 
 before overwriting
 03/Nov/2016 13:26:19 [n2disk.c:5079] Dump files max duration is set to 600 
 sec
 03/Nov/2016 13:26:19 [n2disk.c:5095] Dumping data in 0.1 MB chunks
 03/Nov/2016 13:26:19 [n2disk.c:5138] Index processing memory is set to 847 
 MB (x 3 index files)
 03/Nov/2016 13:26:22 [n2disk.c:5328] Memory allocated successfully
 03/Nov/2016 13:26:22 [n2disk.c:3597] Using time pulse timestamps
 03/Nov/2016 13:26:22 [n2disk.c:3630] Started PF_RING packet reader thread 
 for device zc:eth5
 $
>>> 
>>> 
>>> 
>>> This e-mail message (including any attachments) is for the sole use of
>>> the intended recipient(s) and may contain confidential and privileged
>>> information. If the reader of this message is not the intended
>>> recipient, you are hereby notified that any dissemination, distribution
>>> or copying of this message (including any attachments) is strictly
>>> prohibited.
>>> 
>>> If you have received this message in error, please contact
>>> the sender by reply e-mail message and destroy all copies of the
>>> original message (including attachments).
>>> ___
>>> Ntop-misc mailing list
>>> Ntop-misc@listgateway.unipi.it

Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 2.6.32-642.4.2.el6.x86_64

2016-11-10 Thread Spransy, Derek 
Hi Alfredo,


I updated, but now I've run into a different problem. It looks like the new 
version of n2disk10g requires glibc 2.14? Was that just changed in this 
version? I'm on RHEL 6 and have 2.12:


$ sudo /usr/local/bin/n2disk10g /etc/n2disk/n2disk-eth5.conf
/usr/local/bin/n2disk10g: /lib64/libc.so.6: version `GLIBC_2.14' not found 
(required by /usr/local/bin/n2disk10g)


Thanks,

Derek



From: ntop-misc-boun...@listgateway.unipi.it 
 on behalf of Alfredo Cardigliano 

Sent: Thursday, November 10, 2016 1:07 PM
To: ntop-misc@listgateway.unipi.it
Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
2.6.32-642.4.2.el6.x86_64

Hi Derek
I tought I updated you on this, but it seems it is not the case,
could you try using -R with latest release?

Best Regards
Alfredo

On 3 Nov 2016, at 18:53, Alfredo Cardigliano 
> wrote:

Hi Derek
I need to check if it’s a bug in the n2disk version with -R. Please use it 
without -R in the meantime.

Alfredo

On 3 Nov 2016, at 18:52, Spransy, Derek 
> wrote:

Hi Alfredo,

Commenting that line out in my config allowed n2disk to run properly. Is that 
an issue with my config issue or a bug?

Thanks,
Derek


From: 
ntop-misc-boun...@listgateway.unipi.it
 
>
 on behalf of Alfredo Cardigliano 
>
Sent: Thursday, November 3, 2016 1:48 PM
To: ntop-misc@listgateway.unipi.it
Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
2.6.32-642.4.2.el6.x86_64

Derek
please try running n2disk without "-R 8,9,10”

Alfredo

On 3 Nov 2016, at 18:27, Spransy, Derek 
> wrote:

Sure, here's the config:


-i zc:eth5
-o /data1/captures
-b 3072
-p 1024
-q 1
-S 0
-c 6
-R 8,9,10
-w 7
-z 12
-I
-A /data1/index
--max-num-files 43000
-P=/var/run/n2disk.pid
--event-log /var/log/n2disk.log
--index-on-compressor-threads
--pcap-compression
--remove-ahead
--unprivileged-user n2disk
--verbose


And starting verbose:

$ sudo /usr/local/bin/n2disk10g /etc/n2disk/n2disk-eth5.conf
03/Nov/2016 13:26:19 [n2disk.c:4808] Welcome to n2disk10g v.2.6.160917 (r4666) 
[SandyBridge]
03/Nov/2016 13:26:19 [n2disk.c:4835] Running on 2 node(s) system with 24 
core(s). NUMA affinity set to node 1.
03/Nov/2016 13:26:19 [n2disk.c:4864] Using PF_RING for packet capture
03/Nov/2016 13:26:19 [n2disk.c:4890] WARNING: If you are using standard drivers 
(packet capture via kernel) please disable time-pulse thread
03/Nov/2016 13:26:19 [n2disk.c:4893] Multithread support enabled
03/Nov/2016 13:26:19 [n2disk.c:5007] Dump files max size is set to 1024 MB
03/Nov/2016 13:26:19 [n2disk.c:5024] Buffer memory is set to 3 GB (x 3 pcap 
files)
03/Nov/2016 13:26:19 [n2disk.c:5059] Using directory /data1/captures for dump 
files
03/Nov/2016 13:26:19 [n2disk.c:5064] No sub-directories will be created
03/Nov/2016 13:26:19 [n2disk.c:5069] Up to 43000 files will be written before 
overwriting
03/Nov/2016 13:26:19 [n2disk.c:5079] Dump files max duration is set to 600 sec
03/Nov/2016 13:26:19 [n2disk.c:5095] Dumping data in 0.1 MB chunks
03/Nov/2016 13:26:19 [n2disk.c:5138] Index processing memory is set to 847 MB 
(x 3 index files)
03/Nov/2016 13:26:22 [n2disk.c:5328] Memory allocated successfully
03/Nov/2016 13:26:22 [n2disk.c:3597] Using time pulse timestamps
03/Nov/2016 13:26:22 [n2disk.c:3630] Started PF_RING packet reader thread for 
device zc:eth5
$




This e-mail message (including any attachments) is for the sole use of
the intended recipient(s) and may contain confidential and privileged
information. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution
or copying of this message (including any attachments) is strictly
prohibited.

If you have received this message in error, please contact
the sender by reply e-mail message and destroy all copies of the
original message (including attachments).
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 2.6.32-642.4.2.el6.x86_64

2016-11-10 Thread Alfredo Cardigliano 
Hi Derek
I tought I updated you on this, but it seems it is not the case,
could you try using -R with latest release?

Best Regards
Alfredo

> On 3 Nov 2016, at 18:53, Alfredo Cardigliano  wrote:
> 
> Hi Derek
> I need to check if it’s a bug in the n2disk version with -R. Please use it 
> without -R in the meantime.
> 
> Alfredo
> 
>> On 3 Nov 2016, at 18:52, Spransy, Derek > > wrote:
>> 
>> Hi Alfredo,
>> 
>> Commenting that line out in my config allowed n2disk to run properly. Is 
>> that an issue with my config issue or a bug?
>> 
>> Thanks,
>> Derek
>> 
>> From: ntop-misc-boun...@listgateway.unipi.it 
>>  
>> > > on behalf of Alfredo 
>> Cardigliano >
>> Sent: Thursday, November 3, 2016 1:48 PM
>> To: ntop-misc@listgateway.unipi.it 
>> Subject: Re: [Ntop-misc] n2disk dumping with RHEL6 Kernel 
>> 2.6.32-642.4.2.el6.x86_64
>>  
>> Derek
>> please try running n2disk without "-R 8,9,10”
>> 
>> Alfredo
>> 
>>> On 3 Nov 2016, at 18:27, Spransy, Derek >> > wrote:
>>> 
>>> Sure, here's the config:
>>> 
>>> -i zc:eth5
>>> -o /data1/captures
>>> -b 3072
>>> -p 1024
>>> -q 1
>>> -S 0
>>> -c 6
>>> -R 8,9,10
>>> -w 7
>>> -z 12
>>> -I
>>> -A /data1/index
>>> --max-num-files 43000
>>> -P=/var/run/n2disk.pid
>>> --event-log /var/log/n2disk.log
>>> --index-on-compressor-threads
>>> --pcap-compression
>>> --remove-ahead
>>> --unprivileged-user n2disk
>>> --verbose
>>> 
>>> And starting verbose:
>>> 
>>> $ sudo /usr/local/bin/n2disk10g /etc/n2disk/n2disk-eth5.conf 
>>> 03/Nov/2016 13:26:19 [n2disk.c:4808] Welcome to n2disk10g v.2.6.160917 
>>> (r4666) [SandyBridge]
>>> 03/Nov/2016 13:26:19 [n2disk.c:4835] Running on 2 node(s) system with 24 
>>> core(s). NUMA affinity set to node 1.
>>> 03/Nov/2016 13:26:19 [n2disk.c:4864] Using PF_RING for packet capture
>>> 03/Nov/2016 13:26:19 [n2disk.c:4890] WARNING: If you are using standard 
>>> drivers (packet capture via kernel) please disable time-pulse thread
>>> 03/Nov/2016 13:26:19 [n2disk.c:4893] Multithread support enabled
>>> 03/Nov/2016 13:26:19 [n2disk.c:5007] Dump files max size is set to 1024 MB
>>> 03/Nov/2016 13:26:19 [n2disk.c:5024] Buffer memory is set to 3 GB (x 3 pcap 
>>> files)
>>> 03/Nov/2016 13:26:19 [n2disk.c:5059] Using directory /data1/captures for 
>>> dump files
>>> 03/Nov/2016 13:26:19 [n2disk.c:5064] No sub-directories will be created
>>> 03/Nov/2016 13:26:19 [n2disk.c:5069] Up to 43000 files will be written 
>>> before overwriting
>>> 03/Nov/2016 13:26:19 [n2disk.c:5079] Dump files max duration is set to 600 
>>> sec
>>> 03/Nov/2016 13:26:19 [n2disk.c:5095] Dumping data in 0.1 MB chunks
>>> 03/Nov/2016 13:26:19 [n2disk.c:5138] Index processing memory is set to 847 
>>> MB (x 3 index files)
>>> 03/Nov/2016 13:26:22 [n2disk.c:5328] Memory allocated successfully
>>> 03/Nov/2016 13:26:22 [n2disk.c:3597] Using time pulse timestamps
>>> 03/Nov/2016 13:26:22 [n2disk.c:3630] Started PF_RING packet reader thread 
>>> for device zc:eth5
>>> $
>> 
>> 
>> 
>> This e-mail message (including any attachments) is for the sole use of
>> the intended recipient(s) and may contain confidential and privileged
>> information. If the reader of this message is not the intended
>> recipient, you are hereby notified that any dissemination, distribution
>> or copying of this message (including any attachments) is strictly
>> prohibited.
>> 
>> If you have received this message in error, please contact
>> the sender by reply e-mail message and destroy all copies of the
>> original message (including attachments).
>> ___
>> Ntop-misc mailing list
>> Ntop-misc@listgateway.unipi.it 
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc 
>> 

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] cluster_2_tuple not working as expected

2016-11-10 Thread Chandrika Gautam 
Hi Alfredo

PFA the traces having vlan and not vlan.

To add more details to this, there are 2 observations -
1. We ran a bigger file of 1 lakh packets, out of which fragments of same
packet got distributed across application

2. We ran with the attached file and observed that the 2 packets were going
to one application and rest of the packets were to other one.

Thanks & Regards

On Thu, Nov 10, 2016 at 4:04 PM, Alfredo Cardigliano 
wrote:

> Hi Gautam
> could you provide a pcap we can use to reproduce this?
>
> Alfredo
>
> > On 10 Nov 2016, at 11:22, Chandrika Gautam <
> chandrika.iitd.r...@gmail.com> wrote:
> >
> > Hi,
> >
> > We are using PFRING cluster feature and using cluster_2_tuple and 2
> applications
> > are reading from same cluster id.
> >
> > We have observed that the packets having same source and destination ip
> addresses are getting distributed across 2 applications which has
> completely tossed our logic as we are trying to assemble the fragments in
> our applications.
> >
> > Is there any bug in PFRING clustering mechanism which is causing this.
> >
> > Using PFRING 6.2.0 and  pfring is loaded with below command -
> > insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0
> >
> > I tried with this also.
> > insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0
> enable_frag_coherence=1
> >
> >
> > Regards,
> > Gautam
> >
> > ___
> > Ntop-misc mailing list
> > Ntop-misc@listgateway.unipi.it
> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>


multiple_fragments_id35515.pcap
Description: application/cap


multiple_fragments_id35515_wo_vlan.pcap
Description: application/cap
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] cluster_2_tuple not working as expected

2016-11-10 Thread Alfredo Cardigliano 
Hi Gautam
could you provide a pcap we can use to reproduce this?

Alfredo

> On 10 Nov 2016, at 11:22, Chandrika Gautam  
> wrote:
> 
> Hi, 
> 
> We are using PFRING cluster feature and using cluster_2_tuple and 2 
> applications
> are reading from same cluster id.
> 
> We have observed that the packets having same source and destination ip 
> addresses are getting distributed across 2 applications which has completely 
> tossed our logic as we are trying to assemble the fragments in our 
> applications.
> 
> Is there any bug in PFRING clustering mechanism which is causing this. 
> 
> Using PFRING 6.2.0 and  pfring is loaded with below command -
> insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0 
> 
> I tried with this also.
> insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0 
> enable_frag_coherence=1
> 
> 
> Regards,
> Gautam
> 
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] cluster_2_tuple not working as expected

2016-11-10 Thread Chandrika Gautam 
Hi,

We are using PFRING cluster feature and using cluster_2_tuple and 2
applications
are reading from same cluster id.

We have observed that the packets having same source and destination ip
addresses are getting distributed across 2 applications which has
completely tossed our logic as we are trying to assemble the fragments in
our applications.

Is there any bug in PFRING clustering mechanism which is causing this.

Using PFRING 6.2.0 and  pfring is loaded with below command -
insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0

I tried with this also.
insmod pf_ring.ko min_num_slots=409600 enable_tx_capture=0
enable_frag_coherence=1


Regards,
Gautam
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc