Re: [Ntop-misc] Zero copy RSS packet sending

2015-12-17 Thread Alfredo Cardigliano 
Hi Josiah
what is the card model and driver version you are using?
Does this happen while capturing from the same queue? 
What happens if you run pfsend on @0 alone?

Alfredo

> On 16 Dec 2015, at 22:06, Josiah W  wrote:
> 
> Hello,
> 
> I am trying to use the zero copy API with the ixgbe driver in multiqueue mode 
> for my project, I can open the interfaces fine using zc:eth2@0 and receive 
> packets. The issue seems to occur when I try to inject packets back onto 
> zc:eth2@0.
> pfring_zc_send_pkt returns no error but the packet never seems to get sent on 
> the interface. If I use zc:eth2@1 to send the packet out, everything works 
> fine and the packet actually gets sent.
> Any ideas on what the issue could possibly be?
> 
> Thanks,
> Josiah
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

[Ntop-misc] Tunnel option applied only for 25% of packets

2015-12-17 Thread gregoire . leroy 

Hello,

I want to test nprobe stable on CentOS6 (v.7.2.151211) and I have an 
issue with nprobe and L2TP tunnelled traffic. Here is the command I 
launch :


[root@netflow-linux ~]# nprobe -i eth1 -d 60 -P /tmp/flows -D t -I sfr 
-T "%IN_BYTES %IN_PKTS %L4_SRC_PORT %PROTOCOL %IPV4_SRC_ADDR 
%L4_DST_PORT %IPV4_DST_ADDR %IPV6_SRC_ADDR %IPV6_DST_MASK 
%UPSTREAM_TUNNEL_ID %DOWNSTREAM_TUNNEL_ID" -V 9 --smart-udp-frags -N 0 
--tunnel


I'd expect to get records like
"122|1|53|17|IP_IN_TUNNEL|13217|IP_IN_TUNNEL|::|0|54B5|B5AB|
117|2|443|6|IP_IN_TUNNEL|53820|IP_IN_TUNNEL|::|0|6304|BB56|
"
I get some of them, but most of my records are not correctly 
decapsulated and I usually get records like that :


52|1|30753|17|L2TP_IP|49752|L2TP_IP|::|0|||
52|1|4560|17|L2TP_IP|34232|L2TP_IP|::|0|||

As you can see, L4_SRC_PORT and L4_DST_PORT are correctly decapsulated. 
However, I neither get the tunneled IP address or the tunnel 
informations (I obfuscated IP informations, replacing them with 
IP_IN_TUNNEL and L2TP_IP). ~75% of flows are concerned.


I am pretty sure the problem comes from the decapsulation and it's not a 
false positive as if it was, src port and dest port would be 1701.


When I try to use it in debug mode I get a segfault (which I don't get 
without the --tunnel option) :


[root@netflow-linux ~]# nprobe -i eth1 -d 60 -P /tmp/flows -D t -I sfr 
-T "%IN_BYTES %IN_PKTS %L4_SRC_PORT %PROTOCOL %IPV4_SRC_ADDR 
%L4_DST_PORT %IPV4_DST_ADDR %IPV6_SRC_ADDR %IPV6_DST_MASK 
%UPSTREAM_TUNNEL_ID %DOWNSTREAM_TUNNEL_ID %UNTUNNELED_IPV4_SRC_ADDR" -V 
9 --smart-udp-frags -N 0 --debug --tunnel
17/Dec/2015 16:19:38 [nprobe.c:3114] ERROR: Invalid nProbe license 
(/etc/nprobe.license) [Missing license file]
17/Dec/2015 16:19:38 [nprobe.c:3121] ERROR: 
*
17/Dec/2015 16:19:38 [nprobe.c:3122] ERROR: **   
  **
17/Dec/2015 16:19:38 [nprobe.c:3123] ERROR: **  Switching to DEMO MODE 
(missing valid license) **
17/Dec/2015 16:19:38 [nprobe.c:3124] ERROR: **   
  **
17/Dec/2015 16:19:38 [nprobe.c:3125] ERROR: **  Create your nProbe 
license at  **
17/Dec/2015 16:19:38 [nprobe.c:3126] ERROR: **   
http://www.nmon.net/mklicense/**
17/Dec/2015 16:19:38 [nprobe.c:3127] ERROR: **   
  **
17/Dec/2015 16:19:38 [nprobe.c:3128] ERROR: 
*
17/Dec/2015 16:19:38 [nprobe.c:6508] ERROR: 
***
17/Dec/2015 16:19:38 [nprobe.c:6509] ERROR: * NOTE: This is a DEMO 
version limited to 25000 flows export.  *
17/Dec/2015 16:19:38 [nprobe.c:6510] ERROR: 
***

17/Dec/2015 16:19:38 [plugin.c:166] No plugins found in ./plugins
17/Dec/2015 16:19:38 [plugin.c:174] Loading 22 plugins [.so] from 
/usr/local/lib/nprobe/plugins

datagramSourceIP 0.0.0.0
datagramSize 48
unixSecondsUTC 1450365578
datagramVersion 5
agentSubId 0
agent 192.168.1.1
packetSequenceNo 1084445
sysUpTime 2429093100
samplesInPacket 4
startSample --
sampleType_tag 0:2
sampleType COUNTERSSAMPLE
sampleSequenceNo 187645
sourceId 0:1
counterBlock_tag 2176:0
skipping unknown counters_sample_element: 2176:0 len=0
counterBlock_tag 568615:598
skipping unknown counters_sample_element: 568615:598 len=0
endSample   --
unexpected end of datagram after sample 1 of 4
datagramSourceIP 0.0.0.0
datagramSize 48
unixSecondsUTC 1450365578
datagramVersion 5
agentSubId 0
agent 192.168.1.1
packetSequenceNo 1084446
sysUpTime 2429093100
samplesInPacket 10
startSample --
sampleType_tag 0:1
sampleType FLOWSAMPLE
sampleSequenceNo 11443
sourceId 0:2
meanSkipCount 50
samplePool 8912896
dropEvents 0
inputPort multiple 181563990
outputPort 0
flowBlock_tag 0:0
skipping unknown flow_sample_element: 0:0 len=-2147483648
Segmentation fault

When I compare with what I get in a pcap, I can see that in my pcap file 
I almost don't get any packet


Is there a performance issue (it doesn't seem so, CPU stays low) ? Is 
there a fix somewhere, or did I miss something ?


Thank you very much,
Regards,
Grégoire
___
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

Re: [Ntop-misc] Tunnel option applied only for 25% of packets

2015-12-17 Thread Luca Deri 
Hi Gregoire,
please file a bug on https://github.com/ntop/nProbe 
 and attach a pcap file for reproducing it

Regards Luca

> On 17 Dec 2015, at 15:21, gregoire.le...@retenodus.net wrote:
> 
> Hello,
> 
> I want to test nprobe stable on CentOS6 (v.7.2.151211) and I have an issue 
> with nprobe and L2TP tunnelled traffic. Here is the command I launch :
> 
> [root@netflow-linux ~]# nprobe -i eth1 -d 60 -P /tmp/flows -D t -I sfr -T 
> "%IN_BYTES %IN_PKTS %L4_SRC_PORT %PROTOCOL %IPV4_SRC_ADDR %L4_DST_PORT 
> %IPV4_DST_ADDR %IPV6_SRC_ADDR %IPV6_DST_MASK %UPSTREAM_TUNNEL_ID 
> %DOWNSTREAM_TUNNEL_ID" -V 9 --smart-udp-frags -N 0 --tunnel
> 
> I'd expect to get records like
> "122|1|53|17|IP_IN_TUNNEL|13217|IP_IN_TUNNEL|::|0|54B5|B5AB|
> 117|2|443|6|IP_IN_TUNNEL|53820|IP_IN_TUNNEL|::|0|6304|BB56|
> "
> I get some of them, but most of my records are not correctly decapsulated and 
> I usually get records like that :
> 
> 52|1|30753|17|L2TP_IP|49752|L2TP_IP|::|0|||
> 52|1|4560|17|L2TP_IP|34232|L2TP_IP|::|0|||
> 
> As you can see, L4_SRC_PORT and L4_DST_PORT are correctly decapsulated. 
> However, I neither get the tunneled IP address or the tunnel informations (I 
> obfuscated IP informations, replacing them with IP_IN_TUNNEL and L2TP_IP). 
> ~75% of flows are concerned.
> 
> I am pretty sure the problem comes from the decapsulation and it's not a 
> false positive as if it was, src port and dest port would be 1701.
> 
> When I try to use it in debug mode I get a segfault (which I don't get 
> without the --tunnel option) :
> 
> [root@netflow-linux ~]# nprobe -i eth1 -d 60 -P /tmp/flows -D t -I sfr -T 
> "%IN_BYTES %IN_PKTS %L4_SRC_PORT %PROTOCOL %IPV4_SRC_ADDR %L4_DST_PORT 
> %IPV4_DST_ADDR %IPV6_SRC_ADDR %IPV6_DST_MASK %UPSTREAM_TUNNEL_ID 
> %DOWNSTREAM_TUNNEL_ID %UNTUNNELED_IPV4_SRC_ADDR" -V 9 --smart-udp-frags -N 0 
> --debug --tunnel
> 17/Dec/2015 16:19:38 [nprobe.c:3114] ERROR: Invalid nProbe license 
> (/etc/nprobe.license) [Missing license file]
> 17/Dec/2015 16:19:38 [nprobe.c:3121] ERROR: 
> *
> 17/Dec/2015 16:19:38 [nprobe.c:3122] ERROR: **
>  **
> 17/Dec/2015 16:19:38 [nprobe.c:3123] ERROR: **  Switching to DEMO MODE 
> (missing valid license) **
> 17/Dec/2015 16:19:38 [nprobe.c:3124] ERROR: **
>  **
> 17/Dec/2015 16:19:38 [nprobe.c:3125] ERROR: **  Create your nProbe license at 
>  **
> 17/Dec/2015 16:19:38 [nprobe.c:3126] ERROR: **   
> http://www.nmon.net/mklicense/**
> 17/Dec/2015 16:19:38 [nprobe.c:3127] ERROR: **
>  **
> 17/Dec/2015 16:19:38 [nprobe.c:3128] ERROR: 
> *
> 17/Dec/2015 16:19:38 [nprobe.c:6508] ERROR: 
> ***
> 17/Dec/2015 16:19:38 [nprobe.c:6509] ERROR: * NOTE: This is a DEMO version 
> limited to 25000 flows export.  *
> 17/Dec/2015 16:19:38 [nprobe.c:6510] ERROR: 
> ***
> 17/Dec/2015 16:19:38 [plugin.c:166] No plugins found in ./plugins
> 17/Dec/2015 16:19:38 [plugin.c:174] Loading 22 plugins [.so] from 
> /usr/local/lib/nprobe/plugins
> datagramSourceIP 0.0.0.0
> datagramSize 48
> unixSecondsUTC 1450365578
> datagramVersion 5
> agentSubId 0
> agent 192.168.1.1
> packetSequenceNo 1084445
> sysUpTime 2429093100
> samplesInPacket 4
> startSample --
> sampleType_tag 0:2
> sampleType COUNTERSSAMPLE
> sampleSequenceNo 187645
> sourceId 0:1
> counterBlock_tag 2176:0
> skipping unknown counters_sample_element: 2176:0 len=0
> counterBlock_tag 568615:598
> skipping unknown counters_sample_element: 568615:598 len=0
> endSample   --
> unexpected end of datagram after sample 1 of 4
> datagramSourceIP 0.0.0.0
> datagramSize 48
> unixSecondsUTC 1450365578
> datagramVersion 5
> agentSubId 0
> agent 192.168.1.1
> packetSequenceNo 1084446
> sysUpTime 2429093100
> samplesInPacket 10
> startSample --
> sampleType_tag 0:1
> sampleType FLOWSAMPLE
> sampleSequenceNo 11443
> sourceId 0:2
> meanSkipCount 50
> samplePool 8912896
> dropEvents 0
> inputPort multiple 181563990
> outputPort 0
> flowBlock_tag 0:0
> skipping unknown flow_sample_element: 0:0 len=-2147483648
> Segmentation fault
> 
> When I compare with what I get in a pcap, I can see that in my pcap file I 
> almost don't get any packet
> 
> Is there a performance issue (it doesn't seem so, CPU stays low) ? Is there a 
> fix somewhere, or did I miss something ?
> 
> Thank you very much,
> Regards,
> Grégoire
> ___
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

___