Thomas yuo're running our of memory. ntop is configured by default for a LAN environement, If you want to use it on a WAN with so many NICs you should pay attention to its configuration. See ntop -h for more help
Luca On Jul 3, 2008, at 4:11 PM, Thomas Dreibholz wrote: > Hello! > > I have installed ntop (Ubuntu Hardy) on a router with lots of > traffic. In > particular, the traffic of two PlanetLab nodes runs over this > router. This > means that there are lots of TCP connections and UDP transmissions. > After > some time, ntop crashes with segfault. To find out the reason for this > problem, I have compiled ntop from its sources (the latest sources > from > http://www.ntop.org/download.html) and started ntop manually: > > [EMAIL PROTECTED]:~$ sudo ntop -u superuser -w 5678 -i > eth1,eth2,eth3,eth4,eth5 > Mon Jun 30 12:34:30 2008 NOTE: Interface merge enabled by default > Mon Jun 30 12:34:30 2008 Initializing gdbm databases > Mon Jun 30 12:34:30 2008 ntop v.3.3.6 > Mon Jun 30 12:34:30 2008 Configured on Jun 27 2008 16:02:28, built > on Jun 27 > 2008 16:02:51. > Mon Jun 30 12:34:30 2008 Copyright 1998-2007 by Luca Deri <[EMAIL PROTECTED] > > > Mon Jun 30 12:34:30 2008 Get the freshest ntop from http://www.ntop.org/ > Mon Jun 30 12:34:30 2008 NOTE: ntop is running from 'ntop' > Mon Jun 30 12:34:30 2008 NOTE: (but see warning on man page for the > --instance > parameter) > Mon Jun 30 12:34:30 2008 NOTE: ntop libraries are in '/usr/local/lib' > Mon Jun 30 12:34:30 2008 Initializing ntop > Mon Jun 30 12:34:30 2008 Checking eth1 for additional devices > Mon Jun 30 12:34:30 2008 Resetting traffic statistics for device eth1 > Mon Jun 30 12:34:30 2008 Initializing device eth1 (0) > Mon Jun 30 12:34:30 2008 DLT: Device 0 [eth1] is 1, mtu 1514, header > 14 > Mon Jun 30 12:34:30 2008 Checking eth2 for additional devices > Mon Jun 30 12:34:30 2008 Resetting traffic statistics for device eth2 > Mon Jun 30 12:34:30 2008 Initializing device eth2 (1) > Mon Jun 30 12:34:30 2008 DLT: Device 1 [eth2] is 1, mtu 1514, header > 14 > Mon Jun 30 12:34:30 2008 Checking eth3 for additional devices > Mon Jun 30 12:34:30 2008 Resetting traffic statistics for device eth3 > Mon Jun 30 12:34:30 2008 Initializing device eth3 (2) > Mon Jun 30 12:34:30 2008 DLT: Device 2 [eth3] is 1, mtu 1514, header > 14 > Mon Jun 30 12:34:30 2008 Checking eth4 for additional devices > Mon Jun 30 12:34:30 2008 Resetting traffic statistics for device eth4 > Mon Jun 30 12:34:30 2008 Initializing device eth4 (3) > Mon Jun 30 12:34:30 2008 DLT: Device 3 [eth4] is 1, mtu 1514, header > 14 > Mon Jun 30 12:34:30 2008 Checking eth5 for additional devices > Mon Jun 30 12:34:30 2008 Resetting traffic statistics for device eth5 > Mon Jun 30 12:34:30 2008 Initializing device eth5 (4) > Mon Jun 30 12:34:30 2008 DLT: Device 4 [eth5] is 1, mtu 1514, header > 14 > Mon Jun 30 12:34:30 2008 Initializing gdbm databases > Mon Jun 30 12:34:30 2008 VENDOR: Loading MAC address table. > Mon Jun 30 12:34:30 2008 VENDOR: Checking for MAC address table file > Mon Jun 30 12:34:30 2008 VENDOR: File '/usr/local/etc/ntop/ > specialMAC.txt.gz' > does not need to be reloaded > Mon Jun 30 12:34:30 2008 VENDOR: ntop continues ok > Mon Jun 30 12:34:30 2008 VENDOR: Checking for MAC address table file > Mon Jun 30 12:34:30 2008 VENDOR: File '/usr/local/etc/ntop/ > oui.txt.gz' does > not need to be reloaded > Mon Jun 30 12:34:30 2008 VENDOR: ntop continues ok > Mon Jun 30 12:34:30 2008 Fingerprint: Loading signature file > Mon Jun 30 12:34:30 2008 Fingerprint: Checking for Fingerprint > file... file > Mon Jun 30 12:34:30 2008 Fingerprint: Loading > file '/usr/local/etc/ntop/etter.finger.os.gz' > Mon Jun 30 12:34:30 2008 Fingerprint: ...loaded 0 records > Mon Jun 30 12:34:30 2008 ASN: Checking for Autonomous System Number > table file > Mon Jun 30 12:34:30 2008 ASN: Loading > file '/usr/local/etc/ntop/AS-list.txt.gz' > Mon Jun 30 12:34:32 2008 ASN: ...found 111435 lines > Mon Jun 30 12:34:32 2008 ASN: ....Used 3780 KB of memory (12 per > entry) > Mon Jun 30 12:34:32 2008 I18N: This instance of ntop does not > support multiple > languages > Mon Jun 30 12:34:32 2008 IP2CC: Checking for IP address <-> Country > Code > mapping file > Mon Jun 30 12:34:32 2008 IP2CC: Loading > file '/usr/local/etc/ntop/p2c.opt.table.gz' > Mon Jun 30 12:34:32 2008 IP2CC: ...found 52395 lines > Mon Jun 30 12:34:32 2008 Database support not compiled into ntop > Mon Jun 30 12:34:32 2008 Initializing external applications > Mon Jun 30 12:34:32 2008 THREADMGMT[t2975042448]: SFP: Fingerprint > scan thread > starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2975042448]: SFP: Started > thread for > fingerprinting > Mon Jun 30 12:34:32 2008 THREADMGMT[t2966649744]: SIH: Idle host > scan thread > starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2966649744]: SIH: Started > thread for idle > hosts detection > Mon Jun 30 12:34:32 2008 THREADMGMT[t2958257040]: DNSAR(1): Address > resolution > thread running > Mon Jun 30 12:34:32 2008 THREADMGMT[t2958257040]: DNSAR(1): Started > thread for > DNS address resolution > Mon Jun 30 12:34:32 2008 THREADMGMT[t2949864336]: DNSAR(2): Address > resolution > thread running > Mon Jun 30 12:34:32 2008 THREADMGMT[t2949864336]: DNSAR(2): Started > thread for > DNS address resolution > Mon Jun 30 12:34:32 2008 THREADMGMT[t2941471632]: DNSAR(3): Address > resolution > thread running > Mon Jun 30 12:34:32 2008 THREADMGMT[t2941471632]: DNSAR(3): Started > thread for > DNS address resolution > Mon Jun 30 12:34:32 2008 Calling plugin start functions (if any) > Mon Jun 30 12:34:32 2008 INITWEB: Initializing web server > Mon Jun 30 12:34:32 2008 INITWEB: Initializing TCP/IP socket > connections for > web server > Mon Jun 30 12:34:32 2008 INITWEB: Initialized socket, port 5678, > address (any) > Mon Jun 30 12:34:32 2008 INITWEB: Waiting for HTTP connections on > port 5678 > Mon Jun 30 12:34:32 2008 INITWEB: Starting web server > Mon Jun 30 12:34:32 2008 THREADMGMT[t2933078928]: WEB: Server > connection > thread starting [p7504] > Mon Jun 30 12:34:32 2008 Note: SIGPIPE handler set (ignore) > Mon Jun 30 12:34:32 2008 THREADMGMT[t2933078928]: WEB: Server > connection > thread running [p7504] > Mon Jun 30 12:34:32 2008 WEB: ntop's web server is now processing > requests > Mon Jun 30 12:34:32 2008 THREADMGMT[t2933078928]: INITWEB: Started > thread for > web server > Mon Jun 30 12:34:32 2008 Listening on [eth1,eth2,eth3,eth4,eth5] > Mon Jun 30 12:34:32 2008 Loading Plugins > Mon Jun 30 12:34:32 2008 Searching for plugins in /usr/local/lib/ > ntop/plugins > Mon Jun 30 12:34:32 2008 NETFLOW: Welcome to NetFlow.(C) 2002-08 by > Luca Deri > Mon Jun 30 12:34:32 2008 RRD: Welcome to Round-Robin Databases. (C) > 2002-07 by > Luca Deri. > Mon Jun 30 12:34:32 2008 LASTSEEN: Welcome to Host Last Seen. (C) > 1999 by > Andrea Marangoni > Mon Jun 30 12:34:32 2008 SFLOW: Welcome to sFlow.(C) 2002-04 by Luca > Deri > Mon Jun 30 12:34:32 2008 Remote: Welcome to Remote. (C) 2006-07 by > L.Deri > Mon Jun 30 12:34:32 2008 PDA: Welcome to PDA. (C) 2001-2005 by > L.Deri and > W.Brock > Mon Jun 30 12:34:32 2008 ICMP: Welcome to ICMP Watch. (C) 1999-2005 > by Luca > Deri > Mon Jun 30 12:34:32 2008 Calling plugin start functions (if any) > Mon Jun 30 12:34:32 2008 RRD: Welcome to the RRD plugin > Mon Jun 30 12:34:32 2008 RRD: Mask for new directories is 0700 > Mon Jun 30 12:34:32 2008 RRD: Mask for new files is 0066 > Mon Jun 30 12:34:32 2008 RRD_DEBUG: Parameters: > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpInterval 300 seconds > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpShortInterval 10 seconds > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpHours 72 hours by 300 seconds > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpDays 90 days by hour > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpMonths 36 months by day > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpDomains no > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpFlows no > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpSubnets no > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpHosts no > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpInterfaces yes > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpASs no > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpMatrix no > Mon Jun 30 12:34:32 2008 RRD_DEBUG: dumpDetail medium > Mon Jun 30 12:34:32 2008 RRD_DEBUG: hostsFilter > Mon Jun 30 12:34:32 2008 RRD_DEBUG: rrdPath /usr/local/var/ntop/rrd > [normal] > Mon Jun 30 12:34:32 2008 RRD_DEBUG: rrdPath /usr/local/var/ntop/rrd > [dynamic/volatile] > Mon Jun 30 12:34:32 2008 RRD_DEBUG: umask 0066 > Mon Jun 30 12:34:32 2008 RRD_DEBUG: DirPerms 0700 > Mon Jun 30 12:34:32 2008 THREADMGMT[t2924583824]: RRD: Data > collection thread > starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT: RRD: Started thread > (t2924583824) for > data collection > Mon Jun 30 12:34:32 2008 INIT: Created pid file (/var/run/ntop.pid) > Mon Jun 30 12:34:32 2008 THREADMGMT[t3075380912]: ntop RUNSTATE: > INITNONROOT(3) > Mon Jun 30 12:34:32 2008 Now running as requested user > 'superuser' (1000:1000) > Mon Jun 30 12:34:32 2008 Note: Reporting device initally set to 0 > [eth1] > (merged) > Mon Jun 30 12:34:32 2008 THREADMGMT[t3075380912]: ntop RUNSTATE: > RUN(4) > Mon Jun 30 12:34:32 2008 THREADMGMT[t2916191120]: NPS(eth1): > pcapDispatch > thread starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2916191120]: NPS(eth1): > pcapDispatch > thread running [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2966649744]: SIH: Idle host > scan thread > running [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2975042448]: SFP: Fingerprint > scan thread > running [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2916191120]: NPS(1): Started > thread for > network packet sniffing [eth1] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2907675536]: NPS(eth2): > pcapDispatch > thread starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2907675536]: NPS(eth2): > pcapDispatch > thread running [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2907675536]: NPS(2): Started > thread for > network packet sniffing [eth2] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2882370448]: NPS(eth3): > pcapDispatch > thread starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2882370448]: NPS(eth3): > pcapDispatch > thread running [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2882370448]: NPS(3): Started > thread for > network packet sniffing [eth3] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2873977744]: NPS(eth4): > pcapDispatch > thread starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2873977744]: NPS(eth4): > pcapDispatch > thread running [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2873977744]: NPS(4): Started > thread for > network packet sniffing [eth4] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2865585040]: NPS(eth5): > pcapDispatch > thread starting [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2865585040]: NPS(eth5): > pcapDispatch > thread running [p7504] > Mon Jun 30 12:34:32 2008 THREADMGMT[t2865585040]: NPS(5): Started > thread for > network packet sniffing [eth5] > Mon Jun 30 12:34:42 2008 THREADMGMT[t2857192336]: RRD: Throughput data > collection: Thread starting [p7504] > Mon Jun 30 12:34:42 2008 THREADMGMT[t2857192336]: RRD: Throughput data > collection: Thread running [p7504] > Mon Jun 30 12:34:42 2008 THREADMGMT[t2857192336]: RRD: Started > thread for > throughput data collection > Mon Jun 30 12:34:42 2008 THREADMGMT[t2924583824]: RRD: Data > collection thread > running [p7504] > Mon Jun 30 12:34:43 2008 NOTE: -L | --use-syslog=facility not > specified, child > processes will log to the default (24). > Mon Jun 30 12:38:43 2008 WARNING: Max num hash entries (8192) > reached (see -x) > Mon Jun 30 12:38:43 2008 **ERROR** Sanity check failed (1) [Low > memory?] > Segmentation fault > > The hash table seems to fill with connections and when the limit is > reached, > the ntop process crashes. After using "-x 500000" to increase this > limit, the > regular segfaults do not occur any more. However, this is not a fix > for the > problem. > > After that, I have compiled in debugging information > (NTOPCONFIGDEBUG=yes) and > configured with --enable-static --disable-shared. > > Running ntop with gdb, I have obtained the following stack trace: > ----- > Thu Jul 3 14:44:37 2008 WARNING: Max num hash entries (8192) reached > (see -x) > Thu Jul 3 14:44:37 2008 **ERROR** Sanity check failed (1) [Low > memory?] > Thu Jul 3 14:44:38 2008 NOTE: -L | --use-syslog=facility not > specified, > child processes will log to the default (24). > > Program received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0xae34eb90 (LWP 10630)] > 0x080e8d41 in processPacket (_deviceId=0x0, h=0xae34e330, > p=0xae34c2b0 "\003") > at pbuf.c:3304 > 3304 allocHostTrafficCounterMemory(dstHost, nonIPTraffic, > sizeof(NonIPTraffic)); > (gdb) bt > #0 0x080e8d41 in processPacket (_deviceId=0x0, h=0xae34e330, > p=0xae34c2b0 "\003") at pbuf.c:3304 > #1 0x080eefe3 in queuePacket (_deviceId=0x0, h=0xae34e330, > p=0x875cfea "\003") at pbuf.c:2505 > #2 0xb7e0ad36 in ?? () from /usr/lib/libpcap.so.0.8 > #3 0xb7e0b087 in pcap_dispatch () from /usr/lib/libpcap.so.0.8 > #4 0x080da30e in pcapDispatch (_i=0x0) at ntop.c:94 > #5 0xb7ca74fb in start_thread () from /lib/tls/i686/cmov/ > libpthread.so.0 > #6 0xb7c29e5e in clone () from /lib/tls/i686/cmov/libc.so.6 > ----- > > > I have tried to submit this bug to https://svn.ntop.org/trac/wiki, > but I did > not find any possibility to create an account or to submit the bug > without > having an account. > > > Best regards > -- > = > ====================================================================== > Dr. Thomas Dreibholz > > University of Duisburg-Essen, Room ES210 > Inst. for Experimental Mathematics Ellernstraße 29 > Computer Networking Technology Group D-45326 Essen/Germany > ----------------------------------------------------------------------- > E-Mail: [EMAIL PROTECTED] > Homepage: http://www.iem.uni-due.de/~dreibh > = > ====================================================================== _______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
