Figured I'd add to this.
I'm seeing the same thing using bro-2.3.2(Stable) compiled with PF_RING
6.0.3(9015) support using just a regular interface, no ZC/DNA. System is
RHEL 6.6
-------------------------------
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania
724-357-3327
On Wed, 25 Feb 2015, Alfredo Cardigliano wrote:
This is definitely strange, I should take a look at the bro code to see what it
does,
is this happening with “dnacluster:X" interafaces only?
Alfredo
On 25 Feb 2015, at 17:12, Gary Faulkner <[email protected]> wrote:
pcount appears to work fine and doesn't produce any sort of segfault or crash.
On 2/25/2015 2:48 AM, Alfredo Cardigliano wrote:
Hi Gary
I do not see anything obvious from the trace, could you try also with pcount
(without f, that is our sample application over pcap),
to figure out where the problem could be?
Thank you
Alfredo
On 24 Feb 2015, at 23:38, Gary Faulkner <[email protected]> wrote:
This is a bit of a cross-post from the Bro NSM list, but I'm not sure if the
problem I'm running into is with Bro, PF_RING or my RHEL 6.6 envi
ronment. I was originally attempting to compile and install PF_RING 6.0.2
stable, but found that the DNA drivers would not compile without err
ors, so I grabbed PF_RING 6.0.3 (9009) from SVN which has newer drivers amongst
other things and this appeared to compile fine. The problem co
mes when I try to run Bro against pfdnacluster_master I see a segfault after a
handful of packets get processed. I was able to grab a backtrac
e with gdb and was thinking the output might have more meaning to the pfring
team. I do have DNA and libzero licenses installed. I'm unsure wh
y there is file not found message as the PF_RING source is present and in my
path. I also have PF_RING installed and not just running out of t
he build location. I'm running nprobe and suricata fine against the same
PF_RING version on other systems. I can also run pfcount against
dnaclus
ter:21@0 for example without a segfault.
Here is a quick gdb session with a backtrace of when I run bro -i
dnacluster:21@0 when it encounters a segfault:
# gdb /nsm/bro/bin/bro
GNU gdb (GDB) SLES Expanded Support platform (7.2-75.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.
html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /nsm/bro/bin/bro...done.
(gdb) run -i dnacluster:21@0
Starting program: /nsm/bro/bin/bro -i dnacluster:21@0
[Thread debugging using libthread_db enabled]
listening on dnacluster:21@0, capture length 8192 bytes
[New Thread 0x7fff20fd0700 (LWP 36513)]
[New Thread 0x7fff1bfff700 (LWP 36514)]
[New Thread 0x7fff1b5fe700 (LWP 36515)]
[New Thread 0x7fff1abfd700 (LWP 36516)]
[New Thread 0x7fff1a1fc700 (LWP 36517)]
[New Thread 0x7fff197fb700 (LWP 36518)]
[New Thread 0x7fff18dfa700 (LWP 36519)]
[New Thread 0x7fff03fff700 (LWP 36520)]
[New Thread 0x7fff035fe700 (LWP 36521)]
[New Thread 0x7fff02bfd700 (LWP 36522)]
[New Thread 0x7fff021fc700 (LWP 36523)]
[New Thread 0x7fff017fb700 (LWP 36524)]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7959506 in pcap_read_packet (handle=0x2631640,
callback=0x7ffff795d720 <pcap_oneshot>, userdata=0x7fffffffda20
"p\025c\002") at ./pcap-linux.c:1807
1807 ./pcap-linux.c: No such file or directory.
in ./pcap-linux.c
Missing separate debuginfos, use: debuginfo-install
GeoIP-1.5.1-5.el6.x86_64 glibc-2.12-1.149.el6_6.5.x86_64
keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-33.el6.x86_64
libcom_err-1.41.12-21.el6.x86_64 libgcc-4.4.7-11.el6.x86_64
libselinux-2.0.94-5.8.el6.x86_64 libstdc++-4.4.7-11.el6.x86_64
numactl-2.0.9-2.el6.x86_64 openssl-1.0.1e-30.el6_6.5.x86_64
zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0 0x00007ffff7959506 in pcap_read_packet (handle=0x2631640,
callback=0x7ffff795d720 <pcap_oneshot>, userdata=0x7fffffffda20
"p\025c\002") at ./pcap-linux.c:1807
#1 0x00007ffff795d79b in pcap_next (p=<value optimized out>, h=<value
optimized out>) at ./pcap.c:218
#2 0x0000000000a4a490 in iosource::pcap::PcapSource::ExtractNextPacket
(this=0x2631430, pkt=0x2631468) at/nsm/bro/git/bro2.3-419/bro/
src/iosource/pcap/Source.cc:151
#3 0x0000000000a7580c in iosource::PktSrc::ExtractNextPacketInternal
(this=0x2631430) at /nsm/bro/git/bro2.3-419/bro/src/iosource/PktSrc.cc:432
#4 0x0000000000a7511b in iosource::PktSrc::NextTimestamp
(this=0x2631430, local_network_time=0x7fffffffdcb8) at
/nsm/bro/git/bro2.3-419/bro/src/iosource/PktSrc.cc:241
#5 0x0000000000a71193 in iosource::Manager::FindSoonest (this=0xf29bc0,
ts=0x7fffffffddc8) at/nsm/bro/git/bro2.3-419/bro/
src/iosource/Manager.cc:82
#6 0x00000000007895d1 in net_run () at/nsm/bro/git/bro2.3-419/bro/
src/Net.cc:301
#7 0x00000000006d8ed7 in main (argc=3, argv=0x7fffffffe498) at
/nsm/bro/git/bro2.3-419/bro/src/main.cc:1200
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
