That seems to be working. Unfortunately, specifying a BPF filter is now causing a kernel panic.
Command: /usr/local/pf/sbin/tcpdump -nn -i net1 -c 10 not port 22 vmcore-dmesg attached. Jim On 07/22/2015 04:31 AM, Alfredo Cardigliano wrote: > Hi Jim > there is a fix for this, please pull latest code from git, > the problem is that tcpdump is setting “empty" filters when no filter is > specified. > > Alfredo > >> On 21 Jul 2015, at 16:07, Jim Hranicky <[email protected] >> <mailto:[email protected]>> wrote: >> >> Signed PGP part >> Was the latest trace helpful? >> >> Jim >> >> On 07/15/2015 04:55 PM, Jim Hranicky wrote: >> > Patch applied. >> > >> > Command: >> > >> > /usr/local/pf/sbin/tcpdump -nn -i net1 -c 10 >> > >> > dmesg attached (everything after PF_RING load). >> > >> > Jim >> > >> > On 07/15/2015 09:15 AM, Alfredo Cardigliano wrote: >> >> Hi Jim this requires a bit of debugging because bpf_filter_skb() >> >> is not supposed to be called with the command you provided, but >> >> this does not seem to be the case from the trace. Could you apply >> >> this patch and provide the dmesg output after running the >> >> application? >> >> >> >> Thank you Alfredo >> >> >> >> diff --git a/kernel/pf_ring.c b/kernel/pf_ring.c index >> >> 5433e89..0d52c26 100644 --- a/kernel/pf_ring.c +++ >> >> b/kernel/pf_ring.c @@ -4030,7 +4030,8 @@ static int >> >> add_skb_to_ring(struct sk_buff *skb, >> >> atomic_inc(&pfr->num_ring_users); >> >> >> >> /* [1] BPF Filtering */ - if(pfr->bpfFilter) { + if (0) { + >> >> //if(pfr->bpfFilter) { if(bpf_filter_skb(skb, pfr, displ) == 0) >> >> { atomic_dec(&pfr->num_ring_users); return(-1); @@ -7491,7 >> >> +7492,7 @@ static int ring_setsockopt(struct socket *sock, case >> >> SO_ATTACH_FILTER: ret = -EINVAL; >> >> >> >> - if(unlikely(enable_debug)) + >> >> //if(unlikely(enable_debug)) printk("[PF_RING] BPF filter >> >> (%d)\n", 0); >> >> >> >> if(optlen == sizeof(struct sock_fprog)) { >> >> >> >> >> >> >> >> _______________________________________________ Ntop-misc mailing >> >> list [email protected] >> <mailto:[email protected]> >> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
[ 96.438660] pf_ring: module verification failed: signature and/or required key missing - tainting kernel [ 96.439147] [PF_RING] Welcome to PF_RING 6.1.1 ($Revision: $) (C) 2004-14 ntop.org [ 96.439162] [PF_RING] registered /proc/net/pf_ring/ [ 96.439164] NET: Registered protocol family 27 [ 96.439170] [PF_RING] Min # ring slots 4096 [ 96.439171] [PF_RING] Slot version 16 [ 96.439172] [PF_RING] Capture TX Yes [RX+TX] [ 96.439172] [PF_RING] IP Defragment No [ 96.439173] [PF_RING] Initialized correctly [ 157.157403] BUG: unable to handle kernel NULL pointer dereference at 000000000000000e [ 157.157447] IP: [<ffffffff811c8071>] file_free_rcu+0x11/0x40 [ 157.157475] PGD 0 [ 157.157487] Oops: 0002 [#1] SMP [ 157.157504] Modules linked in: pf_ring(OF) nfnetlink_queue nfnetlink_log nfnetlink bluetooth rfkill vmw_vsock_vmci_transport vsock ip6t_rpfilter ip6t_REJECT ipt_REJECT xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw iptable_filter ip_tables coretemp crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel aesni_intel lrw ppdev gf128mul glue_helper ablk_helper cryptd vmw_balloon pcspkr serio_raw parport_pc parport i2c_piix4 vmw_vmci shpchp xfs libcrc32c sr_mod cdrom ata_generic pata_acpi sd_mod crc_t10dif crct10dif_common [ 157.157859] vmwgfx ahci libahci ata_piix drm_kms_helper vmxnet3 vmw_pvscsi ttm drm i2c_core libata floppy dm_mirror dm_region_hash dm_log dm_mod [ 157.157928] CPU: 1 PID: 0 Comm: swapper/1 Tainted: GF O-------------- 3.10.0-229.7.2.el7.x86_64 #1 [ 157.157963] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/30/2014 [ 157.158001] task: ffff8802341aa220 ti: ffff8802341d8000 task.ti: ffff8802341d8000 [ 157.158036] RIP: 0010:[<ffffffff811c8071>] [<ffffffff811c8071>] file_free_rcu+0x11/0x40 [ 157.158068] RSP: 0018:ffff88023fd03770 EFLAGS: 00010286 [ 157.158088] RAX: ffff8800bb079e00 RBX: ffff8800b9f1b500 RCX: 0000000000000000 [ 157.158114] RDX: 000000000000000e RSI: ffff8800bb079e20 RDI: 000000000000000e [ 157.158140] RBP: ffff88023fd03778 R08: 000000000000000e R09: 0000000000000000 [ 157.158165] R10: 0000000000000001 R11: ffff8800b9f1b500 R12: 000000000000000e [ 157.158191] R13: 0000000000000128 R14: ffff8800ba5da5ce R15: ffff8802325f6000 [ 157.158218] FS: 0000000000000000(0000) GS:ffff88023fd00000(0000) knlGS:0000000000000000 [ 157.158247] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 157.158268] CR2: 000000000000000e CR3: 0000000232605000 CR4: 00000000001407e0 [ 157.158350] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 157.158403] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 157.158429] Stack: [ 157.158439] ffff8800b9f1b500 ffff88023fd037c0 ffffffffa04aece2 ffff88023fd037c0 [ 157.158472] 0000000000000246 ffff8802325f6000 ffff88023fd03bd0 000000000000000e [ 157.158506] ffff8800b9f1b500 ffff88023fd03830 ffff88023fd03aa0 ffffffffa04af13e [ 157.158540] Call Trace: [ 157.158551] <IRQ> [ 157.158560] [ 157.158573] [<ffffffffa04aece2>] bpf_filter_skb+0x52/0xe0 [pf_ring] [ 157.158595] [<ffffffffa04af13e>] add_skb_to_ring.isra.42+0x3ce/0x10e0 [pf_ring] [ 157.158628] [<ffffffffa010385b>] ? vmxnet3_xmit_frame+0x7eb/0xce0 [vmxnet3] [ 157.158657] [<ffffffffa04b0b6f>] skb_ring_handler+0xd1f/0x1eb0 [pf_ring] [ 157.158684] [<ffffffff810a6665>] ? check_preempt_curr+0x85/0xa0 [ 157.158708] [<ffffffff810a6699>] ? ttwu_do_wakeup+0x19/0xd0 [ 157.158731] [<ffffffff810a682d>] ? ttwu_do_activate.constprop.85+0x5d/0x70 [ 157.158758] [<ffffffff810a93d6>] ? try_to_wake_up+0x1b6/0x280 [ 157.159833] [<ffffffff814ea507>] ? kfree_skbmem+0x37/0x90 [ 157.161624] [<ffffffffa04b1d51>] packet_rcv+0x51/0x90 [pf_ring] [ 157.163444] [<ffffffff814fbc20>] __netif_receive_skb_core+0x410/0x870 [ 157.165271] [<ffffffff814fc098>] __netif_receive_skb+0x18/0x60 [ 157.167135] [<ffffffff814fc120>] netif_receive_skb+0x40/0xd0 [ 157.168946] [<ffffffff814ed029>] ? __netdev_alloc_skb+0x89/0xc0 [ 157.170397] [<ffffffffa0102c6f>] vmxnet3_rq_rx_complete+0x5df/0x810 [vmxnet3] [ 157.171325] [<ffffffffa0102ffa>] vmxnet3_poll_rx_only+0x3a/0xb0 [vmxnet3] [ 157.172261] [<ffffffff814fc4e2>] net_rx_action+0x152/0x240 [ 157.173190] [<ffffffff81077b2f>] __do_softirq+0xef/0x280 [ 157.174099] [<ffffffff81615b1c>] call_softirq+0x1c/0x30 [ 157.174995] [<ffffffff81015d95>] do_softirq+0x65/0xa0 [ 157.175891] [<ffffffff81077ec5>] irq_exit+0x115/0x120 [ 157.176769] [<ffffffff816166b8>] do_IRQ+0x58/0xf0 [ 157.177609] [<ffffffff8160b96d>] common_interrupt+0x6d/0x6d [ 157.178408] <EOI> [ 157.178416] [ 157.179183] [<ffffffff8109b828>] ? hrtimer_start+0x18/0x20 [ 157.179936] [<ffffffff81052de6>] ? native_safe_halt+0x6/0x10 [ 157.180658] [<ffffffff8101c85f>] default_idle+0x1f/0xc0 [ 157.181338] [<ffffffff8101d166>] arch_cpu_idle+0x26/0x30 [ 157.182000] [<ffffffff810c6801>] cpu_startup_entry+0xf1/0x290 [ 157.182645] [<ffffffff8104228a>] start_secondary+0x1ba/0x230 [ 157.183285] Code: c6 60 80 1c 81 e8 90 b8 f4 ff 5b 5d c3 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb 48 8b 7f 70 <f0> ff 0f 0f 94 c2 84 d2 74 05 e8 e0 5e ed ff 48 8b 3d d9 07 86 [ 157.184720] RIP [<ffffffff811c8071>] file_free_rcu+0x11/0x40 [ 157.185401] RSP <ffff88023fd03770> [ 157.186083] CR2: 000000000000000e
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
