Fran Boon | 2 Mar 12:59 2006

bt full for ntop CVS on RHES3 with NetFlow plugin

Running the latest CVS version of NTop on RedHat Enterprise Server 3 
with all current updates applied.
Configured via:
./configure --prefix=/usr/local/ntop --without-ssl
(I'm using Apache to provide the SSL)

I did get a small warning about not finding sctp during compilation, but 
none of the nice big boxes...only xmldump not able to be made there (I 
can't find any gdome.h downloadable, but no big worry)
Not sure where I'd get sctp from (quick Google didn't show up any 
downloadables).

Am trying to run the NetFlow plugin to capture from remote probes, but 
whenever I configure an interface for this, it SegFaults.

I checked the lists & see that others have also had this problem, so I 
read through the recommended debugging (at the bottom of the excellent 
docs/FAQ which misses just 1 gdb command: 'run')

Thu Mar  2 11:29:16 2006 [MSGID0301309] [t66460592 netflowPlugin:3000] 
NETFLOW: knownDevices=2
Thu Mar  2 11:29:16 2006 [MSGID0100239] [t66460592 netflowPlugin:2673] 
NETFLOW: createNetFlowDevice(2)
Thu Mar  2 11:29:16 2006 [MSGID8717032] [t66460592 initialize:1877] 
Creating dummy interface, 'NetFlow-device.2'
Thu Mar  2 11:29:16 2006 [MSGID9195289] [t66460592 netflowPlugin:1560] 
NETFLOW: initializing deviceId=1
Thu Mar  2 11:29:16 2006 [MSGID0848671] [t66460592 netflowPlugin:1610] 
NETFLOW: White list initialized to ''
Thu Mar  2 11:29:16 2006 [MSGID0848671] [t66460592 netflowPlugin:1628] 
(Continue reading)

cvs-commit | 3 Mar 09:30 2006

New ntop commit (author deri)

Update of /export/home/ntop/PF_RING/kernel/include/linux
In directory unknown:/tmp/cvs-serv25537/kernel/include/linux

Modified Files:
	ring.h 
Log Message:
Fixed Badness in local_bh_enable at kernel/softirq.c:140" running kernel error
Added /proc/net/pf_ring/ (courtesy of F. Fusco) so that the whole configuration
as well as open sockets can be monitored more easily
cvs-commit | 3 Mar 09:30 2006

New ntop commit (author deri)

Update of /export/home/ntop/PF_RING/kernel/net/ring
In directory unknown:/tmp/cvs-serv25537/kernel/net/ring

Modified Files:
	ring_packet.c 
Log Message:
Fixed Badness in local_bh_enable at kernel/softirq.c:140" running kernel error
Added /proc/net/pf_ring/ (courtesy of F. Fusco) so that the whole configuration
as well as open sockets can be monitored more easily
cvs-commit | 6 Mar 11:02 2006

New ntop commit (author deri)

Update of /export/home/ntop/PF_RING/kernel/include/linux
In directory unknown:/tmp/cvs-serv1548/kernel/include/linux

Modified Files:
	ring.h 
Log Message:
Updated version to 3.2 and removed debugging code
cvs-commit | 6 Mar 11:02 2006

New ntop commit (author deri)

Update of /export/home/ntop/PF_RING/kernel/net/ring
In directory unknown:/tmp/cvs-serv1548/kernel/net/ring

Modified Files:
	ring_packet.c 
Log Message:
Updated version to 3.2 and removed debugging code
Fran Boon | 7 Mar 10:58 2006

Re: bt full for ntop CVS on RHES3 with NetFlow plugin

Fran Boon wrote:
> Running the latest CVS version of NTop on RedHat Enterprise Server 3 
> I did get a small warning about not finding sctp during compilation, but 

Is sctp the big problem?
This server has a 2.4 kernel, not 2.6 & I gather that sctp is included 
with the 2.6 kernel.
I know that sctp is part of the new IPFIX standard, but if I'm using 
only NetFlow, surely it still shouldn't crash?

F
Freamer | 8 Mar 18:05 2006
Picon

ntop crashes

When i go to Global traffic statistics , ntop crashes, here's the log with gdb:
 
Starting program: /usr/local/bin/ntop -K -u root
Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 2627 in elfstab_build_psymtabs
Deprecated bfd_read called at /usr/src/gnu/usr.bin/binutils/gdb/../../../../contrib/gdb/gdb/dbxread.c line 933 in fill_symbuf
Wed Mar  8 18:24:41 2006  NOTE: Interface merge enabled by default
Wed Mar  8 18:24:41 2006  Initializing gdbm databases
Wed Mar  8 18:24:41 2006  ntop v.3.2 SourceForge .tgz
Wed Mar  8 18:24:41 2006  Configured on Mar  8 2006 17:15:39, built on Mar  8 2006 17:19:37.
Wed Mar  8 18:24:41 2006  Copyright 1998-2005 by Luca Deri <deri <at> ntop.org>
Wed Mar  8 18:24:41 2006  Get the freshest ntop from http://www.ntop.org/
Wed Mar  8 18:24:41 2006  NOTE: ntop is running from '/usr/local/bin'
Wed Mar  8 18:24:41 2006  NOTE: (but see warning on man page for the --instance parameter)
Wed Mar  8 18:24:41 2006  Initializing ntop
Wed Mar  8 18:24:41 2006  **WARNING** Truncated network size (device rl0) to 1024 hosts (real netmask 255.255.252.0)
Wed Mar  8 18:24:42 2006  Checking rl0 for additional devices
Wed Mar  8 18:24:42 2006  Resetting traffic statistics for device rl0
Wed Mar  8 18:24:42 2006  DLT: Device 0 [rl0] is 1, mtu 1514, header 14
Wed Mar  8 18:24:42 2006  Initializing gdbm databases
Wed Mar  8 18:24:42 2006  VENDOR: Loading MAC address table.
Wed Mar  8 18:24:42 2006  VENDOR: Checking for MAC address table file
Wed Mar  8 18:24:42 2006  VENDOR: File '/usr/local/etc/ntop/specialMAC.txt.gz' does not need to be reloaded
Wed Mar  8 18:24:42 2006  VENDOR: ntop continues ok
Wed Mar  8 18:24:42 2006  VENDOR: Checking for MAC address table file
Wed Mar  8 18:24:42 2006  VENDOR: File '/usr/local/etc/ntop/oui.txt.gz' does not need to be reloaded
Wed Mar  8 18:24:42 2006  VENDOR: ntop continues ok
Wed Mar  8 18:24:42 2006  Fingeprint: Loading signature file.
Wed Mar  8 18:24:43 2006  Fingeprint: ...loaded 1697 records
Wed Mar  8 18:24:43 2006  ASN: Checking for Autonomous System Number table file
Wed Mar  8 18:24:43 2006  **WARNING** ASN: Unable to open file 'AS-list.txt '
Wed Mar  8 18:24:43 2006  I18N: This instance of ntop does not support multiple languages
Wed Mar  8 18:24:43 2006  IP2CC: Checking for IP address <-> Country Code mapping file
Wed Mar  8 18:24:43 2006  IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz'
Wed Mar  8 18:24:47 2006  IP2CC: ...found 52395 lines
Wed Mar  8 18:24:47 2006  GDVERCHK: Guessing at libgd version
Wed Mar  8 18:24:47 2006  GDVERCHK: ... as 2.0.21+
Wed Mar  8 18:24:47 2006  Initializing external applications
Wed Mar  8 18:24:47 2006  THREADMGMT[t134588416]: NPA: Started thread for network packet analyzer
Wed Mar  8 18:24:47 2006  THREADMGMT[t145977344]: SFP: Started thread for fingerprinting
Wed Mar  8 18:24:47 2006  THREADMGMT[t145978368]: SIH: Started thread for idle hosts detection
Wed Mar  8 18:24:47 2006  THREADMGMT[t145979392]: DNSAR(1): Started thread for DNS address resolution
Wed Mar  8 18:24:47 2006  Calling plugin start functions (if any)
Wed Mar  8 18:24:47 2006  SSL is present but https is disabled: use -W <https port> for enabling it
Wed Mar  8 18:24:47 2006  INITWEB: Initializing web server
Wed Mar  8 18:24:47 2006  INITWEB: Initializing tcp/ip socket connections for web server
Wed Mar  8 18:24:47 2006  INITWEB: Initialized socket, port 3000, address (any)
Wed Mar  8 18:24:47 2006  INITWEB: Waiting for HTTP connections on port 3000
Wed Mar  8 18:24:47 2006  INITWEB: Starting web server
Wed Mar  8 18:24:47 2006  THREADMGMT[t145980416]: INITWEB: Started thread for web server
Wed Mar  8 18:24:47 2006  Listening on [rl0]
Wed Mar  8 18:24:47 2006  Loading Plugins
Wed Mar  8 18:24:47 2006  Searching for plugins in /usr/local/lib/ntop/plugins
Wed Mar  8 18:24:47 2006  ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
Wed Mar  8 18:24:47 2006  LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
Wed Mar  8 18:24:47 2006  THREADMGMT[t134588416]: NPA: network packet analyzer (packet processor) thread running [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t145977344]: SFP: Fingerprint scan thread starting [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t145978368]: SIH: Idle host scan thread starting [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t145979392]: DNSAR(1): Address resolution thread running [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t145980416]: WEB: Server connection thread starting [p50940]
Wed Mar  8 18:24:47 2006  NETFLOW: Welcome to NetFlow.(C) 2002-05 by Luca Deri
Wed Mar  8 18:24:47 2006  Note: SIGPIPE handler set (ignore)
Wed Mar  8 18:24:47 2006  PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
Wed Mar  8 18:24:47 2006  THREADMGMT[t145980416]: WEB: Server connection thread running [p50940]
Wed Mar  8 18:24:47 2006  RRD: Welcome to Round-Robin Databases. (C) 2002-04 by Luca Deri.
Wed Mar  8 18:24:47 2006  WEB: ntop's web server is now processing requests
Wed Mar  8 18:24:47 2006  SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina
Wed Mar  8 18:24:47 2006  SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
Wed Mar  8 18:24:47 2006  **WARNING** Unable to load plugin '/usr/local/lib/ntop/plugins/xmldumpPlugin.so'
Wed Mar  8 18:24:47 2006  **WARNING** Message is '/usr/local/lib/ntop/plugins/xmldumpPlugin.so: Undefined symbol "dumpXML"'
Wed Mar  8 18:24:47 2006  Calling plugin start functions (if any)
Wed Mar  8 18:24:47 2006  RRD: Welcome to the RRD plugin
Wed Mar  8 18:24:47 2006  RRD: Mask for new directories is 0700
Wed Mar  8 18:24:47 2006  RRD: Mask for new files is 0066
Wed Mar  8 18:24:47 2006  THREADMGMT: RRD: Started thread (t151745536) for data collection
Wed Mar  8 18:24:47 2006  Now running as requested user 'root' (0:0)
Wed Mar  8 18:24:47 2006  INIT: Created pid file (/var/run/ntop.pid)
Wed Mar  8 18:24:47 2006  Note: Reporting device initally set to 0 [rl0] (merged)
Wed Mar  8 18:24:47 2006  THREADMGMT[t134586368]: ntop RUNSTATE: RUN(4)
Wed Mar  8 18:24:47 2006  THREADMGMT[t151746560]: NPS(1): Started thread for network packet sniffing
Wed Mar  8 18:24:47 2006  THREADMGMT[t145977344]: SFP: Fingerprint scan thread running [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t145978368]: SIH: Idle host scan thread running [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t151745536]: RRD: Data collection thread starting [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t151746560]: NPS(1,rl0): pcapDispatch thread starting [p50940]
Wed Mar  8 18:24:47 2006  THREADMGMT[t151746560]: NPS(1,rl0): pcapDispatch thread running [p50940]
Program received signal SIGSEGV, Segmentation fault.
0x295e7de9 in rrd_graph (argc=35, argv=0xbfaa7a1c, prdata=0x29b9df04, xsize=0xbfa9a748, ysize=0xbfa9a74c) at rrd_graph.c:2862
2862    }
 
any suggestions?
_______________________________________________
Ntop-dev mailing list
Ntop-dev <at> unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
Michal Slusarczyk | 13 Mar 13:45 2006
Picon

empty pages

When I click on Summary>>Hosts and then on ip to receive information about  selected host, ntop generate empty page a print error  log:
 
Mon Mar 13 13:32:04 2006  **ERROR** SSL(read)ERROR [Thread 7738]: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure at s3_pkt.c(837)
Mon Mar 13 13:32:04 2006  **ERROR** errno 0 during sending of page to web client
 
Ntop 3.2.1 from cvs on Opensuse 10.0
 
How can I solve it??
Allman
 
_______________________________________________
Ntop-dev mailing list
Ntop-dev <at> unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
Burton Strauss | 13 Mar 16:30 2006

RE: empty pages

Do you get the same issue w/ the current ntop source from our cvs?  Otherwise, sorry to say, but we can't help you - we don't know what patches were applied to other people's source base...
 
-----Burton

From: ntop-dev-bounces <at> unipi.it [mailto:ntop-dev-bounces <at> unipi.it] On Behalf Of Michal Slusarczyk
Sent: Monday, March 13, 2006 6:46 AM
To: ntop-dev <at> Unipi.IT
Subject: [Ntop-dev] empty pages

When I click on Summary>>Hosts and then on ip to receive information about  selected host, ntop generate empty page a print error  log:
 
Mon Mar 13 13:32:04 2006  **ERROR** SSL(read)ERROR [Thread 7738]: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure at s3_pkt.c(837)
Mon Mar 13 13:32:04 2006  **ERROR** errno 0 during sending of page to web client
 
Ntop 3.2.1 from cvs on Opensuse 10.0
 
How can I solve it??
Allman
 
_______________________________________________
Ntop-dev mailing list
Ntop-dev <at> unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
Ola Lundqvist | 16 Mar 07:11 2006
Picon

Re: empty pages

Hi

On Mon, Mar 13, 2006 at 01:45:45PM +0100, Michal Slusarczyk wrote:
> 
>    When I click on Summary>>Hosts and then on ip to receive information
>    about  selected host, ntop generate empty page a print error  log:
> 
> 
> 
>    Mon Mar 13 13:32:04 2006  **ERROR** SSL(read)ERROR [Thread 7738]:
>    error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure at
>    s3_pkt.c(837)
> 
>    Mon Mar 13 13:32:04 2006  **ERROR** errno 0 during sending of page to
>    web client

With this error printout it looks more like a problem with the SSL
library, network problem or similar than a problem in ntop.

But it can of course be a problem in ntop as well, I just think it is
more likely to be a problem in other parts.

Maybe opensuse people can help you with this?

Regards,

// Ola

> 
>    Ntop 3.2.1 from cvs on Opensuse 10.0
> 
> 
> 
>    How can I solve it??
> 
>    Allman

> _______________________________________________
> Ntop-dev mailing list
> Ntop-dev <at> unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-dev

--

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal <at> debian.org                     Annebergsslingan 37      \
|  opal <at> lysator.liu.se                 654 65 KARLSTAD          |
|  +46 (0)54-10 14 30                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Gmane