FreeBSD11 SEGFAULT at startup #647
Labels
Comments
|
Hello!
I think this issue related with some changes inside nDPI library. Could you
try to build tool without dpi feature at all?
In Linux version we use specific version of this library to prevent this
kind of issues.
On Sat, 1 Apr 2017 at 22:04, mihaigabi ***@***.***> wrote:
Hi,
I installed fastnemon on a FreeBSD11-RELEASE (using pkg) running on ESXI
with an Intel NIC which has netmap support (tested with pkt-gen and
tcpreplay).
When I try to run the process all I get is SEGFAULT:
Configuration:
logging:local_syslog_logging = off
logging:remote_syslog_logging = off
logging:remote_syslog_server = 10.10.10.10
logging:remote_syslog_port = 514
enable_ban = on
process_incoming_traffic = on
process_outgoing_traffic = off
ban_details_records_count = 500
ban_time = 60
unban_only_if_attack_finished = on
enable_subnet_counters = off
networks_list_path = /usr/local/etc/networks_list
white_list_path = /usr/local/etc/networks_whitelist
check_period = 1
enable_connection_tracking = off
ban_for_pps = on
ban_for_bandwidth = on
ban_for_flows = off
threshold_pps = 2000
threshold_mbps = 1000
threshold_flows = 3500
threshold_tcp_mbps = 100000
threshold_udp_mbps = 100000
threshold_icmp_mbps = 100000
threshold_tcp_pps = 100000
threshold_udp_pps = 100000
threshold_icmp_pps = 100000
ban_for_tcp_bandwidth = off
ban_for_udp_bandwidth = off
ban_for_icmp_bandwidth = off
ban_for_tcp_pps = off
ban_for_udp_pps = off
ban_for_icmp_pps = off
mirror = off
pfring_sampling_ratio = 1
mirror_netmap = on
mirror_snabbswitch = off
mirror_afpacket = off
interfaces_snabbswitch = 0000:04:00.0,0000:04:00.1,0000:03:00.0,0000:03:00.1
netmap_sampling_ratio = 1
netmap_read_packet_length_from_ip_header = off
pcap = off
netflow = on
sflow = off
enable_pf_ring_zc_mode = off
interfaces = vmx0
average_calculation_time = 5
average_calculation_time_for_subnets = 20
netflow_port = 2055
netflow_host = 0.0.0.0
netflow_sampling_ratio = 1
netflow_divide_counters_on_interval_length = off
sflow_port = 6343
sflow_host = 0.0.0.0
collect_attack_pcap_dumps = off
process_pcap_attack_dumps_with_dpi = off
redis_enabled = off
redis_port = 6379
redis_host = 127.0.0.1
redis_prefix = mydc1
mongodb_enabled = off
mongodb_host = localhost
mongodb_port = 27017
mongodb_database_name = fastnetmon
pfring_hardware_filters_enabled = off
exabgp = off
exabgp_command_pipe = /var/run/fastnetmon/exabgp.cmd
exabgp_community = 65001:666
exabgp_next_hop = 10.0.3.114
exabgp_announce_host = on
exabgp_announce_whole_subnet = off
exabgp_flow_spec_announces = off
gobgp = off
gobgp_next_hop = 0.0.0.0
gobgp_announce_host = on
gobgp_announce_whole_subnet = off
graphite = off
graphite_host = 127.0.0.1
graphite_port = 2003
graphite_prefix = fastnetmon
monitor_local_ip_addresses = on
hostgroup = my_hosts:10.10.10.221/32,10.10.10.222/32
my_hosts_enable_ban = off
my_hosts_ban_for_pps = off
my_hosts_ban_for_bandwidth = off
my_hosts_ban_for_flows = off
my_hosts_threshold_pps = 20000
my_hosts_threshold_mbps = 1000
my_hosts_threshold_flows = 3500
pid_path = /var/run/fastnetmon/fastnetmon.pid
cli_stats_file_path = /tmp/fastnetmon.dat
enable_api = off
sort_parameter = packets
max_ips_in_list = 7
Starting the process:
/usr/local/bin/fastnetmon --configuration_file /usr/local/etc/fastnetmon.conf
We will use custom path to configuration file: /usr/local/etc/fastnetmon.conf
Segmentation fault (core dumped)
GDB:
gdb /usr/local/bin/fastnetmon fastnetmon.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `fastnetmon'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libboost_thread.so.1.63.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libboost_thread.so.1.63.0
Reading symbols from /usr/local/lib/libboost_regex.so.1.63.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libboost_regex.so.1.63.0
Reading symbols from /usr/local/lib/libboost_program_options.so.1.63.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libboost_program_options.so.1.63.0
Reading symbols from /usr/local/lib/libboost_system.so.1.63.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libboost_system.so.1.63.0
Reading symbols from /usr/local/lib/libmongoc-1.0.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libmongoc-1.0.so.1
Reading symbols from /usr/local/lib/libbson-1.0.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libbson-1.0.so.0
Reading symbols from /usr/local/lib/liblog4cpp.so.5...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/liblog4cpp.so.5
Reading symbols from /usr/local/lib/libluajit-5.1.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/local/lib/libluajit-5.1.so.2
Reading symbols from /opt/ndpi/lib/libndpi.so.1...done.
Loaded symbols for /opt/ndpi/lib/libndpi.so.1
Reading symbols from /opt/json-c-0.12/lib/libjson-c.so.2...done.
Loaded symbols for /opt/json-c-0.12/lib/libjson-c.so.2
Reading symbols from /lib/libpcap.so.8...Reading symbols from /usr/lib/debug//lib/libpcap.so.8.debug...done.
done.
Loaded symbols for /lib/libpcap.so.8
Reading symbols from /usr/lib/libc++.so.1...Reading symbols from /usr/lib/debug//usr/lib/libc++.so.1.debug...done.
done.
Loaded symbols for /usr/lib/libc++.so.1
Reading symbols from /lib/libcxxrt.so.1...Reading symbols from /usr/lib/debug//lib/libcxxrt.so.1.debug...done.
done.
Loaded symbols for /lib/libcxxrt.so.1
Reading symbols from /lib/libm.so.5...Reading symbols from /usr/lib/debug//lib/libm.so.5.debug...done.
done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /lib/libgcc_s.so.1...Reading symbols from /usr/lib/debug//lib/libgcc_s.so.1.debug...done.
done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/libthr.so.3...Reading symbols from /usr/lib/debug//lib/libthr.so.3.debug...done.
done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /lib/libc.so.7...Reading symbols from /usr/lib/debug//lib/libc.so.7.debug...done.
done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /usr/local/lib/libicudata.so.58...
warning: Lowest section in /usr/local/lib/libicudata.so.58 is .hash at 0000000000000120
done.
Loaded symbols for /usr/local/lib/libicudata.so.58
Reading symbols from /usr/local/lib/libicui18n.so.58...done.
Loaded symbols for /usr/local/lib/libicui18n.so.58
Reading symbols from /usr/local/lib/libicuuc.so.58...done.
Loaded symbols for /usr/local/lib/libicuuc.so.58
Reading symbols from /usr/lib/librt.so.1...Reading symbols from /usr/lib/debug//usr/lib/librt.so.1.debug...done.
done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /usr/lib/libssl.so.8...Reading symbols from /usr/lib/debug//usr/lib/libssl.so.8.debug...done.
done.
Loaded symbols for /usr/lib/libssl.so.8
Reading symbols from /lib/libcrypto.so.8...Reading symbols from /usr/lib/debug//lib/libcrypto.so.8.debug...done.
done.
Loaded symbols for /lib/libcrypto.so.8
Reading symbols from /usr/local/lib/libsasl2.so.3...done.
Loaded symbols for /usr/local/lib/libsasl2.so.3
Reading symbols from /usr/local/lib/sasl2/libanonymous.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libanonymous.so.3
Reading symbols from /usr/local/lib/sasl2/libcrammd5.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libcrammd5.so.3
Reading symbols from /usr/local/lib/sasl2/libdigestmd5.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libdigestmd5.so.3
Reading symbols from /usr/local/lib/sasl2/liblogin.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/liblogin.so.3
Reading symbols from /lib/libcrypt.so.5...Reading symbols from /usr/lib/debug//lib/libcrypt.so.5.debug...done.
done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/local/lib/sasl2/libscram.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libscram.so.3
Reading symbols from /usr/local/lib/sasl2/libntlm.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libntlm.so.3
Reading symbols from /usr/local/lib/sasl2/libotp.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libotp.so.3
Reading symbols from /usr/lib/libopie.so.8...Reading symbols from /usr/lib/debug//usr/lib/libopie.so.8.debug...done.
done.
Loaded symbols for /usr/lib/libopie.so.8
Reading symbols from /lib/libmd.so.6...Reading symbols from /usr/lib/debug//lib/libmd.so.6.debug...done.
done.
Loaded symbols for /lib/libmd.so.6
Reading symbols from /usr/local/lib/sasl2/libplain.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libplain.so.3
Reading symbols from /usr/local/lib/sasl2/libsasldb.so.3...done.
Loaded symbols for /usr/local/lib/sasl2/libsasldb.so.3
Reading symbols from /libexec/ld-elf.so.1...Reading symbols from /usr/lib/debug//libexec/ld-elf.so.1.debug...done.
done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x0000000804c0d000 in ?? ()
[New Thread 804c16000 (LWP 100095/<unknown>)]
(gdb) back
#0 0x0000000804c0d000 in ?? ()
#1 0x0000000801be4ebb in ndpi_init_detection_module (ticks_per_second=80181968, __ndpi_malloc=0x804c0d000, __ndpi_free=0x80316d680 <__je_map_bias>, ndpi_debug_printf=0x804c0d000)
at ndpi_main.c:293
#2 0x00000000004534fe in std::__1::map<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, unsigned int, std::__1::less<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const, unsigned int> > >::__find_equal_key ()
#3 0x000000000042fc9e in ?? ()
#4 0x000000000042f204 in ?? ()
#5 0x000000000041d9df in ?? ()
#6 0x00000008006df000 in ?? ()
#7 0x0000000000000000 in ?? ()
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#647>, or mute the
thread
<https://github.com/notifications/unsubscribe-auth/ACnfZsAk4jXBSeUhYiKaqqDdqRoI_LERks5rrp_XgaJpZM4MwlRr>
.
--
Sincerely yours, Pavel Odintsov
|
|
Hi, |
|
Hello!
Unfortunately, we do not have support for FreeBSD in the install script.
You could use install from ports for it only.
|
|
Hi, Regards |
|
Hello
FreeBSD was supported in previous version. Then we moved to port only
install. Because it's extremely complicated to support very custom
libraries version in FreeBSD.
You could contact with maintainer of port to fix issue or prepare patch
which disables dependency to nDPI completely.
|
|
FreeBSD upgraded nDPI code few times for last months. Please check up to date version of package or disable nDPI support completely. It's optional feature and it's safe to disable it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I installed fastnemon on a FreeBSD11-RELEASE (using pkg) running on ESXI with an Intel NIC which has netmap support (tested with pkt-gen and tcpreplay).
When I try to run the process all I get is SEGFAULT:
Configuration:
Starting the process:
GDB:
The text was updated successfully, but these errors were encountered: