Last stable version of ntop is 5.0.0 and last development version is 5.0.1. Also, i'm having constants segfaults using ntop with a high load netflow. The dmesg output is: [1210992.876493] ntop[14244]: segfault at fffffff7 ip 00006692c5365759 sp 00006692be0eec10 error 4 in libc-2.14.1.so[6692c52ea000+182000] [1210992.876532] grsec: Segmentation fault occurred at 00000000fffffff7 in /usr/bin/ntop[ntop:14244] uid/euid:102/102 gid/egid:121/121, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 [1210992.876606] grsec: bruteforce prevention initiated against uid 102, banning for 15 minutes Reproducible: Always Steps to Reproduce: 1. Emerge ntop 4.1.0 2. Configure netFlow with a Cisco version 9 netFlow export 3. Wait a time. Actual Results: Segmentation fault Expected Results: Continuous work
1) Please post your `emerge --info' output in a comment. 2) Please attach the output of a proper gdb backtrace[1] to this bug report. [1] http://www.gentoo.org/proj/en/qa/backtraces.xml
Jeroen Roovers, I've initially readded the outdated comment because ntop alets me about this versioning and as i see its not upstream mantained. Second, I cannot leave GDB attached all time because: 1) Takes a random time to happen 2) My server does not have power enough to register GDB backtrace and process NetFlow from my Cisco - since i got some worriable loads when traffic is near 200mbps or 30kpps and i cant take the risk because this machine is a secondary router - so any slowdown may affect all my ISP providers. Have some another way to debug when i dont need to leave debug actived all time?
ntop version 5 has not been packaged yet and is not marked as the stable branch upstream. This bug report is about a problem in version 4. If you want an ebuild for an SVN snapshot, then please file a separate bug report to request that. You don't need to run ntop through gdb to get a backtrace. What you need to do is to set `ulimit -c unlimited' in the init.d script like this: --- files/ntop-initd 5 Oct 2008 13:08:45 -0000 1.3 +++ files/ntop-initd 21 Jul 2012 13:59:10 -0000 @@ -19,6 +19,7 @@ ebegin "Starting ntop" export LC_ALL=C # apparently doesn't work with some locales (#191576 and #205382) export GDFONTPATH=/usr/share/fonts/corefonts # apparently the only font that works (#231705) + ulimit -c unlimited start-stop-daemon --start --exec /usr/bin/ntop -- -d -L ${NTOP_OPTS} eend $? } and wait for a core dump file (usually named "core") to be placed in ntop's CWD. Then you run `gdb /usr/bin/ntop /path/to/core' to get the backtrace.
Just a comment about versioning: http://sourceforge.net/projects/ntop/files/ntop/Stable/ have ntop-5.0. Ill try to do this when my server get lower usage.
Ive tryed to do this: lorenz portage # grep ulimit /etc/init.d/ntop ulimit -c unlimited lorenz portage # grep "core unlimited" /etc/security/limits.conf * soft core unlimited lorenz portage # sysctl -a 2>&1 | grep core_pattern kernel.core_pattern = /cores/%e.core lorenz portage # ls -lah /cores/ total 4.0K drwxrwxrwx 2 root root 6 Jul 24 21:29 . drwxr-xr-x 22 root root 4.0K Jul 24 21:29 .. lorenz portage # nm /usr/bin/ntop |wc -l 141 lorenz portage # file /usr/bin/ntop /usr/bin/ntop: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped And no core files. Tryed run direct, but: lorenz portage # gdb /usr/bin/ntop GNU gdb (Gentoo 7.3.1 p2) 7.3.1 Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". For bug reporting instructions, please see: <http://bugs.gentoo.org/>... Reading symbols from /usr/bin/ntop...done. (gdb) run -d -L -u ntop -P /var/lib/ntop Starting program: /usr/bin/ntop -d -L -u ntop -P /var/lib/ntop Thu Jul 26 12:03:53 2012 NOTE: Interface merge enabled by default Thu Jul 26 12:03:53 2012 Initializing gdbm databases [Inferior 1 (process 28538) exited normally] (gdb) Tryed to run with debug and nofork, the process is inside GDB. When it get a kill, ill try to do something. But im worried: Why can't i generate core files?
If it segfaulted in the mean time, then it should have dumped a core file *somewhere*.
Created attachment 319320 [details] NTOP GDB output
Added GDB Output.
Maybe --disable-sessions can help in this case, according to http://article.gmane.org/gmane.linux.ntop.general/16754/match=segfault ?
removed from the tree
