ndpiReader Segmantaion Fault with latest compiled code #249
Comments
|
Do you have a pcap file to use for reproducing the issue? |
|
@lucaderi I also noticed this thing. Unfortunately it not happens always and I was not able to reproduce the issue, but seeing the backtrace of @u-Map the problem is in the macros |
|
i got simile like below: I'm try to reproduce it again and arrange pcap if I get the error. |
|
Thank you @mmanoj |
|
Extremely sorry for the delay! I've retried it today with latest dev code and still crashing within few seconds / minutes. I'm running it directly from terminal with ./ndpiReader -i eth1 But I cannot reproduce the issue when replaying with pcap taken at the same time. Anyway I've emailed you the pcap. nDPI 1.8.0-dev-522-7364fcc Program received signal SIGSEGV, Segmentation fault. |
|
@kYroL01 following findings as per my core dump analysis. Reading symbols from ndpiReader...done. Note: I'm checking one more code dump to narrow down more findings. Hope this helpful. |
|
Thanks.So the issue seem to be in the http parser for the line. I have to check better. |
|
I also get this error when I run |
|
Now I'm not at home. From Monday I'll fix all of this stuff ;) |
|
I have briefly looked at the problem and the code lines do not match. Can you please @ccfasm try to reproduce it with the code in github? |
|
@lucaderi
* free to extend it and send us the patches for inclusionUsing nDPI (1.8.0-dev-533-3cd6456) [1 thread(s)] |
|
Can you please create a pcap file that you can share with me and that it can be used to reproduce the crash? |
|
@kYroL01 I will try new code from github and update you the status. Will try to reproduce the issue. Thank you for the effort. |
|
@kYroL01 Sorry for the delay, I download latest code today and try to reproduce the error, but couldn't. Will see other people observations. |
|
I think the problem is with some http traffic but not easy to reproduce the issue. I'm trying to do it. |
|
@kYroL01 I will try to get run over large pcap file than live traffic. |
|
Hi, I think cause the snaplen(=1536) pcap_open_live() argument values.(ndpiReader.c) To reproduce the files captured with the same value(or more small). $ sudo tcpdump -i enp0s3 -s 1536 -w crash.pcap // Web access to various.... $ sudo ndpiReader -i crash.pcap
* free to extend it and send us the patches for inclusionUsing nDPI (1.8.0-dev-547-bf778d6) [1 thread(s)] $ sudo gdb ndpiReader ./core Seems like once you change the value from 1536 to 65535 at the live capture of symptoms no longer occurs. Attaches a pcap file to reproduce the behavior. |
|
@osa030 Thanks for the pcap. I'll check and let you know! |
|
@kYroL01 thanks for the quick fix, will test and update the result. I was test last time but unable to reproduce it. However will do more test via offline pcap. Thank you for the effort and support. |
|
I don't think that changing the snaplen is the solution but it's just a way to hide the problem. nDPI should work even with minimal snaplen such as 256. I have found a bug in the same function where previously it was crashing and fixed it. Not sure this is the only problem. I encourage you to test the code more in detail and report. |
|
Thanks @lucaderi |
|
I think we could consider this issue solved. Open if necessary |
|
still get "segment fault" when i listen on a live interface. |
|
@leveryd Really ? Can u reproduce the issue of give us additional information to solve it ? |
Hi,
nDPI 1.8.0-dev-509-4834109
Ubuntu 14.04 LTS
4.2.0-30-generic x86_64
ndpiReader stops with segmentation fault after running for few minutes.
any idea?
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff73b8700 (LWP 23115)]
0x000000000040d983 in ndpi_parse_packet_line_info (ndpi_struct=ndpi_struct@entry=0x66eac0, flow=flow@entry=0x7ffff0121190) at ndpi_main.c:3734
3734 if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) {
(gdb) bt
#0 0x000000000040d983 in ndpi_parse_packet_line_info (ndpi_struct=ndpi_struct@entry=0x66eac0, flow=flow@entry=0x7ffff0121190) at ndpi_main.c:3734
#1 0x000000000041b49b in ndpi_check_http_tcp (flow=0x7ffff0121190, ndpi_struct=0x66eac0) at protocols/http.c:920
#2 ndpi_search_http_tcp (ndpi_struct=0x66eac0, flow=0x7ffff0121190) at protocols/http.c:950
#3 0x000000000040f926 in check_ndpi_tcp_flow_func (ndpi_struct=0x66eac0, flow=0x7ffff0121190, ndpi_selection_packet=0x7ffff73b7988) at ndpi_main.c:3196
#4 0x000000000040ff46 in ndpi_detection_process_packet (ndpi_struct=0x66eac0, flow=flow@entry=0x7ffff0121190, packet=packet@entry=0x7ffff012192e "E",
#5 0x00000000004052a4 in packet_processing (ip_offset=, rawsize=, ipsize=2948, iph6=0x0, iph=, vlan_id=0,
#6 ndpi_workflow_process_packet (workflow=0x8aadc0, header=header@entry=0x7ffff73b7b40, packet=packet@entry=0x7ffff0121920 "<\025\302\313\035x")
#7 0x0000000000401fa7 in pcap_packet_callback_checked (args=, header=0x7ffff73b7b40, packet=0x7ffff74e9976 "<\025\302\313\035x")
#8 0x00007ffff7ba19ba in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#9 0x00007ffff7ba5dce in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#10 0x00007ffff7baa0fd in pcap_loop () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#11 0x0000000000403027 in runPcapLoop (thread_id=0) at ndpiReader.c:1196
#12 processing_thread (_thread_id=0x0) at ndpiReader.c:1224
#13 0x00007ffff7986182 in start_thread (arg=0x7ffff73b8700) at pthread_create.c:312
#14 0x00007ffff76b347d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb)
Thanks.
The text was updated successfully, but these errors were encountered: