[netflow-tools] reproducible flowd 0.9.1 crash
Andrew McGill
list2009 at lunch.za.net
Thu Nov 26 16:50:09 EST 2009
On Tuesday 24 November 2009 17:45:38 Michael W. Lucas wrote:
> Hi,
>
> Flowd 0.9.1 consistently crashes on my system after only a few
> minutes. Platform is FreeBSD 9/i386, on VMWare, booting diskless off
> of an OpenSolaris ZFS filesystem. We're accepting v9 from an HP
> Procurve switch.
>
> I have a /var/empty/dev/log, but no messages logged from flowd.
>
> Run in debugging mode, the program ends with:
...
> process_flow: ACCEPT flow FLOW recv_time 2009-11-24T10:40:01.716915 proto
> 17 tcpflags 00 tos 00 agent [198.22.63.129] src [198.22.63.130]:51669 dst
> [192.167.90.1]:53 gateway [0.0.0.0] packets 1 octets 69 in_if 29 out_if 32
> sys_uptime_ms 6w4d11h43m11s.638 time_sec 2009-11-24T11:25:49 time_nanosec
> 0 netflow ver 9 flow_start 6w4d11h42m11s.328 flow_finish 6w4d11h42m11s.328
> output_flow_enqueue: offset 9288 alloc 16384
> output_flow_flush: flushing output queue len 9288
> flowd_mainloop: monitor closed
> Bus error (core dumped)
Hang, it sounds as if it crashed.
> Any suggestions, folks?
Have a cup of tea. You could debug the core file with gdb and get a backtrace
(bt). Alternatively, you could capture the netflow packets with tcpdump
(tcpdump -s0 -w file ... and test on a more easily debugged system).
More information about the netflow-tools
mailing list