[netflow-tools] reproducible flowd 0.9.1 crash
Michael W. Lucas
mwlucas at blackhelicopters.org
Fri Nov 27 03:39:20 EST 2009
On Thu, Nov 26, 2009 at 07:50:09AM +0200, Andrew McGill wrote:
> On Tuesday 24 November 2009 17:45:38 Michael W. Lucas wrote:
> > Hi,
> >
> > Flowd 0.9.1 consistently crashes on my system after only a few
> > minutes. Platform is FreeBSD 9/i386, on VMWare, booting diskless off
> > of an OpenSolaris ZFS filesystem. We're accepting v9 from an HP
> > Procurve switch.
> >
> > I have a /var/empty/dev/log, but no messages logged from flowd.
> >
> > Run in debugging mode, the program ends with:
> ...
> > process_flow: ACCEPT flow FLOW recv_time 2009-11-24T10:40:01.716915 proto
> > 17 tcpflags 00 tos 00 agent [198.22.63.129] src [198.22.63.130]:51669 dst
> > [192.167.90.1]:53 gateway [0.0.0.0] packets 1 octets 69 in_if 29 out_if 32
> > sys_uptime_ms 6w4d11h43m11s.638 time_sec 2009-11-24T11:25:49 time_nanosec
> > 0 netflow ver 9 flow_start 6w4d11h42m11s.328 flow_finish 6w4d11h42m11s.328
> > output_flow_enqueue: offset 9288 alloc 16384
> > output_flow_flush: flushing output queue len 9288
> > flowd_mainloop: monitor closed
> > Bus error (core dumped)
> Hang, it sounds as if it crashed.
>
> > Any suggestions, folks?
> Have a cup of tea. You could debug the core file with gdb and get a backtrace
> (bt). Alternatively, you could capture the netflow packets with tcpdump
> (tcpdump -s0 -w file ... and test on a more easily debugged system).
Unfortunately, flowd exceeds my minimal debugging abilities. Building
a flowd with symbols and running it under gdb, I get:
netflow/usr/ports/net-mgmt/flowd/work/flowd-0.9.1;gdb ./flowd
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) run
Starting program: /usr/ports/net-mgmt/flowd/work/flowd-0.9.1/flowd
Program exited normally.
(gdb) quit
Probably because it starts the flowd: monitor and flowd: net processes.
The crash leaves a /flowd.core file, but if I gdb that and run bt I get:
(gdb) bt
No stack.
(gdb) quit
Can anyone enlighten me as to how I should debug this? I'm happy to
read the right documentation if someone can point me at it... The
Internet has innumerable tutorials, but most are obsolete, irrelevant,
or just plain wrong.
Thanks,
==ml
--
Michael W. Lucas mwlucas at BlackHelicopters.org
http://www.MichaelWLucas.com/
Latest book: Cisco Routers for the Desperate, 2nd Edition
http://www.CiscoRoutersForTheDesperate.com/
More information about the netflow-tools
mailing list