Mailing List Archive

Hi Vincent,
I have some email filters that sort emails according to some criteria
and the rest goes into a folder that I try to read when I have time. So
I apologize for the problem.


Vincent Magnin wrote:

>I send this mail to Luca last week, but got no answer, I hope I will get more
>answer from here...
>
>
>
>Hi Luca,
>
>I'm really interested by the results which you found with the linux kernel
>RTIRQ+PF_RING.
>
>So I tested the same tools which you used on one of my network server.
>
>Using pcount, I'm really surprised, no paquet were dropped, with this
>configuration:
>- Dell 550SC (P3 1133Mhz, ServerWorks CNB20LE Host Bridge, CSB5 South Bridge)
>- Intel 1000MT gigabit Ethernet Controller
>
>
>
Good news isn't it?

>I've configured the gigabit switch to do port mirroring and to send a copy of
>all the traffic to my network adapter (traffic is between 1 and 300mbit).
>
>
>A nasty surprise is that the majority of the applications using your kernel
>crashes (mozilla, gnome, kde).
>
>
>
All I have done is a change in the code that handles networking. This
change cannot be enabled (even if you insert the ring module into the
kernel) unless you have a special version of libpcap (the one I have
released) that enables it. So I cannot really see what's crashing the
apps you mentioned. To be honest I have tested my code on servers only
(i.e. without GUI) but I have not seen any problem there. Can you please
try to identify the problem (e.g. via gdb) to see whether I can do
something about it?

>My idea was then to use ntop 3.0 on this server to do some stats. So I
>recompiled it with the modified pcap library and I got the same crash problem.
>But if I used the vanilla kernel, I got no problem (but loss of about 30%)
>
>Did you have similar problems? Any clue?
>
>
Not at all. Even ntop/nProbe runs fine on my setup. Can you please
describe the steps you've taken so that I can think of something? Did
you use my kernel or you built it yourself?

FYI, I'm almost done with a new release that implements packet filtering
directly into the kernel. I would like first to see whether there's a
bug in my code so that I can fix before the next release.

I apologize again for being late.

Cheers, Luca

>I send you the strace and the output of ntop if it can help you.
>
>Thanx
>
>Vincent Magnin
>
>


--
Luca Deri <deri@ntop.org> http://luca.ntop.org/
Hacker: someone who loves to program and enjoys being
clever about it - Richard Stallman

Selon Luca Deri <deri@ntop.org>:

> All I have done is a change in the code that handles networking. This
> change cannot be enabled (even if you insert the ring module into the
> kernel) unless you have a special version of libpcap (the one I have
> released) that enables it. So I cannot really see what's crashing the
> apps you mentioned. To be honest I have tested my code on servers only
> (i.e. without GUI) but I have not seen any problem there. Can you please
> try to identify the problem (e.g. via gdb) to see whether I can do
> something about it?
Ok, I think that I've identified the problem:
I'm running Redhat 3AS,
All the application using libpthread are crashing, gdb says:
Using host libthread.db /lib/tls/libthread.db.so.1
Error while reading shared library symbols:
Cannot find new threads: generic error
Completed

Now, instead of trying to put some libraries, I've switched to a debian
unstable
system (every library is now updated with the latest version). And
every thing
is ok.

So now:
- I've compiled the libpcap 8.1 with the patch found in ring-2.0 package, and
another patch to to build pcap as a shared library
- I've compiled ntop 3.0 with this libpcap+ring and.... no more packet
is lost.
I've to run manually a 'ifconfig eth1 promisc' to go in promiscous mode to see
the full traffic.

Actually, I've no packet lost, according to ifconfig, pcap and ntop.


> Not at all. Even ntop/nProbe runs fine on my setup. Can you please
> describe the steps you've taken so that I can think of something? Did
> you use my kernel or you built it yourself?
I use the kernel you published on :
http://sourceforge.net/project/showfiles.php?group_id=17233&package_id=110128


> FYI, I'm almost done with a new release that implements packet filtering
> directly into the kernel. I would like first to see whether there's a
> bug in my code so that I can fix before the next release.
I'll be happy to test your new release with a 2.6 kernel.


If someone is interested, I've a modified 'pcount' which supports vlan
(802.1Q)
in verbose mode and accepts a libpcap filter (when ring module is not loaded).


Thanx

Vincent Magnin

Vincent,
thanks for the info. Please mail me the new pcount and I'll commit it.
This could be useful to let me check the latest ring module that
supports kernel packet filtering.

You can easily build my module under 2.6.x (I've tested it under 2.6.2)
but then you need the latest rtirq patch that supports 2.6. Moreover
until 2.6.2 I feel that the 2.6 kernel is not yet stable at the same
level of 2.4 so I have decided to stay with 2.4 until things changed.

If the ring community gets larger I could consider of setting up a CVS
server. Any comment on this?

Cheers, Luca


Vincent Magnin wrote:

> Selon Luca Deri <deri@ntop.org>:
>
>> All I have done is a change in the code that handles networking. This
>> change cannot be enabled (even if you insert the ring module into the
>> kernel) unless you have a special version of libpcap (the one I have
>> released) that enables it. So I cannot really see what's crashing the
>> apps you mentioned. To be honest I have tested my code on servers only
>> (i.e. without GUI) but I have not seen any problem there. Can you please
>> try to identify the problem (e.g. via gdb) to see whether I can do
>> something about it?
>
> Ok, I think that I've identified the problem:
> I'm running Redhat 3AS,
> All the application using libpthread are crashing, gdb says:
> Using host libthread.db /lib/tls/libthread.db.so.1
> Error while reading shared library symbols:
> Cannot find new threads: generic error
> Completed
>
> Now, instead of trying to put some libraries, I've switched to a
> debian unstable
> system (every library is now updated with the latest version). And
> every thing
> is ok.
>
> So now:
> - I've compiled the libpcap 8.1 with the patch found in ring-2.0
> package, and
> another patch to to build pcap as a shared library
> - I've compiled ntop 3.0 with this libpcap+ring and.... no more packet
> is lost.
> I've to run manually a 'ifconfig eth1 promisc' to go in promiscous
> mode to see
> the full traffic.
>
> Actually, I've no packet lost, according to ifconfig, pcap and ntop.
>
>
>> Not at all. Even ntop/nProbe runs fine on my setup. Can you please
>> describe the steps you've taken so that I can think of something? Did
>> you use my kernel or you built it yourself?
>
> I use the kernel you published on :
> http://sourceforge.net/project/showfiles.php?group_id=17233&package_id=110128
>
>
>
>> FYI, I'm almost done with a new release that implements packet filtering
>> directly into the kernel. I would like first to see whether there's a
>> bug in my code so that I can fix before the next release.
>
> I'll be happy to test your new release with a 2.6 kernel.
>
>
> If someone is interested, I've a modified 'pcount' which supports vlan
> (802.1Q)
> in verbose mode and accepts a libpcap filter (when ring module is not
> loaded).
>
>
> Thanx
>
> Vincent Magnin
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc



--
Luca Deri <deri@ntop.org> http://luca.ntop.org/
Hacker: someone who loves to program and enjoys being
clever about it - Richard Stallman