Mailing List Archive

radius/diameter plugins broken after update
Hi there
I hope I'm not wrong,I have libradiusPlugin-8.5.180504.so and it almost
works.
but after update to new version they are broke and they are not create any
new log file.

Welcome to nProbe v.8.5.180515 (r6155) for x86_64-unknown-linux-gnu
> Build OS: CentOS Linux release 7.4.1708 (Core)

PF_RING Version : 7.1.0
> (dev:8b9dc8a258dea71e2af471174f99b30014277783)



I use nprobe.conf with this config:

-i=zc:ens192f0
> -t=60
> -d=15
> -P=/ipdr/connection
> -V=10
> --max-log-lines=10000000
> --cpu-affinity=0
> --radius-dump-dir=/ipdr/radius
> --diameter-dump-dir=/ipdr/diameter
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_DST_PORT %L4_SRC_PORT %IN_BYTES
> %OUT_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L7_PROTO_NAME
> %IN_SRC_MAC %OUT_DST_MAC %SRC_AS %DST_AS"


May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:465]
> GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:476]
> GeoIP: loaded AS IPv6 config file
> /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57
> [pro/pf_ring.c:356] Initializing PF_RING socket on device zc:ens192f0..
> May 16 01:10:58 ipdr2 nprobe[2630]: 16/May/2018 01:10:58
> [pro/pf_ring.c:398] Dumping traffic statistics on
> /proc/net/pf_ring/stats/2630-ens192f0.7
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
> [pro/pf_ring.c:469] PF_RING enabled on zc:ens192f0
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [util.c:3629]
> nProbe changed user to 'nobody'
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
> Enabling plugin Diameter Protocol
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
> Enabling plugin Radius Protocol
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [nprobe.c:8926]
> nProbe started successfully
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
> [pro/pf_ring.c:214] Packet copy enabled


both command line and .conf usage are not work.

and some errors are in service status:

May 16 00:44:35 ipdr2 nprobe[2483]: 16/May/2018 00:44:35 [nprobe.c:1737]
> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
> 21792[fragmentId: 29441]
> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
> 16430[fragmentId: 6742]
> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
> 16430[fragmentId: 6742]
> May 16 00:44:48 ipdr2 nprobe[2483]: 16/May/2018 00:44:48 [nprobe.c:1737]
> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
> 16430[fragmentId: 6743]



Does anybody have this issue?

any comment would be appreciate
Re: radius/diameter plugins broken after update [ In reply to ]
Hi Milad
the error you have is related to fragments. Please check (with wireshark) if the packets you are receiving are correct or there are fragment issues

Regards Luca

> On 15 May 2018, at 22:43, Milad Arabi <milad.arabi@gmail.com> wrote:
>
> Hi there
> I hope I'm not wrong,I have libradiusPlugin-8.5.180504.so <http://libradiusplugin-8.5.180504.so/> and it almost works.
> but after update to new version they are broke and they are not create any new log file.
>
> Welcome to nProbe v.8.5.180515 (r6155) for x86_64-unknown-linux-gnu
> Build OS: CentOS Linux release 7.4.1708 (Core)
> PF_RING Version : 7.1.0 (dev:8b9dc8a258dea71e2af471174f99b30014277783)
>
>
> I use nprobe.conf with this config:
>
> -i=zc:ens192f0
> -t=60
> -d=15
> -P=/ipdr/connection
> -V=10
> --max-log-lines=10000000
> --cpu-affinity=0
> --radius-dump-dir=/ipdr/radius
> --diameter-dump-dir=/ipdr/diameter
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %OUT_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L7_PROTO_NAME %IN_SRC_MAC %OUT_DST_MAC %SRC_AS %DST_AS"
>
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:465] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:476] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [pro/pf_ring.c:356] Initializing PF_RING socket on device zc:ens192f0..
> May 16 01:10:58 ipdr2 nprobe[2630]: 16/May/2018 01:10:58 [pro/pf_ring.c:398] Dumping traffic statistics on /proc/net/pf_ring/stats/2630-ens192f0.7
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [pro/pf_ring.c:469] PF_RING enabled on zc:ens192f0
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [util.c:3629] nProbe changed user to 'nobody'
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924] Enabling plugin Diameter Protocol
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924] Enabling plugin Radius Protocol
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [nprobe.c:8926] nProbe started successfully
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [pro/pf_ring.c:214] Packet copy enabled
>
> both command line and .conf usage are not work.
>
> and some errors are in service status:
>
> May 16 00:44:35 ipdr2 nprobe[2483]: 16/May/2018 00:44:35 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 21792[fragmentId: 29441]
> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 16430[fragmentId: 6742]
> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 16430[fragmentId: 6742]
> May 16 00:44:48 ipdr2 nprobe[2483]: 16/May/2018 00:44:48 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 16430[fragmentId: 6743]
>
>
> Does anybody have this issue?
>
> any comment would be appreciate
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: radius/diameter plugins broken after update [ In reply to ]
Hi Milad
the error you have is related to fragments. Please check (with wireshark) if the packets you are receiving are correct or there are fragment issues

Regards Luca

> On 15 May 2018, at 22:43, Milad Arabi <milad.arabi@gmail.com> wrote:
>
> Hi there
> I hope I'm not wrong,I have libradiusPlugin-8.5.180504.so <http://libradiusplugin-8.5.180504.so/> and it almost works.
> but after update to new version they are broke and they are not create any new log file.
>
> Welcome to nProbe v.8.5.180515 (r6155) for x86_64-unknown-linux-gnu
> Build OS: CentOS Linux release 7.4.1708 (Core)
> PF_RING Version : 7.1.0 (dev:8b9dc8a258dea71e2af471174f99b30014277783)
>
>
> I use nprobe.conf with this config:
>
> -i=zc:ens192f0
> -t=60
> -d=15
> -P=/ipdr/connection
> -V=10
> --max-log-lines=10000000
> --cpu-affinity=0
> --radius-dump-dir=/ipdr/radius
> --diameter-dump-dir=/ipdr/diameter
> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_DST_PORT %L4_SRC_PORT %IN_BYTES %OUT_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L7_PROTO_NAME %IN_SRC_MAC %OUT_DST_MAC %SRC_AS %DST_AS"
>
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:465] GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNum.dat
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:476] GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geoip/GeoIPASNumv6.dat
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [pro/pf_ring.c:356] Initializing PF_RING socket on device zc:ens192f0..
> May 16 01:10:58 ipdr2 nprobe[2630]: 16/May/2018 01:10:58 [pro/pf_ring.c:398] Dumping traffic statistics on /proc/net/pf_ring/stats/2630-ens192f0.7
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [pro/pf_ring.c:469] PF_RING enabled on zc:ens192f0
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [util.c:3629] nProbe changed user to 'nobody'
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924] Enabling plugin Diameter Protocol
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924] Enabling plugin Radius Protocol
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [nprobe.c:8926] nProbe started successfully
> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [pro/pf_ring.c:214] Packet copy enabled
>
> both command line and .conf usage are not work.
>
> and some errors are in service status:
>
> May 16 00:44:35 ipdr2 nprobe[2483]: 16/May/2018 00:44:35 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 21792[fragmentId: 29441]
> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 16430[fragmentId: 6742]
> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 16430[fragmentId: 6742]
> May 16 00:44:48 ipdr2 nprobe[2483]: 16/May/2018 00:44:48 [nprobe.c:1737] ERROR: [FRAGMENT][FIRST] Received invalid initial fragment 16430[fragmentId: 6743]
>
>
> Does anybody have this issue?
>
> any comment would be appreciate
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: radius/diameter plugins broken after update [ In reply to ]
Hi Luca
I try this:

tcpdump -w radius.pcap -i ens192f0 port radius or port radius-acct or port
> radius-dynauth


and radius.pcap file is healthy and readable in wireshark.(except a few
packets )
I think this issue related to new updates.


On Wed, May 16, 2018 at 1:25 AM, Luca Deri <deri@ntop.org> wrote:

> Hi Milad
> the error you have is related to fragments. Please check (with wireshark)
> if the packets you are receiving are correct or there are fragment issues
>
> Regards Luca
>
> On 15 May 2018, at 22:43, Milad Arabi <milad.arabi@gmail.com> wrote:
>
> Hi there
> I hope I'm not wrong,I have libradiusPlugin-8.5.180504.so
> <http://libradiusplugin-8.5.180504.so/> and it almost works.
> but after update to new version they are broke and they are not create any
> new log file.
>
> Welcome to nProbe v.8.5.180515 (r6155) for x86_64-unknown-linux-gnu
>> Build OS: CentOS Linux release 7.4.1708 (Core)
>
> PF_RING Version : 7.1.0 (dev:8b9dc8a258dea71e2af471174f99b3
>> 0014277783)
>
>
>
> I use nprobe.conf with this config:
>
> -i=zc:ens192f0
>> -t=60
>> -d=15
>> -P=/ipdr/connection
>> -V=10
>> --max-log-lines=10000000
>> --cpu-affinity=0
>> --radius-dump-dir=/ipdr/radius
>> --diameter-dump-dir=/ipdr/diameter
>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_DST_PORT %L4_SRC_PORT %IN_BYTES
>> %OUT_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L7_PROTO_NAME
>> %IN_SRC_MAC %OUT_DST_MAC %SRC_AS %DST_AS"
>
>
> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:465]
>> GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/
>> geoip/GeoIPASNum.dat
>> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:476]
>> GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/
>> geoip/GeoIPASNumv6.dat
>> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57
>> [pro/pf_ring.c:356] Initializing PF_RING socket on device zc:ens192f0..
>> May 16 01:10:58 ipdr2 nprobe[2630]: 16/May/2018 01:10:58
>> [pro/pf_ring.c:398] Dumping traffic statistics on
>> /proc/net/pf_ring/stats/2630-ens192f0.7
>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
>> [pro/pf_ring.c:469] PF_RING enabled on zc:ens192f0
>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [util.c:3629]
>> nProbe changed user to 'nobody'
>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
>> Enabling plugin Diameter Protocol
>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
>> Enabling plugin Radius Protocol
>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [nprobe.c:8926]
>> nProbe started successfully
>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
>> [pro/pf_ring.c:214] Packet copy enabled
>
>
> both command line and .conf usage are not work.
>
> and some errors are in service status:
>
> May 16 00:44:35 ipdr2 nprobe[2483]: 16/May/2018 00:44:35 [nprobe.c:1737]
>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>> 21792[fragmentId: 29441]
>> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>> 16430[fragmentId: 6742]
>> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>> 16430[fragmentId: 6742]
>> May 16 00:44:48 ipdr2 nprobe[2483]: 16/May/2018 00:44:48 [nprobe.c:1737]
>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>> 16430[fragmentId: 6743]
>
>
>
> Does anybody have this issue?
>
> any comment would be appreciate
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
Re: radius/diameter plugins broken after update [ In reply to ]
please see this
https://asciinema.org/a/182023

On Thu, May 17, 2018 at 2:13 PM, Milad Arabi <milad.arabi@gmail.com> wrote:

> Hi Luca
> I try this:
>
> tcpdump -w radius.pcap -i ens192f0 port radius or port radius-acct or port
>> radius-dynauth
>
>
> and radius.pcap file is healthy and readable in wireshark.(except a few
> packets )
> I think this issue related to new updates.
>
>
> On Wed, May 16, 2018 at 1:25 AM, Luca Deri <deri@ntop.org> wrote:
>
>> Hi Milad
>> the error you have is related to fragments. Please check (with wireshark)
>> if the packets you are receiving are correct or there are fragment issues
>>
>> Regards Luca
>>
>> On 15 May 2018, at 22:43, Milad Arabi <milad.arabi@gmail.com> wrote:
>>
>> Hi there
>> I hope I'm not wrong,I have libradiusPlugin-8.5.180504.so
>> <http://libradiusplugin-8.5.180504.so/> and it almost works.
>> but after update to new version they are broke and they are not create
>> any new log file.
>>
>> Welcome to nProbe v.8.5.180515 (r6155) for x86_64-unknown-linux-gnu
>>> Build OS: CentOS Linux release 7.4.1708 (Core)
>>
>> PF_RING Version : 7.1.0 (dev:8b9dc8a258dea71e2af471174
>>> f99b30014277783)
>>
>>
>>
>> I use nprobe.conf with this config:
>>
>> -i=zc:ens192f0
>>> -t=60
>>> -d=15
>>> -P=/ipdr/connection
>>> -V=10
>>> --max-log-lines=10000000
>>> --cpu-affinity=0
>>> --radius-dump-dir=/ipdr/radius
>>> --diameter-dump-dir=/ipdr/diameter
>>> -T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_DST_PORT %L4_SRC_PORT %IN_BYTES
>>> %OUT_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L7_PROTO_NAME
>>> %IN_SRC_MAC %OUT_DST_MAC %SRC_AS %DST_AS"
>>
>>
>> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:465]
>>> GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geo
>>> ip/GeoIPASNum.dat
>>> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:476]
>>> GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geo
>>> ip/GeoIPASNumv6.dat
>>> May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57
>>> [pro/pf_ring.c:356] Initializing PF_RING socket on device zc:ens192f0..
>>> May 16 01:10:58 ipdr2 nprobe[2630]: 16/May/2018 01:10:58
>>> [pro/pf_ring.c:398] Dumping traffic statistics on
>>> /proc/net/pf_ring/stats/2630-ens192f0.7
>>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
>>> [pro/pf_ring.c:469] PF_RING enabled on zc:ens192f0
>>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [util.c:3629]
>>> nProbe changed user to 'nobody'
>>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
>>> Enabling plugin Diameter Protocol
>>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
>>> Enabling plugin Radius Protocol
>>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [nprobe.c:8926]
>>> nProbe started successfully
>>> May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
>>> [pro/pf_ring.c:214] Packet copy enabled
>>
>>
>> both command line and .conf usage are not work.
>>
>> and some errors are in service status:
>>
>> May 16 00:44:35 ipdr2 nprobe[2483]: 16/May/2018 00:44:35 [nprobe.c:1737]
>>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>>> 21792[fragmentId: 29441]
>>> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
>>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>>> 16430[fragmentId: 6742]
>>> May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
>>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>>> 16430[fragmentId: 6742]
>>> May 16 00:44:48 ipdr2 nprobe[2483]: 16/May/2018 00:44:48 [nprobe.c:1737]
>>> ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
>>> 16430[fragmentId: 6743]
>>
>>
>>
>> Does anybody have this issue?
>>
>> any comment would be appreciate
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>