You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I started ndpiReader with -i option to analyze live data on the interface of my Centos 7.2 VM, but it crashed within few seconds.
The backtrace of the crash is as follows:
gdb ndpiReader core.29107
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /root/nDPI-8/nDPI/example/ndpiReader...done.
[New LWP 29108]
[New LWP 29107]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `./ndpiReader -i eno16777736'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000040e3cb in ndpi_parse_packet_line_info (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460) at ndpi_main.c:3732
3732 if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) {
(gdb) bt
#0 0x000000000040e3cb in ndpi_parse_packet_line_info (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460) at ndpi_main.c:3732 #1 0x000000000041bc0b in ndpi_check_http_tcp (flow=0x7f73cc082460, ndpi_struct=0x14402b0) at protocols/http.c:800 #2 ndpi_search_http_tcp (ndpi_struct=0x14402b0, flow=0x7f73cc082460) at protocols/http.c:830 #3 0x0000000000410576 in check_ndpi_tcp_flow_func (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460,
ndpi_selection_packet=ndpi_selection_packet@entry=0x7f73d39d69f8) at ndpi_main.c:3274 #4 0x000000000041059f in check_ndpi_flow_func (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460,
ndpi_selection_packet=ndpi_selection_packet@entry=0x7f73d39d69f8) at ndpi_main.c:3332 #5 0x00000000004108ae in ndpi_detection_process_packet (ndpi_struct=0x14402b0, flow=0x7f73cc082460, packet=packet@entry=0x7f73cc08340e "E", packetlen=packetlen@entry=3168,
current_tick_l=current_tick_l@entry=1492596923456, src=0x7f73cc075ad0, dst=0x7f73cc075bd0) at ndpi_main.c:3515 #6 0x000000000040564d in packet_processing (ip_offset=, rawsize=, ipsize=3168, iph6=0x0, iph=, vlan_id=0, time=1492596923456,
workflow=0x16c37e0) at ndpi_util.c:552 #7 ndpi_workflow_process_packet (workflow=0x16c37e0, header=header@entry=0x7f73d39d6bc0, packet=packet@entry=0x7f73cc083400 "") at ndpi_util.c:909 #8 0x0000000000402609 in pcap_packet_callback_checked (args=, header=0x7f73d39d6bc0, packet=0x7f73d3b34046 <Address 0x7f73d3b34046 out of bounds>) at ndpiReader.c:1343 #9 0x00007f73d424599e in pcap_handle_packet_mmap (handle=handle@entry=0x143d070, callback=callback@entry=0x4025b0 <pcap_packet_callback_checked>, user=user@entry=0x7f73d39d6cde "",
frame=frame@entry=0x7f73d3b34000 <Address 0x7f73d3b34000 out of bounds>, tp_len=, tp_mac=, tp_snaplen=1546, tp_sec=1492596923, tp_usec=456000,
tp_vlan_tci_valid=0, tp_vlan_tci=0) at ./pcap-linux.c:4361 #10 0x00007f73d4249ae1 in pcap_read_linux_mmap_v2 (handle=0x143d070, max_packets=-1, callback=0x4025b0 <pcap_packet_callback_checked>, user=0x7f73d39d6cde "") at ./pcap-linux.c:4463 #11 0x00007f73d424e19d in pcap_loop (p=0x143d070, cnt=cnt@entry=-1, callback=callback@entry=0x4025b0 <pcap_packet_callback_checked>, user=user@entry=0x7f73d39d6cde "") at ./pcap.c:862 #12 0x000000000040305f in runPcapLoop (thread_id=0) at ndpiReader.c:1424 #13 processing_thread (_thread_id=0x0) at ndpiReader.c:1452 #14 0x00007f73d4028dc5 in start_thread (arg=0x7f73d39d7700) at pthread_create.c:308 #15 0x00007f73d3d5628d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
(gdb) p a
$1 = 3017
(gdb) p *((char *)packet->payload)
$2 = 72 'H'
(gdb) p ((char *)packet->payload)
$3 = 0x7f73cc083436 "HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nP3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"\r\nSet-Cookie: KADUSE"...
(gdb) p ((char *)packet->payload)+a
$4 = 0x7f73cc083fff ""
(gdb)
this issue seems to be different from #364 as the crash is coming at a different place, also this issue #363 relates to crash while analyzing live traffic while #364 is while reading a pcap file, but need to check whether the root cause is same or not.
I started ndpiReader with -i option to analyze live data on the interface of my Centos 7.2 VM, but it crashed within few seconds.
The backtrace of the crash is as follows:
gdb ndpiReader core.29107
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /root/nDPI-8/nDPI/example/ndpiReader...done.
[New LWP 29108]
[New LWP 29107]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `./ndpiReader -i eno16777736'.
Program terminated with signal 11, Segmentation fault.
#0 0x000000000040e3cb in ndpi_parse_packet_line_info (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460) at ndpi_main.c:3732
3732 if(get_u_int16_t(packet->payload, a) == ntohs(0x0d0a)) {
(gdb) bt
#0 0x000000000040e3cb in ndpi_parse_packet_line_info (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460) at ndpi_main.c:3732
#1 0x000000000041bc0b in ndpi_check_http_tcp (flow=0x7f73cc082460, ndpi_struct=0x14402b0) at protocols/http.c:800
#2 ndpi_search_http_tcp (ndpi_struct=0x14402b0, flow=0x7f73cc082460) at protocols/http.c:830
#3 0x0000000000410576 in check_ndpi_tcp_flow_func (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460,
ndpi_selection_packet=ndpi_selection_packet@entry=0x7f73d39d69f8) at ndpi_main.c:3274
#4 0x000000000041059f in check_ndpi_flow_func (ndpi_struct=ndpi_struct@entry=0x14402b0, flow=flow@entry=0x7f73cc082460,
ndpi_selection_packet=ndpi_selection_packet@entry=0x7f73d39d69f8) at ndpi_main.c:3332
#5 0x00000000004108ae in ndpi_detection_process_packet (ndpi_struct=0x14402b0, flow=0x7f73cc082460, packet=packet@entry=0x7f73cc08340e "E", packetlen=packetlen@entry=3168,
current_tick_l=current_tick_l@entry=1492596923456, src=0x7f73cc075ad0, dst=0x7f73cc075bd0) at ndpi_main.c:3515
#6 0x000000000040564d in packet_processing (ip_offset=, rawsize=, ipsize=3168, iph6=0x0, iph=, vlan_id=0, time=1492596923456,
workflow=0x16c37e0) at ndpi_util.c:552
#7 ndpi_workflow_process_packet (workflow=0x16c37e0, header=header@entry=0x7f73d39d6bc0, packet=packet@entry=0x7f73cc083400 "") at ndpi_util.c:909
#8 0x0000000000402609 in pcap_packet_callback_checked (args=, header=0x7f73d39d6bc0, packet=0x7f73d3b34046 <Address 0x7f73d3b34046 out of bounds>) at ndpiReader.c:1343
#9 0x00007f73d424599e in pcap_handle_packet_mmap (handle=handle@entry=0x143d070, callback=callback@entry=0x4025b0 <pcap_packet_callback_checked>, user=user@entry=0x7f73d39d6cde "",
frame=frame@entry=0x7f73d3b34000 <Address 0x7f73d3b34000 out of bounds>, tp_len=, tp_mac=, tp_snaplen=1546, tp_sec=1492596923, tp_usec=456000,
tp_vlan_tci_valid=0, tp_vlan_tci=0) at ./pcap-linux.c:4361
#10 0x00007f73d4249ae1 in pcap_read_linux_mmap_v2 (handle=0x143d070, max_packets=-1, callback=0x4025b0 <pcap_packet_callback_checked>, user=0x7f73d39d6cde "") at ./pcap-linux.c:4463
#11 0x00007f73d424e19d in pcap_loop (p=0x143d070, cnt=cnt@entry=-1, callback=callback@entry=0x4025b0 <pcap_packet_callback_checked>, user=user@entry=0x7f73d39d6cde "") at ./pcap.c:862
#12 0x000000000040305f in runPcapLoop (thread_id=0) at ndpiReader.c:1424
#13 processing_thread (_thread_id=0x0) at ndpiReader.c:1452
#14 0x00007f73d4028dc5 in start_thread (arg=0x7f73d39d7700) at pthread_create.c:308
#15 0x00007f73d3d5628d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
(gdb) p a
$1 = 3017
(gdb) p *((char *)packet->payload)
$2 = 72 'H'
(gdb) p ((char *)packet->payload)
$3 = 0x7f73cc083436 "HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=UTF-8\r\nP3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"\r\nSet-Cookie: KADUSE"...
(gdb) p ((char *)packet->payload)+a
$4 = 0x7f73cc083fff ""
(gdb)
CrashBin.zip
Regards,
Ravi
The text was updated successfully, but these errors were encountered: