nProbe
nProbe copied to clipboard
Published
20 hours ago •
ntop
ntop
Prerequisites for configuring cento-bridge
Hi,
Our team is researching Cento functionality as bridging interfaces and filtering some piece of traffic.
We have two interfaces as eth0 and eth1.
We would like to bridge eth0 and eth1 to allow client access to Internet, but Facebook application should be blocked.
Configuration
We execute the following to get scenario working:
echo "
[bridge]
default = forward
" > bridge.conf
sudo cento-bridge -i eth0,eth1 --bridge-conf bridge.conf --dpi-level 2
However a client has no access to Internet - requests are not forwarded.
If we try to configure a separate bridge for eth0 & eth1 as follows, then clients can reach Internet side:
sudo brctl addbr br0
sudo brctl addif br0 eth0 eth1
sudo ip link set dev br0 up
System info
Some system information you'll probably find required:
eve@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.4 LTS
Release: 18.04
Codename: bionic
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$ uname -a
Linux ubuntu 4.15.0-96-generic #97-Ubuntu SMP Wed Apr 1 03:25:46 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
eve@ubuntu:~$ cento --version
v.1.19.221213
Built OS: Ubuntu 18.04.6 LTS
System Id: L1203070200000749--OL
GIT rev: dev:c9ae0079ecd2f0e00ff91e59d9050a805c80ee59:20221213
License: Invalid license
Cento Logs
Please, refer to Pastebin file for logs: https://pastebin.com/aXgd7GaG
Note: in logs you'll see bridging between logical interfaces like eth0.10 and eth0.20, but the same issue was faced with eth0 and eth1.
Question
What are the prerequisites for interfaces to be bridged by nProbe Cento? Is valid license required for that functionality?
I pushed a path to improve packet forwarding with standard drivers in low traffic rate conditions. Please install the next software update later today.
Hi @cardigliano, Thank you for the feedback.
"the next software update" -- it's gonna be a nightly build, isn't it? Could you share a build number that's related to this issue?
Hi @cardigliano Thank you for the changes you made.
I've installed the following latest nProbe Cento image:
eve@ubuntu:~$ cento --version
v.1.19.221219
Built OS: Ubuntu 18.04.6 LTS
System Id: L12030D0200000792--OL
GIT rev: dev:b1f689d2e1e4700b1249b129a4d1cdc3a491b615:20221219
License: Invalid license
I've tested bridging functionality against two my use cases:
- between two physical interfaces
eth0andeth1 - between two logical interfaces
eth0.10andeth0.20(vlan 10, vlan 20)
Seems like 1st use case is working now, thus traffic is forwarded between eth0 and eth1 by means of nProbe Cento.
However 2nd use case still doesn't work, thus nothing is forwarded between logical interfaces eth0.10 and eth0.20.
Is bridging logical interfaces supposed to be working for nProbe Cento? I've found no limitations on that in docs.
@mdraevich please note that cento-bridge is meant to be used as bump in the wire on a physical link, I guess you need something that does routing, please describe your use case
We intend to deploy a server with filtering capabilities (ones nProbe Cento provides). Server is connected to L2 switch with a single physical connection.
The server should not do any routing. It should do the following:
- accepts traffic on vlan tag AAA;
- remove vlan tag AAA;
- do some filtering;
- add vlan tag BBB;
- sends traffic back to switch.
The reason why we're not gonna implement routing is the simplicity of deployment - many our customers have no desire to change their routing tables, however want to implement filtering.
Does it sound reasonable to you?
Got it. Well, cento should send on the twin interface all traffic received, it should work also with virtual interfaces. I suggest to check if traffic is actually received on the VLAN interface with tcpdump. I will also check the forwarding asap.
Let me provide some details about my lab configuration.
1. Create logical interfaces on the server where nProbe Cento takes place:
sudo apt install bridge-utils vlan -y
sudo modprobe 8021q
sudo ip link add link eth0 name eth0.10 type vlan id 10
sudo ip link add link eth0 name eth0.20 type vlan id 20
sudo ip link set up eth0.10
sudo ip link set up eth0.20
2. Check if logical interfaces were created (output is filtered):
eve@ubuntu:~$ ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:00:00:09:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:ff:fe00:900/64 scope link
valid_lft forever preferred_lft forever
7: eth0.10@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:00:00:09:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:ff:fe00:900/64 scope link
valid_lft forever preferred_lft forever
8: eth0.20@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:00:00:09:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::250:ff:fe00:900/64 scope link
valid_lft forever preferred_lft forever
3. Configure traditional Linux bridge using brctl utility:
eve@ubuntu:~$ sudo brctl addbr br0
eve@ubuntu:~$ sudo brctl addif br0 eth0.10 eth0.20
eve@ubuntu:~$ sudo ip link set dev br0 up
4. Check if traffic is bridged through the host where nProbe Cento takes place:
# on client-pc
[root@srv ~]# ping 10.1.1.2 -c 3
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.970 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=1.20 ms
64 bytes from 10.1.1.2: icmp_seq=3 ttl=64 time=1.09 ms
--- 10.1.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.970/1.091/1.208/0.100 ms
# on cento host
eve@ubuntu:~$ sudo tcpdump -nni eth0 'icmp' -e
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:53:10.173206 00:50:00:00:06:00 > 00:50:00:00:08:00, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4 (0x0800), 10.1.1.1 > 10.1.1.2: ICMP echo request, id 1150, seq 5766, length 64
10:53:10.173849 00:50:00:00:08:00 > 00:50:00:00:06:00, ethertype 802.1Q (0x8100), length 102: vlan 20, p 0, ethertype IPv4 (0x0800), 10.1.1.2 > 10.1.1.1: ICMP echo reply, id 1150, seq 5766, length 64
10:53:11.175252 00:50:00:00:06:00 > 00:50:00:00:08:00, ethertype 802.1Q (0x8100), length 102: vlan 10, p 0, ethertype IPv4 (0x0800), 10.1.1.1 > 10.1.1.2: ICMP echo request, id 1150, seq 5767, length 64
10:53:11.175966 00:50:00:00:08:00 > 00:50:00:00:06:00, ethertype 802.1Q (0x8100), length 102: vlan 20, p 0, ethertype IPv4 (0x0800), 10.1.1.2 > 10.1.1.1: ICMP echo reply, id 1150, seq 5767, length 64
@mdraevich could you stop the bridge, run cento, start the ping, and capture with tcpdump on eth0.10 and eth0.20 ?
@cardigliano Yeap, I've included 4 files in the archive below:
eth0.pcap- traffic on physical interface;eth0_10.pcap- traffic on logical interface for vlan 10;eth0_20.pcap- traffic on logical interface for vlan 20;cento_diag.txt- executed commands on cento host.
I made firstly ping 10.1.1.2 from 10.1.1.1 then made the same but reverse.
files.zip
Hope that's would be useful for you, Matthew
I added a new option (keep_vlan_offload) for the pf_ring kernel module to make sure the original vlan header is replaced by the new vlan header when forwarding between vlans. Please follow the steps below:
- apt update && apt upgrade - update pfring-dkms (you should update all the packages actually as this is a dependency, there should be a new package already)
- add keep_vlan_offload=1 to the pf_ring configuration under /etc/pf_ring/pf_ring.conf
- systemctl restart pf_ring - restart the pf_ring service and make sure the (new) module is re-loaded Try again running cento and let me know.
@cardigliano Thank you a lot for the response.
Right now I'm out of office. I'll check out your provided configuration as soon as possible. I hope I'll be ready within this week.
Hi @cardigliano Happy New Year! Hope new year would return a peace to our homes.
I've modified my lab environment as follows:
# on cento host
sudo apt update -y
sudo apt install -y pfring-dkms
echo "keep_vlan_offload=1" >> /etc/pf_ring/pf_ring.conf
sudo systemctl restart pf_ring
Result on Cento host
eve@ubuntu:~$
eve@ubuntu:~$ sudo cento-bridge -i eth0.10,eth0.20 --bridge-conf bridge.conf --dpi-level 2 1>cento.log 2>&1 &
[1] 5802
eve@ubuntu:~$ sudo tcpdump -i eth0 'arp or icmp'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:47:27.272161 ARP, Request who-has 10.1.1.2 tell 10.1.1.1, length 28
20:47:27.273036 ARP, Request who-has 10.1.1.2 tell 10.1.1.1, length 28
20:47:28.273529 ARP, Request who-has 10.1.1.2 tell 10.1.1.1, length 28
20:47:28.273787 ARP, Request who-has 10.1.1.2 tell 10.1.1.1, length 28
20:47:29.275543 ARP, Request who-has 10.1.1.2 tell 10.1.1.1, length 28
20:47:29.275769 ARP, Request who-has 10.1.1.2 tell 10.1.1.1, length 28
20:47:31.565997 ARP, Request who-has 10.1.1.1 tell 10.1.1.2, length 28
20:47:31.566093 ARP, Request who-has 10.1.1.1 tell 10.1.1.2, length 28
20:47:32.567061 ARP, Request who-has 10.1.1.1 tell 10.1.1.2, length 28
20:47:32.567149 ARP, Request who-has 10.1.1.1 tell 10.1.1.2, length 28
20:47:33.569115 ARP, Request who-has 10.1.1.1 tell 10.1.1.2, length 28
20:47:33.569212 ARP, Request who-has 10.1.1.1 tell 10.1.1.2, length 28
^C
12 packets captured
12 packets received by filter
0 packets dropped by kernel
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$ fg %1
sudo cento-bridge -i eth0.10,eth0.20 --bridge-conf bridge.conf --dpi-level 2 > cento.log 2>&1
^Ceve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$ cat cento.log
02/Jan/2023 20:47:19 [cento.cpp:1708] Welcome to nProbe cento v.1.19.230102
02/Jan/2023 20:47:19 [cento.cpp:1709] Using nDPI 4.5.0-3983-2c551afb
02/Jan/2023 20:47:19 [cento.cpp:1710] Copyright 2015-22 - ntop
02/Jan/2023 20:47:19 [cento.cpp:1713] SystemId: L12030F0200000792--U12030F021B4BC169--OL
02/Jan/2023 20:47:19 [cento.cpp:1725] WARNING: Invalid license /etc/nprobe.cento: Missing license file
02/Jan/2023 20:47:19 [Runtime.cpp:489] WARNING: *****************************************************
02/Jan/2023 20:47:19 [Runtime.cpp:490] WARNING: ** **
02/Jan/2023 20:47:19 [Runtime.cpp:491] WARNING: ** Switching to DEMO MODE (missing valid license) **
02/Jan/2023 20:47:19 [Runtime.cpp:492] WARNING: ** **
02/Jan/2023 20:47:19 [Runtime.cpp:493] WARNING: ** Purchase your nProbe Cento license at **
02/Jan/2023 20:47:19 [Runtime.cpp:494] WARNING: ** https://shop.ntop.org/ **
02/Jan/2023 20:47:19 [Runtime.cpp:495] WARNING: ** **
02/Jan/2023 20:47:19 [Runtime.cpp:496] WARNING: *****************************************************
02/Jan/2023 20:47:19 [cento.cpp:1732] Built on Ubuntu 18.04.6 LTS
02/Jan/2023 20:47:19 [cento.cpp:1733] Available CPU Cores: 2
02/Jan/2023 20:47:19 [cento.cpp:1734] Max flow duration set to 120 sec (-t)
02/Jan/2023 20:47:19 [cento.cpp:1735] Max flow idleness set to 60 sec (-d)
02/Jan/2023 20:47:19 [cento.cpp:1736] Flow hash size set to 512000 buckets (-w)
02/Jan/2023 20:47:19 [cento.cpp:1737] Hashes will have up to 1024000 buckets (-W)
02/Jan/2023 20:47:19 [cento.cpp:1747] WARNING: No flow export defined (missing -5/-9/-I parameters)
02/Jan/2023 20:47:19 [cento.cpp:1748] WARNING: Flows are just harvested after they are expired
02/Jan/2023 20:47:19 [PF_RINGInterface.cpp:190] Reading packets from interface eth0.10,eth0.20... [coreId: 0]
02/Jan/2023 20:47:19 [cento.cpp:2112] Created interface eth0.10,eth0.20
02/Jan/2023 20:47:19 [NetworkInterface.cpp:1973] Datapath update request [type=0, index=0, req=1]
02/Jan/2023 20:47:19 [NetworkInterface.cpp:2053] Datapath update completed [req=1]
02/Jan/2023 20:47:19 [NetworkInterface.cpp:1973] Datapath update request [type=0, index=0, req=2]
02/Jan/2023 20:47:19 [NetworkInterface.cpp:2053] Datapath update completed [req=2]
02/Jan/2023 20:47:19 [NetworkInterface.cpp:1973] Datapath update request [type=0, index=0, req=5]
02/Jan/2023 20:47:19 [NetworkInterface.cpp:2053] Datapath update completed [req=5]
02/Jan/2023 20:47:19 [NetworkInterface.cpp:1973] Datapath update request [type=0, index=0, req=3]
02/Jan/2023 20:47:19 [NetworkInterface.cpp:2053] Datapath update completed [req=3]
02/Jan/2023 20:47:19 [PF_RINGInterface.cpp:258] Initializing eth0.10,eth0.20...
02/Jan/2023 20:47:19 [PF_RINGInterface.cpp:275] Started packet capture on eth0.10,eth0.20...
02/Jan/2023 20:47:19 [cento.cpp:511] cento changed user to 'cento'
02/Jan/2023 20:47:19 [FlowExporter.cpp:37] Started flow exporter for eth0.10,eth0.20
02/Jan/2023 20:47:20 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:20 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:21 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:21 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:22 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:22 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:23 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:23 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:24 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:24 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:25 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:25 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:26 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:26 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:27 [NetworkInterface.cpp:524] WARNING: Short packet received [42 len]: discarded
02/Jan/2023 20:47:27 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:27 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:28 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:28 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:29 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:29 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:30 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:30 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:31 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:31 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:32 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:32 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:33 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:33 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:34 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:34 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:35 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:35 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:36 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:36 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:37 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:37 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:38 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:38 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:39 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:39 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:40 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:40 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:41 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:41 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:42 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:42 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:43 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:43 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:44 [NetworkInterface.cpp:1687] [eth0.10,eth0.20] [0 pps/0.00 Gbps][0/0/0/512'000 act/exp/drop/max flows][0 (0 pps)/0 RX/TX pkt drops][0 TX pps]
02/Jan/2023 20:47:44 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
02/Jan/2023 20:47:44 [cento.cpp:526] Received shutdown request... [signal: 2]
02/Jan/2023 20:47:44 [PF_RINGInterface.cpp:530] Terminated packet polling for eth0.10,eth0.20
02/Jan/2023 20:47:44 [PF_RINGInterface.cpp:536] [6.00 Pkts/252 B]
02/Jan/2023 20:47:44 [FlowExporter.cpp:58] Terminated flow exporter for eth0.10,eth0.20
02/Jan/2023 20:47:44 [FlowExporter.cpp:132] [eth0.10,eth0.20] Flow Export Queue Len [0 tot queued][0/0 IPv4/v6][Drops queue too long 0/0 IPv4/v6][0/0 tot exported/dropped flows][0/0 exported/dropped fps]
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$ apt list | grep cento
cento/unknown,now 1.19.230102-775 amd64 [installed]
fonts-quattrocento/bionic,bionic 1.1-2 all
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$ apt list | grep pfring
pfring/unknown,now 8.3.0-8048 amd64 [installed,automatic]
pfring-dkms/unknown,now 8.3.0.8048 all [installed]
pfring-drivers-zc-dkms/unknown 8.3.0-8048 all
eve@ubuntu:~$ cat /etc/pf_ring/pf_ring.conf
keep_vlan_offload=1
eve@ubuntu:~$ sudo systemctl status pf_ring
● pf_ring.service - PF_RING service
Loaded: loaded (/etc/systemd/system/pf_ring.service; enabled; vendor preset: enabled)
Active: active (exited) since Mon 2023-01-02 20:22:01 CET; 30min ago
Process: 5289 ExecStopPost=/bin/sh -c /bin/echo "$(/bin/date) pf_ring StopPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
Process: 5210 ExecStop=/usr/bin/pf_ringctl stop (code=exited, status=0/SUCCESS)
Process: 5393 ExecStartPost=/bin/sh -c if [ -x /etc/pf_ring/post ]; then /etc/pf_ring/post; fi (code=exited, status=0/SUCCESS)
Process: 5390 ExecStartPost=/bin/sh -c /bin/echo "$(/bin/date) pf_ring StartPost" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
Process: 5308 ExecStart=/usr/bin/pf_ringctl start (code=exited, status=0/SUCCESS)
Process: 5307 ExecStartPre=/bin/sh -c if [ -x /etc/pf_ring/pre ]; then /etc/pf_ring/pre; fi (code=exited, status=0/SUCCESS)
Process: 5292 ExecStartPre=/bin/sh -c /bin/echo "$(/bin/date) pf_ring StartPre" >> /var/log/ntop-systemd.log (code=exited, status=0/SUCCESS)
Main PID: 5308 (code=exited, status=0/SUCCESS)
Jan 02 20:21:58 ubuntu systemd[1]: Starting PF_RING service...
Jan 02 20:21:58 ubuntu pf_ringctl[5308]: * Starting PF_RING module
Jan 02 20:22:01 ubuntu pf_ringctl[5308]: ...done.
Jan 02 20:22:01 ubuntu systemd[1]: Started PF_RING service.
Let me double check the pf_ring configuration, please: cat /proc/net/pf_ring/info cat /etc/pf_ring/pf_ring.conf
Sure,
eve@ubuntu:~$ cat /proc/net/pf_ring/info
PF_RING Version : 8.3.0 (dev:3b25f140392fb59422261d3495b26fd806f3fa82)
Total rings : 0
Standard (non ZC) Options
Ring slots : 4096
Slot version : 20
Capture TX : Yes [RX+TX]
IP Defragment : No
Socket Mode : Standard
Cluster Fragment Queue : 0
Cluster Fragment Discard : 0
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$
eve@ubuntu:~$ cat /etc/pf_ring/pf_ring.conf
keep_vlan_offload=1
@mdraevich what about providing me remote access to debug this? (both ssh access or screen sharing works for me) Please drop an email to cardigliano at ntop.org if possible
sure, I can. I'll provide you all required information for a connection in ~1 hour.
@cardigliano Check you email, I've sent it with all required information and let me know if you have any further questions.
@cardigliano Let me know please does this problem look reproducible for you? If you request nProbe license, would problem be solved or not?
Not sure about the status of this, closing for inactivity, please reopen in case