ntopng restarts periodically

[thalthoff]

Hi all,

when I played around with some Traffic Profiles (especially with l7proto entries), when saving new entries, occasionally ntop stopped working, but could be reanimated at least be rebooting my Pi.

In my syslog I see the following lines repeating every some seconds:

Mar 9 08:52:14 ntopng systemd[1]: Started ntopng high-speed web-based traffic monitoring and analysis tool.
Mar 9 08:52:24 ntopng kernel: [ 675.380867] Unhandled prefetch abort: unknown 1 (0x001) at 0x00006562
Mar 9 08:52:24 ntopng systemd[1]: ntopng.service: Main process exited, code=killed, status=7/BUS
Mar 9 08:52:24 ntopng systemd[1]: ntopng.service: Failed with result 'signal'.
Mar 9 08:52:29 ntopng systemd[1]: ntopng.service: Service RestartSec=5s expired, scheduling restart.
Mar 9 08:52:29 ntopng systemd[1]: ntopng.service: Scheduled restart job, restart counter is at 18.
Mar 9 08:52:29 ntopng systemd[1]: Stopped ntopng high-speed web-based traffic monitoring and analysis tool.
Mar 9 08:52:29 ntopng systemd[1]: Starting ntopng high-speed web-based traffic monitoring and analysis tool...
Mar 9 08:52:29 ntopng sh[4106]: /bin/sh: 1: /usr/bin/ntopng-utils-manage-config: not found
Mar 9 08:52:29 ntopng systemd[1]: Started ntopng high-speed web-based traffic monitoring and analysis tool.
Mar 9 08:52:39 ntopng kernel: [ 689.803038] Unhandled prefetch abort: unknown 1 (0x001) at 0x00006562
Mar 9 08:52:39 ntopng systemd[1]: ntopng.service: Main process exited, code=killed, status=7/BUS
Mar 9 08:52:39 ntopng systemd[1]: ntopng.service: Failed with result 'signal'.

I checked if all files are there an readable /bin/sh is a link to dash and /usr/bin/ntopng-utils-manage-config is readable and eXecutable for everyone.

What can I do?

Thanks for any help in advance!

-Thomas

[thalthoff]

Mar 9 09:10:54 ntopng systemd[1]: Started User Manager for UID 1000.
Mar 9 09:10:54 ntopng systemd[1]: Started Session 13 of user pi.
Mar 9 09:10:59 ntopng systemd[1]: ntopng.service: Main process exited, code=killed, status=11/SEGV
Mar 9 09:10:59 ntopng systemd[1]: ntopng.service: Failed with result 'signal'.
Mar 9 09:11:01 ntopng CRON[2627]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a check-updates-on-demand)
Mar 9 09:11:01 ntopng CRON[2628]: (root) CMD (/usr/bin/ntopng-utils-manage-updates -a handle-upgrade-requests)
Mar 9 09:11:01 ntopng CRON[2625]: (CRON) info (No MTA installed, discarding output)
Mar 9 09:11:01 ntopng CRON[2626]: (CRON) info (No MTA installed, discarding output)
Mar 9 09:11:04 ntopng systemd[1]: ntopng.service: Service RestartSec=5s expired, scheduling restart.
Mar 9 09:11:04 ntopng systemd[1]: ntopng.service: Scheduled restart job, restart counter is at 22.
Mar 9 09:11:04 ntopng systemd[1]: Stopped ntopng high-speed web-based traffic monitoring and analysis tool.
Mar 9 09:11:04 ntopng systemd[1]: Starting ntopng high-speed web-based traffic monitoring and analysis tool...
Mar 9 09:11:04 ntopng sh[2631]: /bin/sh: 1: /usr/bin/ntopng-utils-manage-config: not found
Mar 9 09:11:04 ntopng systemd[1]: Started ntopng high-speed web-based traffic monitoring and analysis tool.
Mar 9 09:11:14 ntopng systemd[1]: ntopng.service: Main process exited, code=killed, status=11/SEGV
Mar 9 09:11:14 ntopng systemd[1]: ntopng.service: Failed with result 'signal'.
Mar 9 09:11:19 ntopng systemd[1]: ntopng.service: Service RestartSec=5s expired, scheduling restart.
Mar 9 09:11:19 ntopng systemd[1]: ntopng.service: Scheduled restart job, restart counter is at 23.
Mar 9 09:11:19 ntopng systemd[1]: Stopped ntopng high-speed web-based traffic monitoring and analysis tool.
Mar 9 09:11:19 ntopng systemd[1]: Starting ntopng high-speed web-based traffic monitoring and analysis tool...
Mar 9 09:11:19 ntopng sh[2716]: /bin/sh: 1: /usr/bin/ntopng-utils-manage-config: not found
Mar 9 09:11:19 ntopng systemd[1]: Started ntopng high-speed web-based traffic monitoring and analysis tool.
Mar 9 09:11:29 ntopng kernel: [ 408.894056] Unhandled prefetch abort: unknown 1 (0x001) at 0x00006562
Mar 9 09:11:29 ntopng systemd[1]: ntopng.service: Main process exited, code=killed, status=7/BUS
Mar 9 09:11:29 ntopng systemd[1]: ntopng.service: Failed with result 'signal'.
Mar 9 09:11:34 ntopng systemd[1]: ntopng.service: Service RestartSec=5s expired, scheduling restart.
Mar 9 09:11:34 ntopng systemd[1]: ntopng.service: Scheduled restart job, restart counter is at 24.
Mar 9 09:11:34 ntopng systemd[1]: Stopped ntopng high-speed web-based traffic monitoring and analysis tool.

[thalthoff]

I managed to escape from all those Bus errors and Segmentation faults.
I removed the runtimeprefs.json, purged the ntop package, reinstalled it and had two lucky minutes to delete all entries in the traffic-profile section. Then there was peace! Everything runs smooth, until I fiddle again with the nBPF expressions especially with l7proto or asn entries. Here I can kind of reproduce such crashes as described above. If there is any wish to ged rid of that problem let me know what infos, logs or dumps you need. I'd like to help!
Background: I'd like to be able to filter out/mark traffic for specific ASNs resp. companies/services/protocols (e.g. Facebook, Riot Games, Youtube, etc.). Maybe I just touched the system at a sensitive "parsing area" or so. I'd like to help here as well. Just tell me what to do!

[cardigliano]

@thalthoff how are you using nBPF expressions exactly? Could you show an example of your configuration? (a screenshot should work). Thank you

[cardigliano]

Closing for inactivity (this works for us, more details required), please reopen in case.