[Ntop] radius/diameter plugins broken after update

Milad Arabi

2018-05-17 14:48:36 UTC

please see this
https://asciinema.org/a/182023

Hi Luca
tcpdump -w radius.pcap -i ens192f0 port radius or port radius-acct or port

radius-dynauth

and radius.pcap file is healthy and readable in wireshark.(except a few
packets )
I think this issue related to new updates.

Hi Milad
the error you have is related to fragments. Please check (with wireshark)
if the packets you are receiving are correct or there are fragment issues
Regards Luca
Hi there
I hope I'm not wrong,I have libradiusPlugin-8.5.180504.so
<http://libradiusplugin-8.5.180504.so/> and it almost works.
but after update to new version they are broke and they are not create
any new log file.
Welcome to nProbe v.8.5.180515 (r6155) for x86_64-unknown-linux-gnu

Build OS: CentOS Linux release 7.4.1708 (Core)

PF_RING Version : 7.1.0 (dev:8b9dc8a258dea71e2af471174

f99b30014277783)

-i=zc:ens192f0

-t=60
-d=15
-P=/ipdr/connection
-V=10
--max-log-lines=10000000
--cpu-affinity=0
--radius-dump-dir=/ipdr/radius
--diameter-dump-dir=/ipdr/diameter
-T="%IPV4_SRC_ADDR %IPV4_DST_ADDR %L4_DST_PORT %L4_SRC_PORT %IN_BYTES
%OUT_BYTES %FLOW_START_MILLISECONDS %FLOW_END_MILLISECONDS %L7_PROTO_NAME
%IN_SRC_MAC %OUT_DST_MAC %SRC_AS %DST_AS"

May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:465]

GeoIP: loaded AS config file /usr/share/ntopng/httpdocs/geo
ip/GeoIPASNum.dat
May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57 [util.c:476]
GeoIP: loaded AS IPv6 config file /usr/share/ntopng/httpdocs/geo
ip/GeoIPASNumv6.dat
May 16 01:10:57 ipdr2 nprobe[2630]: 16/May/2018 01:10:57
[pro/pf_ring.c:356] Initializing PF_RING socket on device zc:ens192f0..
May 16 01:10:58 ipdr2 nprobe[2630]: 16/May/2018 01:10:58
[pro/pf_ring.c:398] Dumping traffic statistics on
/proc/net/pf_ring/stats/2630-ens192f0.7
May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
[pro/pf_ring.c:469] PF_RING enabled on zc:ens192f0
May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [util.c:3629]
nProbe changed user to 'nobody'
May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
Enabling plugin Diameter Protocol
May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [plugin.c:924]
Enabling plugin Radius Protocol
May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59 [nprobe.c:8926]
nProbe started successfully
May 16 01:10:59 ipdr2 nprobe[2630]: 16/May/2018 01:10:59
[pro/pf_ring.c:214] Packet copy enabled

both command line and .conf usage are not work.
May 16 00:44:35 ipdr2 nprobe[2483]: 16/May/2018 00:44:35 [nprobe.c:1737]

ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
21792[fragmentId: 29441]
May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
16430[fragmentId: 6742]
May 16 00:44:47 ipdr2 nprobe[2483]: 16/May/2018 00:44:47 [nprobe.c:1737]
ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
16430[fragmentId: 6742]
May 16 00:44:48 ipdr2 nprobe[2483]: 16/May/2018 00:44:48 [nprobe.c:1737]
ERROR: [FRAGMENT][FIRST] Received invalid initial fragment
16430[fragmentId: 6743]

Does anybody have this issue?
any comment would be appreciate
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
http://listgateway.unipi.it/mailman/listinfo/ntop