Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

packetbeat panics with pf_ring support compiled in : panic: runtime error: cgo argument has Go pointer to Go pointer #2800

Closed
dan-frohlich opened this issue Oct 18, 2016 · 3 comments

Comments

@dan-frohlich
Copy link

VERSIONS...
GO: 1.6.3
PF RING: pfring-6.5.0-931.x86_64 (installed from RPM)
Beats version: 1.3.0 (2df1088)
OS: RedHat Entreprise 6.5
UNAME: Linux XXXXXXX 2.6.32-642.4.2.el6.x86_64 #1 SMP Mon Aug 15 02:06:41 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux

NOTE: We also see this panic in beats v1.3.1

[root] ./packetbeat -c /etc/packetbeat/packetbeat.yml.rpmsave -e -d "*"
2016/10/18 14:27:33.083775 beat.go:156: DBG Initializing output plugins
2016/10/18 14:27:33.083822 geolite.go:24: INFO GeoIP disabled: No paths were set under output.geoip.paths
2016/10/18 14:27:33.083944 client.go:297: DBG ES Ping(url=http://echocollector-stage.kroger.com:8101/api/beats, timeout=1m30s)
2016/10/18 14:27:33.090487 client.go:306: DBG Ping status code: 200
2016/10/18 14:27:33.090530 outputs.go:126: INFO Activated elasticsearch as output plugin.
2016/10/18 14:27:33.090551 publish.go:232: DBG Create output worker
2016/10/18 14:27:33.090611 publish.go:274: DBG No output is defined to store the topology. The server fields might not be filled.
2016/10/18 14:27:33.090656 publish.go:288: INFO Publisher name: u060ecsa81
2016/10/18 14:27:33.090879 async.go:78: INFO Flush Interval set to: 1s
2016/10/18 14:27:33.090891 async.go:84: INFO Max Bulk Size set to: 100
2016/10/18 14:27:33.090902 async.go:92: DBG create bulk processing worker (interval=1s, bulk size=100)
2016/10/18 14:27:33.090941 beat.go:168: INFO Init Beat: packetbeat; Version: 1.3.0
2016/10/18 14:27:33.091311 procs.go:88: INFO Process matching enabled
2016/10/18 14:27:33.091473 packetbeat.go:166: DBG Initializing protocol plugins
2016/10/18 14:27:33.091514 mongodb.go:73: DBG Init a MongoDB protocol parser
2016/10/18 14:27:33.091548 memcache.go:105: DBG init memcache plugin
2016/10/18 14:27:33.091562 memcache.go:158: DBG maxValues = 0
2016/10/18 14:27:33.091569 memcache.go:159: DBG maxBytesPerValue = 2147483647
2016/10/18 14:27:33.091707 icmp.go:69: DBG Local IP addresses: [127.0.0.1 10.254.227.110 ::1 fe80::250:56ff:feb6:1e6c]
2016/10/18 14:27:33.091774 tcp.go:293: DBG tcp%!(EXTRA string=Port map: %v, map[uint16]protos.Protocol=map[80:http])
2016/10/18 14:27:33.091788 udp.go:93: DBG Port map: map[]
2016/10/18 14:27:33.091796 packetbeat.go:212: DBG Initializing sniffer
2016/10/18 14:27:33.091818 sniffer.go:251: DBG BPF filter: tcp port 80
2016/10/18 14:27:33.091830 sniffer.go:130: DBG Sniffer type: pf_ring device: eth0
2016/10/18 14:27:33.092109 procs.go:147: DBG In RefreshPids
2016/10/18 14:27:33.092132 procs.go:147: DBG In RefreshPids
2016/10/18 14:27:33.092148 procs.go:147: DBG In RefreshPids
2016/10/18 14:27:33.175105 decoder.go:63: DBG Layer type: Ethernet
2016/10/18 14:27:33.175290 beat.go:194: INFO packetbeat sucessfully setup. Start running.
2016/10/18 14:27:33.175306 packetbeat.go:244: DBG Waiting for the sniffer to finish
panic: runtime error: cgo argument has Go pointer to Go pointer

goroutine 23 [running]:
panic(0xa111a0, 0xc82045cc20)
/usr/local/go/src/runtime/panic.go:481 +0x3e6
github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring.(_Ring).ReadPacketDataTo(0xc82121e000, 0xc82122e000, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/home/df28093/go_workspace/src/github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring/pfring.go:116 +0x210
github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring.(_Ring).ReadPacketData(0xc82121e000, 0xc82122e000, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/home/df28093/go_workspace/src/github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring/pfring.go:135 +0xcb
github.com/elastic/beats/packetbeat/sniffer.(_PfringHandle).ReadPacketData(0xc820026100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/home/df28093/go_workspace/src/github.com/elastic/beats/packetbeat/sniffer/pfring.go:37 +0x7a
github.com/elastic/beats/packetbeat/sniffer.(_SnifferSetup).Run(0xc820065040, 0x0, 0x0)
/home/df28093/go_workspace/src/github.com/elastic/beats/packetbeat/sniffer/sniffer.go:294 +0x1e9
github.com/elastic/beats/packetbeat/beat.(_Packetbeat).Run.func1(0xc820090480)
/home/df28093/go_workspace/src/github.com/elastic/beats/packetbeat/beat/packetbeat.go:232 +0x37
created by github.com/elastic/beats/packetbeat/beat.(_Packetbeat).Run
/home/df28093/go_workspace/src/github.com/elastic/beats/packetbeat/beat/packetbeat.go:238 +0x45

@tsg
Copy link
Contributor

tsg commented Oct 20, 2016

Link to the related Gopacket issue: google/gopacket#164

We've forked gopacket a while ago to add some features we needed. We need either to merge the upstream in our fork or to take that individual fix and apply it to our fork.

@Shugyousha
Copy link
Contributor

Would you prefer to have a PR that merges the gopacket upstream or one to cherry-pick that fix for your vendored fork?

@tsg tsg mentioned this issue Jul 4, 2017
tsg pushed a commit to tsg/beats that referenced this issue Jul 4, 2017
The PFring sniffer in Packetbeat is officially unsupported for a longer time,
because it depends on a kernel module and because we don't have a good way of
testing it,
but we left in the code and docs for the people that would like to compile it
themselves. However, it appears that it's broken for a long time (elastic#2800), so this PR
removes it from code and docs.

Closes elastic#4585, elastic#2800.
urso pushed a commit that referenced this issue Jul 5, 2017
The PFring sniffer in Packetbeat is officially unsupported for a longer time,
because it depends on a kernel module and because we don't have a good way of
testing it,
but we left in the code and docs for the people that would like to compile it
themselves. However, it appears that it's broken for a long time (#2800), so this PR
removes it from code and docs.

Closes #4585, #2800.
@urso
Copy link

urso commented Mar 3, 2019

pfring support has been removed long ago.

@urso urso closed this as completed Mar 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants