Page 1 of 1

phreld not monitoring traffic

PostPosted: Fri Oct 11, 2013 6:04 pm
by andyavvua
Hi,

We have installed phreld on a CentOS 6.4 install, we have libpcap-(devel)-1.0.0-6 installed.

On our CentOS 5 servers (libpcap-0.9.4-15) we have no issues, on the CentOS 6 installation nothing ever gets blocked by phreld and upon stracing phreld we see output like this from CentOS 6 servers:

Process 269886 attached with 2 threads - interrupt to quit
[pid 269887] restart_syscall(<... resuming interrupted call ...> <unfinished ...>
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL <unfinished ...>
[pid 269887] <... restart_syscall resumed> ) = 0
[pid 269887] nanosleep({0, 750000000}, <unfinished ...>
[pid 269886] <... select resumed> ) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])
[pid 269886] select(5, [4], NULL, NULL, NULL) = 1 (in [4])

etc etc

so it seems there is some issue with libpcap and phreld on CentOS 6. I realise you say that phreld is only tested for libpcap 0.8 but I wonder if you were able to find the cause of the current issues? It could be a trivial fix! It'd be fantastic to have phreld on all of our machines.

Thanks.

Re: phreld not monitoring traffic

PostPosted: Sat Oct 12, 2013 6:37 pm
by sella
I'll check it out on CentOS 6 this weekend and see if I can get a patched version out.

Re: phreld not monitoring traffic

PostPosted: Mon Oct 14, 2013 9:09 am
by andyavvua
sella wrote:I'll check it out on CentOS 6 this weekend and see if I can get a patched version out.


Thank you, that'd be really appreciated!

Re: phreld not monitoring traffic

PostPosted: Tue Dec 30, 2014 8:33 am
by Trevis
Just a quick patch file to get phrel-0.9.4 working under FC4. There were a few issues dealt with (not all cleanly mind you, I'm not that good at C):

* Whilst iptables could create chains (-N) with long names, it wouldn't allow names loger than 28 characters to be used as the jump target (-j) for the new rules in INPUT.


Get Braindumps demos six sigma green belt certification passguide with 100% success prince 2 course Our high quality Testking itil prepares you well before appearing in www.sckans.edu of Stanford University