[Oisf-devel] tcp.ssn_memcap_drop

Chris Wakelin c.d.wakelin at reading.ac.uk
Wed Sep 21 17:10:01 UTC 2011 

Sorry, I've only just started paying attention to the backtraces in this
thread. I've got a couple of very similar ones in the last week!

Looking in more detail at the src and dst addresses in Frame 7 with
"frame 7" and "print *f" (in my case, looks like Frame 12 below), I
found matching HTTP requests a few minutes earlier, but no apparent
connection between those in the two cores I've kept.

One thing I noticed though is that in *f, "sp" and "dp" are both 0,
which I think might be source and destination port, which probably ought
to be stored as part of a flow record?

Best Wishes,
Chris

On 21/09/11 17:22, Martin Holste wrote:
> This one is on a bigger box (144 GB RAM, 16 CPU) with AF_PACKET:
> 
> Program received signal SIGABRT, Aborted.
> [Switching to Thread 0x7fffe4ff9710 (LWP 6178)]
> 0x00007ffff679d945 in raise () from /lib64/libc.so.6
> (gdb) bt
> #0  0x00007ffff679d945 in raise () from /lib64/libc.so.6
> #1  0x00007ffff679ef21 in abort () from /lib64/libc.so.6
> #2  0x00007ffff67da8ef in __libc_message () from /lib64/libc.so.6
> #3  0x00007ffff67e0018 in malloc_printerr () from /lib64/libc.so.6
> #4  0x00007ffff67e4f6c in free () from /lib64/libc.so.6
> #5  0x00007ffff7bd8880 in htp_tx_destroy (tx=0x3233d7f0) at
> htp_transaction.c:123
> #6  0x00007ffff7bd5e12 in htp_conn_destroy (conn=0x2cc524b0) at
> htp_connection.c:65
> #7  0x00007ffff7bd1112 in htp_connp_destroy_all (connp=0x3957d280) at
> htp_connection_parser.c:197
> #8  0x000000000061e03a in HTPStateFree (state=<value optimized out>)
> at app-layer-htp.c:210
> #9  0x000000000061204b in AppLayerParserCleanupState
> (f=0x7ffe6f639b10) at app-layer-parser.c:1240
> #10 0x0000000000437315 in FlowL7DataPtrFree (f=0x180e) at flow.c:119
> #11 0x000000000043737f in FlowClearMemory (f=0x7ffe6f639b10,
> proto_map=<value optimized out>) at flow.c:1406
> #12 0x0000000000437593 in FlowPrune (q=0x942190, ts=0x7fffe4ff8e60) at
> flow.c:336
> #13 0x000000000043794d in FlowPruneFlowQueue (ts=<value optimized
> out>, q=<value optimized out>) at flow.c:355
> #14 FlowManagerThread (ts=<value optimized out>, q=<value optimized
> out>) at flow.c:1060
> #15 0x00007ffff6f265f0 in start_thread () from /lib64/libpthread.so.0
> #16 0x00007ffff683f87d in clone () from /lib64/libc.so.6
> #17 0x0000000000000000 in ?? ()
> 

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK              Fax: +44 (0)118 975 3094

More information about the Oisf-devel mailing list