GO Panic with v1.3.1 pf_ring support

bugsfix · October 17, 2016, 5:25pm

OS: RedHat 6.5
PF RING: pfring-6.5.0-931.x86_64
GOLANG: go1.6.3 linux/amd64

Built packetbeat 1.3.1 with "make with_pfring"

When starting packetbeat I am getting the following error

panic: runtime error: cgo argument has Go pointer to Go pointer

goroutine 41 [running]:
panic(0xa111a0, 0xc8211ebad0)
/usr/local/go/src/runtime/panic.go:481 +0x3e6
github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring.(*Ring).ReadPacketDataTo(0xc8211ec2d0, 0xc821250000, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/root/src/github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring/pfring.go:116 +0x210
github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring.(*Ring).ReadPacketData(0xc8211ec2d0, 0xc821250000, 0xffff, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/root/src/github.com/elastic/beats/vendor/github.com/tsg/gopacket/pfring/pfring.go:135 +0xcb
github.com/elastic/beats/packetbeat/sniffer.(*PfringHandle).ReadPacketData(0xc8200700a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/root/src/github.com/elastic/beats/packetbeat/sniffer/pfring.go:37 +0x7a
github.com/elastic/beats/packetbeat/sniffer.(*SnifferSetup).Run(0xc820074cd0, 0x0, 0x0)
/root/src/github.com/elastic/beats/packetbeat/sniffer/sniffer.go:294 +0x1e9
github.com/elastic/beats/packetbeat/beat.(*Packetbeat).Run.func1(0xc8200a8480)
/root/src/github.com/elastic/beats/packetbeat/beat/packetbeat.go:232 +0x37
created by github.com/elastic/beats/packetbeat/beat.(*Packetbeat).Run
/root/src/github.com/elastic/beats/packetbeat/beat/packetbeat.go:238 +0x45

Logs:

2016-10-17T13:10:37-04:00 DBG Disable stderr logging
2016-10-17T13:10:37-04:00 DBG Initializing output plugins
2016-10-17T13:10:37-04:00 INFO GeoIP disabled: No paths were set under output.geoip.paths
2016-10-17T13:10:37-04:00 DBG ES Ping(url=http://****************************/api/beats, timeout=1m30s)
2016-10-17T13:10:37-04:00 DBG Ping status code: 200
2016-10-17T13:10:37-04:00 INFO Activated elasticsearch as output plugin.
2016-10-17T13:10:37-04:00 DBG Create output worker
2016-10-17T13:10:37-04:00 DBG No output is defined to store the topology. The server fields might not be filled.
2016-10-17T13:10:37-04:00 INFO Publisher name: *******
2016-10-17T13:10:37-04:00 INFO Flush Interval set to: 1s
2016-10-17T13:10:37-04:00 INFO Max Bulk Size set to: 100
2016-10-17T13:10:37-04:00 DBG create bulk processing worker (interval=1s, bulk size=100)
2016-10-17T13:10:37-04:00 INFO Init Beat: packetbeat; Version: 1.3.1
2016-10-17T13:10:37-04:00 INFO Process matching enabled
2016-10-17T13:10:37-04:00 DBG Initializing protocol plugins
2016-10-17T13:10:37-04:00 DBG init memcache plugin
2016-10-17T13:10:37-04:00 DBG maxValues = 0
2016-10-17T13:10:37-04:00 DBG maxBytesPerValue = 2147483647
2016-10-17T13:10:37-04:00 DBG Init a MongoDB protocol parser
2016-10-17T13:10:37-04:00 DBG Local IP addresses: [127.0.0.1 10.254.227.110 ::1 fe80::250:56ff:feb6:1e6c]
2016-10-17T13:10:37-04:00 DBG In RefreshPids
2016-10-17T13:10:37-04:00 DBG In RefreshPids
2016-10-17T13:10:37-04:00 DBG In RefreshPids
2016-10-17T13:10:37-04:00 DBG tcp%!(EXTRA string=Port map: %v, map[uint16]protos.Protocol=map[6379:redis 6380:redis 28117:mongodb 53:dns 80:http])
2016-10-17T13:10:37-04:00 DBG Port map: map[53:dns]
2016-10-17T13:10:37-04:00 DBG Initializing sniffer
2016-10-17T13:10:37-04:00 DBG BPF filter: tcp port 80 or tcp port 6379 or tcp port 6380 or tcp port 28117 or port 53 or icmp or icmp6
2016-10-17T13:10:37-04:00 DBG Sniffer type: pf_ring device: eth0
2016-10-17T13:10:37-04:00 DBG Layer type: Ethernet
2016-10-17T13:10:37-04:00 INFO packetbeat sucessfully setup. Start running.
2016-10-17T13:10:37-04:00 DBG Disable stderr logging
2016-10-17T13:10:37-04:00 DBG Waiting for the sniffer to finish

Config:

############################# Sniffer #########################################
interfaces:
device: eth0
type: pf_ring
############################# Protocols #######################################
protocols:
icmp:
enabled: true
dns:
ports: [53]
include_authorities: true
include_additionals: true
send_request: true
send_response: true
http:
ports: [80]
redis:
ports: [6379, 6380]
mongodb:
ports: [28117]
############################# Processes #######################################
procs:
enabled: true
monitored:
- process: nginx
cmdline_grep: nginx
- process: apache
cmdline_grep: httpd
- process: java
cmdline_grep: java
############################# Output ##########################################
output:
elasticsearch:
hosts: ["*********************"]
index: "packetbeat"
path: "/api/beats"
bulk_max_size: 100

monica · October 20, 2016, 1:03pm

There is a similar issue already reported in GitHub. Please follow the issue.

system · November 7, 2016, 5:25pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
PF_RING on Packetbeat error Beats packetbeat	3	1125	July 29, 2017
PF_RING on Packetbeat error chinese 中文提问与讨论	2	1288	July 4, 2017
How packetbeat to work with pf_ring Beats packetbeat	12	2553	November 6, 2016
Starting packetbeat: 2016/01/08 12:13:43.009060 packetbeat.go:195: CRIT Initializing sniffer failed: Error creating sniffer: Pfring sniffing is not compiled in Beats packetbeat	5	1746	July 5, 2017
Packetbeat error Beats packetbeat	1	914	August 9, 2017

GO Panic with v1.3.1 pf_ring support

Related Topics