sniffing is crashing ?

Raf44 · March 27, 2024, 8:57am

Hello everyone,

I’ve had to deal with a rather serious problem:
on a CCR1072 / RoS 7.14.1 router - BGP absorbing 2full-table IPv4 + 2full-table IPv6 for approximately 2Gbps of incoming traffic;
I wanted to try to trace a connection and thus to try a “tool/sniffer/quick…” by filtering only on the IP

after a few seconds of sniffing, the router rebooted itself via the watchdog.

Imagining that I’d been a bit too adventurous to run this command on this router, I then ran it again on its neighbour - which handles the same amount of traffic, but this time doesn’t handle full-tables, and “only” has around 1000 to 1500 routes.

This neighbour is also a CCR1072 but in RoS 6.49.13.
The same command started to work, again for a few seconds, then rebooted by the watchdog…

So I have a simple question:
Is the amount of 2Gbps traffic really too much for this type of command to be executed?

I would have imagined that a CCR1072 could handle all that more easily…

Or am I focusing on the wrong problem, and probably missing something on the side?

The consequence of these crashes has been to make a big mess of our entire backbone for a few minutes, so I’m not going to be able to repeat the experience easily for testing purposes…

snowflake · April 25, 2024, 2:49pm

Sniffer crashes here too.
Here’s my model info

                   uptime: 1m6s
                  version: 7.14.3 (stable)
               build-time: 2024-04-17 12:47:58
              free-memory: 27.3MiB
             total-memory: 64.0MiB
                      cpu: MIPS 24Kc V7.4
                cpu-count: 1
            cpu-frequency: 400MHz
                 cpu-load: 9%
           free-hdd-space: 48.1MiB
          total-hdd-space: 64.0MiB
  write-sect-since-reboot: 60
         write-sect-total: 11002727
               bad-blocks: 0%
        architecture-name: mipsbe
               board-name: RB751G-2HnD
                 platform: MikroTik

It’s the first crash I’ve had since getting the Routerboard about 10 years ago.
Here’s the sniffer configuration.

                    only-headers: no
                     memory-limit: 1000KiB
                    memory-scroll: yes
                        file-name: 
                       file-limit: 1000KiB
                streaming-enabled: yes
                 streaming-server: 192.168.0.222:37008
                    filter-stream: yes
                 filter-interface: bridge-local
               filter-mac-address: 
           filter-src-mac-address: 
           filter-dst-mac-address: 
              filter-mac-protocol: 
                filter-ip-address: 
            filter-src-ip-address: 
            filter-dst-ip-address: 
              filter-ipv6-address: 
          filter-src-ipv6-address: 
          filter-dst-ipv6-address: 
               filter-ip-protocol: udp
                      filter-port: bootpc
                  filter-src-port: 
                  filter-dst-port: 
                      filter-vlan: 
                       filter-cpu: 
                      filter-size: 
                 filter-direction: any
  filter-operator-between-entries: and
                          running: no
{/code]

snowflake · May 4, 2024, 10:56am

This is an interesting bug.

I installed ROS 7.14.3 x86 build on a VirtualBox guest with a single ethernet interface.

I set up sniffing config and started it. I could not reproduce the crash.

Returning to my RB751 with 7.14.3 installed, I observed that the router could still be
accessed with mactelnet, so it is not actually crashing when the sniffer is started, it is just
the IPv4 protocol that is breaking. Pinging the router from a host on my LAN, I observed
that there was no response when the sniffer was running. I stopped the sniffer from
my mactelnet client and pings started working again.

I installed ROS 7.15rc2 on my RB751, but it did not fix the bug.
I tested both variants of ping for IPv4 and IPv6 and there was no response when the sniffer
was running.

snowflake · May 5, 2024, 10:16am

Solved! I found a silly configuration error in the bridge configuration

For some reason, lost in the mists of time, I had set the
admin-mac for the bridge to a silly value like 11:22:33;44:55:66.

Why I did that I do not know. It had been working that way for months
until I installed ROS 7.14.3.

I reset the entire router configuration back to the default
and saved the export verbose file for /. I found that
starting the sniffer did not stop a ping from working.

I loaded my backup configuration and compared it with the default.
I set the admin-mac to the default value and pings immediately started working
even with the sniffer running.

Phew! What a relief!