[Reconnoiter-users] Bad/Available

Theo Schlossnagle jesus at omniti.com
Fri May 22 08:20:48 EDT 2009


On May 22, 2009, at 1:43 AM, Dan Di Spaltro wrote:

> Okay, so I tried to run the ping module locally.  Here is what I got.
> Notice in the config I set the interval to be 5000 and the count to be
> 10, but I don't think the xml parameters are getting picked up in the
> ping module.
>
> ping_icmp_send(0x693ca0,127.0.0.1,2000,5)
> ping_icmp_real_send(127.0.0.1)
> ping_icmp: 127.0.0.1 0 is still outstanding.
> ping_icmp_real_send(127.0.0.1)
> ping_icmp: 127.0.0.1 0 is still outstanding.
> ping_icmp_real_send(127.0.0.1)
> ping_icmp: 127.0.0.1 0 is still outstanding.
> ping_icmp_real_send(127.0.0.1)
> ping_icmp: 127.0.0.1 0 is still outstanding.
> ping_icmp_real_send(127.0.0.1)
> ping_icmp: 127.0.0.1 0 is still outstanding.
> ping_icmp(127.0.0.1) [cnt=5,avail=0,min=nan,max=nan,avg=nan]
> 127.0.0.1`ping_icmp <- [cnt=5,avail=0,min=nan,max=nan,avg=nan]
> 127.0.0.1`ping_icmp -> [unavailable:bad]
>
> Obviously this should work, so I was rooting around in the code and
> found this line of code, now is this incorrectly interpreting the ping
> because the roundtrip is 0ms?
> if(data->turnaround[i] != 0) {
>   points++;
> ...

I'll check into that.  Seems suspect.

> Trying to keep the everything as simple as possible, here is the  
> config:
>
> <checks max_initial_stutter="30000" >
>    <check module="ping_icmp" interval="5000" count="10"
> period="15000" target="127.0.0.1"
> uuid="1b6e28ba-2fa1-11d2-853f-b9a761bde3fb" timeout="14000" />
>  </checks>

There is a problem.  The interval is set to 5000ms (5s).  You are  
requesting 10 pings... This means, every 5 seconds it will send out a  
new ICMP packet until it has sent 10.  However, you have a check  
timeout of 14s and a period of 15s.  If you really do want 10 pings,  
and want it to happen in 14s, I would suggest setting the interval  
down to 1000ms.  That will give you enough time to get all of them out  
and back in again.

I've never set a ping test against localhost before -- definitely  
could be hitting that condition of 0ms.

> Thanks, talk to you soon,
>
>
> On Thu, May 21, 2009 at 11:27 AM, Dan Di Spaltro<dan.dispaltro at gmail.com 
> > wrote:
>> Okay did that.
>>
>> This is how I typically run the noitd daemon, this should yield the
>> same results as that xml line right?
>> /usr/local/sbin/noitd -D -d
>>
>> Anyways, there isn't a whole bunch of logging, so I am not sure  
>> what I
>> am doing wrong.
>>
>> Talk to you soon,
>>
>> On Thu, May 21, 2009 at 8:35 AM, Theo  
>> Schlossnagle<jesus at omniti.com> wrote:
>>> Try turning on debugging for that in noit.conf:
>>>
>>>        <log name="debug/ping_icmp" disabled="false"/>
>>>
>>>
>>> On May 21, 2009, at 11:29 AM, Dan Di Spaltro wrote:
>>>
>>>> On Wed, May 20, 2009 at 5:35 PM, Theo  
>>>> Schlossnagle<jesus at omniti.com>
>>>> wrote:
>>>>>
>>>>> On May 20, 2009, at 8:13 PM, Dan Di Spaltro wrote:
>>>>>
>>>>>> Okay got it.  I just don't think it is actually working, I am  
>>>>>> not sure
>>>>>> how to debug it, but the ping should work, its on the same  
>>>>>> network and
>>>>>> I can easily ping this computer from the Noitd computer, but it  
>>>>>> just
>>>>>> doesn't work.  I usually get anywhere from 4-0ms latency when I  
>>>>>> ping
>>>>>> from the command line.  Anyways, there seems to be a lot of  
>>>>>> code in
>>>>>> the ping module, so I am not sure if I am doing it wrong or what.
>>>>>>
>>>>>> 173.45.232.xx`ping_icmp <-  
>>>>>> [cnt=5,avail=0,min=nan,max=nan,avg=nan]
>>>>>> 174.132.225.xxx`ping_icmp <-
>>>>>> [cnt=5,avail=60,min=0.0480,max=0.0480,avg=0.0480]
>>>>>
>>>>> Well... there are a lot of options here...  The best is to watch  
>>>>> the
>>>>> packets:
>>>>>
>>>>> tcpdump/snoop + wireshark will tell you a lot here.  I haven't  
>>>>> seen any
>>>>> problems like this.
>>>>>
>>>>> I'd run a ping at the same time as noitd while noit is  
>>>>> running... for a
>>>>> while and see if there is any packet loss.  How many hosts are you
>>>>> pinging?
>>>>> 512?
>>>>
>>>> 2, just those above two addresses, I am running tcpdump |grep  
>>>> ICMP and
>>>> the sequence numbers look like they are coming back correctly,  
>>>> and it
>>>> looks like everything is working in that respect.  I also tried
>>>> running both side by side, and didn't see any packet loss.  The one
>>>> above that comes up with everything nan is on the same network  
>>>> which
>>>> usually yields a 0-4ms ping.
>>>>
>>>>>
>>>>> Do you see any socket errors in the noit log (like buffer space
>>>>> exceeded)?
>>>>>  The icmp module attempts to increase the send buffer space up  
>>>>> into the
>>>>> megabyte range -- so hopefully that isn't an issue.
>>>>
>>>> I don't see errors in the noit.log like that
>>>>
>>>>>
>>>>> --
>>>>> Theo Schlossnagle
>>>>> http://omniti.com/is/theo-schlossnagle
>>>>> p: +1.443.325.1357 x201   f: +1.410.872.4911
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Dan Di Spaltro
>>>
>>> --
>>> Theo Schlossnagle
>>> http://omniti.com/is/theo-schlossnagle
>>> p: +1.443.325.1357 x201   f: +1.410.872.4911
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>> --
>> Dan Di Spaltro
>>
>
>
>
> -- 
> Dan Di Spaltro

--
Theo Schlossnagle
http://omniti.com/is/theo-schlossnagle
p: +1.443.325.1357 x201   f: +1.410.872.4911







More information about the Reconnoiter-users mailing list