CoralReef Frequently Asked Questions: Troubleshooting Next Previous Contents

8. Troubleshooting

8.1 When compiling on a LINUX system, I get errors involving bool. How do I fix these?

This is caused by conflicts between LINUX headers and particular versions of gcc. To fix it, set the environment variable CXX to the name of a modern (e.g., gnu 2.95 or later) C++ compiler, or to "false" if you don't have one, and re-run ./configure, make, and make install in the top directory.

8.2 I get compile errors in libsrc/crl involving _crypt_struct, _off64_t, etc. How do I fix these?

This is apparently due to a bug in perl 5.8.0, which is fixed in 5.8.2, but reintroduced in 5.8.3. CoralReef 3.7.4 contains a workaround for this. You may also be able to get around it by setting the environment variable CPPFLAGS="-D_GNU_SOURCE" when running configure in coral.

8.3 CoralReef won't compile with gcc 2.96. How do I fix this?

gcc 2.96 is NOT an official release, and we do not support it. See https://gcc.gnu.org/gcc-2.96.html for more details.

8.4 How do I fix compile errors involving PAnonymizer?

If you do not need the anonymizing features, you can disable them by using the --disable-cryptopan option to ./configure, which will avoid the compiler errors. In any case, please report the compiler error messages to coral-bugs@caida.org.

8.5 The Perl applications complain about undefined symbols. How do I fix this?

A runtime error message like this:

Can't load '/usr/local/Coral/lib/Coral.so' for module Coral: /usr/local/Coral/lib/Coral.so: Undefined symbol "__eprintf" at /usr/libdata/perl/5.00503/DynaLoader.pm line 169.

may be caused by using a different version of the C compiler or C libraries to compile Coral.so or ASFunc.so than was used to compile Perl. If your perl is newer than your compiler, then simply rebuilding CoralReef should fix this problem. If not, edit perl.inc in the top directory to set the variable PERL_LD to the name of the C compiler that was used to compile Perl, and run make clean and make install in the top directory. If that compiler is no longer available, you may need to reinstall Perl or the C libraries.

8.6 Why do the cell timestamps jump backward in my POINT trace? Why do some applications report intervals with negative duration?

Apparently there is a race condition in the card or driver between clock reset and beginning to capture data, causing a single backward jump a few hundred microseconds into a trace. In applications that report intervals, this problem can manifest itself as a negative duration in the first interval. This appears to affect both OC3 and OC12 point cards.

In CoralReef release 3.5, libcoral and most CoralReef applications will by default discard cells read before the clock reset, avoiding the problem. In earlier versions, you can use the application crl_time to find problems like this, and crl_cut to chop off the first few dozen bad cells.

8.7 Why do the cell timestamps jump backward in my FATM trace?

There appears to be a race condition in the FATM card between incrementing the high order clock when the low order clock wraps, and capturing more cells. This occasionally causes the timestamps to jump backwards a little less than 0.00262144 seconds when the low clock wraps, and then forward again by a little more than 0.00262144 seconds when the high clock catches up. (The period of the low clock wrap is 0.00262144 seconds.)

By default, libcoral and most CoralReef applications will attempt to compensate for this problem by incrementing the high clock when the low clock wraps, and then ignoring the next high clock increment reported by the driver. However, crl_trace and crl_encode do not perform this correction, so trace files will contain raw uncorrected data. Most other applications perform the correction when they read the trace.

8.8 Why does the point card sometimes report -185273100 or -454761244 cells lost?

This was due to a bug in older versions of the CoralReef POINT driver. It was fixed in version 3.3.2.

8.9 Why does running some Coral applications appear to cause cell/packet loss when the applications are run for a short durations?

Coral devices return their data to CoralReef in blocks of integral ATM cells (for FATM/Point cards blocks are 17545 cells and for DAG cards blocks are 16384 cells.) Normally, they do not return any data until a block fills up. When capturing one cell per packet (as crl_flow and crl_rate do), this means 17545 or 16384 cells must go by before the Coral device will give them to CoralReef. When an interval ends in realtime, CoralReef can not process the interval yet because it must assume the card is still holding a block containing packets belonging to that interval. So it waits for the card to fill up the block and give it to CoralReef. Only then can CoralReef look at the cell/packet timestamps and assign the delayed packets to the interval to which they belong. If the traffic rate is low, filling the block may take a long time, perhaps even multiple intervals. When the block finally fills, CoralReef reads it, and processes data for packets belonging to all intervals contained in the block. So, for example, if you use 10s intervals and you see pauses of  50s, and then output for 5 intervals all at once, it is because your traffic takes  50s to fill a block (e.g. 16384 packets in  50s, or  328 packets per second).

The only time the card will return a block before it is filled is when CoralReef stops the card, which it does when the duration ( -Cd) expires in realtime. So it will always be able to process data at the end of the duration, regardless of how full the last block is.

If you run applications like crl_flow repeatedly with 10s duration instead of once with infinite duration and 10s intervals, you will get reports approximately every 10s. But since that requires stopping the card and restarting it, you will also miss packets during the down time.

8.10 Why do CoralReef applications crash the first time one is run on a DAG card?

This was due to an incompatibility between old DAG drivers (earlier than 2.2.1d?) and CoralReef. We recommend you upgrade your DAG drivers.

8.11 Why does the report generator t2_report[++] report a large number of Autonomous Systems (AS's) as unknown?

ASFinder requires a current BGP table in order to perform the conversion from IP address to AS. This table must be kept current. See the answer to How can I convert an IP address into an AS (Autonomous System) number? and the documentation for ASFinder for more information.

8.12 Why doesn't my pcap filter expression match any packets on my VLAN?

Due to a bug in libpcap-0.6.2, you must specify the vlan iomode option on VLAN sources, or operations on layer 3 and above will not work. We hope this will be fixed in a future version of libpcap.

8.13 Why do I get "no support for coral_type=-2" when reading a native interface (or "-1" when reading a tcpdump file)?

A suitable version of libpcap was not found when you installed CoralReef. You should make sure libpcap is installed, and then reconfigure CoralReef. If libpcap is not in a standard location, you will need to use the --with-inclibdirs option when configuring CoralReef (see the INSTALL file).

8.14 "Warning: BPF filter on interface 0 will run in user space, not in kernel."

To support BPF filtering on linux systems, the CONFIG_PACKET kernel option must be enabled, and for best performance the CONFIG_FILTER kernel option should also be enabled (for more information, see "README.linux" in the libpcap documentation, and "Configure.help" in the linux kernel documentation).

8.15 Why do I get "Warning: Must use positive value to set FlowCounter's bytes" when reading t2-format data with CAIDA::Tables reading functions?

Assuming the input is not in fact corrupted or otherwise invalid, this is caused by an apparent bug in the 'perlio' layer in newer versions of perl. The CAIDA::Traffic2::FileReader module attempts to automatically change this layer in order to facilitate proper reading. If you aren't using FileReader (ie, calling CAIDA::Tables reading functions directly), setting the environmental variable PERLIO to 'stdio' should prevent this problem.


Next Previous Contents

Related Objects

See https://catalog.caida.org/software/coralreef/ to explore related objects to this document in the CAIDA Resource Catalog.