panic: interface conversion: gopacket.Layer is nil with fragmented packets
Closed this issue · 5 comments
top-secrett commented
Describe the bug
Today we faced DDoS attack and collector constantly failed. Error in attached sreenshot
Version 0.43.0
dmachard commented
Crash reproduced in my side! Could you share your config file ?
Thank you for the report.
top-secrett commented
global:
# If turned on, log some applications messages
trace:
# debug informations
verbose: true
server-identity: "ns4.***"
text-format: "localtime id qr rcode queryip responseip family protocol qtype qname answer answercount length-unit aa df tr edns-csubnet tc malformed"
text-format-delimiter: " | "
text-format-boundary: "\""
# create your dns collector, please refer bellow to see the list
# of supported collectors, loggers and transformers
multiplexer:
collectors:
- name: ns4-col-ipv4
afpacket-sniffer:
port: 53
device: ens192
chan-buffer-size: 65535
transforms:
normalize:
qname-lowercase: false
quiet-text: true
- name: ns4-col-ipv6
afpacket-sniffer:
port: 53
device: ens224
chan-buffer-size: 65535
transforms:
normalize:
qname-lowercase: false
quiet-text: true
loggers:
- name: ns4-log
logfile:
file-path: /var/log/dns/queries.log
mode: text
flush-interval: 1
max-size: 100000000
max-files: 0
routes:
- from: [ ns4-col-ipv4 ]
to: [ ns4-log ]
- from: [ ns4-col-ipv6 ]
to: [ ns4-log ]
dmachard commented
Thanks for the config.
The root cause has been identified , the BPF filter of the sniffer is incorrect with fragmented packets.
I need time to do more tests and push a full fix to support properly fragmented packets.
In the meantime, I can push a quick fix to ignore fragmented packet and avoid the crash, if necessary ?
top-secrett commented
@dmachard It would be great because DDoS is still going on
dmachard commented
Quickfix pushed in release v0.44.0-beta1.