Project

General

Profile

Bug #8277

ntopng service fails to start on 2.4.3

Added by Andrew - over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Category:
ntop
Target version:
-
Start date:
01/13/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.3
Affected Architecture:

Description

Since the upgrade of the ports tree to ntopng-3.2.2017.12.06, the ntopng service no longer starts.

The system log shows pid [...] (ntopng), uid 0: exited on signal 11 (core dumped)

The service can be started manually from the command line (i.e. by running ntopng directly, rather than going through the pfsense UI) and then works. I would hazard a guess that something has changed on the command line syntax since the previous version.

History

#1 Updated by Michael Kellogg over 1 year ago

#2 Updated by Andrew - over 1 year ago

Thanks. Yes, looking at the ntopng prefs.cpp on GitHub it looks like that command line option has been removed in 3.2. So the pfSense package should also have the option removed from the GUI, hence this bug report.

#3 Updated by Andrew - over 1 year ago

By the way, I think there's an additional issue in that this warning is triggered on start up:

ntopng has not been compiled with libcap-dev
Network discovery and other privileged activities will fail

... so the new functionality in 3.2 doesn't appear to be working anyway.

Thanks.

#4 Updated by Jim Thompson over 1 year ago

  • Assignee set to Renato Botelho

#5 Updated by Guido Falsi over 1 year ago

I could be wrong but libcap is a linux specific library to support capabilities as supported by the linux kernel.

There is and I don't think there cannot be a libcap for FreeBSD.

FreeBSD uses a capability framework known as capsicum, which is a different thing, with a different API and most probably different features.

Anyway adding capsicum support in ntopng would require some development activity in ntopng, which is different from simply adding a dependency.

I'll be asking the ntopng developers anyway.

UPDATE:

The functionality protected by capabilities mode is available on any OS as long as ntopng is running as root.

libcap is used to allow limited capabilities to be retained after dropping privileges as far as i understand.

Similar functionality should be possible using capsicum but that's to be investigated.

#6 Updated by Jim Pingle about 1 year ago

  • Subject changed from ntopng 3.2.2017.12.06 service fails to start to ntopng service fails to start on 2.4.3
  • Status changed from New to Feedback

A new version of ntopng is available now on 2.4.4 snapshots which should address this issue. Try it there and let us know if it works.

#7 Updated by James Dekker about 1 year ago

Tested on 2.4.4.a.20180412.1121, service starts and can be accessed.

#8 Updated by Jim Pingle about 1 year ago

  • Status changed from Feedback to Assigned

Since it's OK on 2.4.4, we can copy back the new ntopng to 2.4.3 now

#9 Updated by Renato Botelho about 1 year ago

  • Status changed from Assigned to Feedback
  • % Done changed from 0 to 100

Done on 2.4.3 and 2.3.5

#10 Updated by Jim Pingle about 1 year ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF