search

pavel-odintsov / fastnetmon

FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
https://fastnetmon.com
GNU General Public License v2.0
3.44k stars 569 forks source link

Fastnetmon stops working with error "Can't find vector address in subnet map for unban function" #993

Closed AndriusV4 closed 1 year ago

AndriusV4 commented 1 year ago

Hello, we noticed that after running for some time and doing some ban/unban actions, Fastnetmon stops working and is logging this error each 60 seconds:

2023-08-03 11:26:51,055 [ERROR] Can't find vector address in subnet map for unban function
2023-08-03 11:27:51,056 [ERROR] Can't find vector address in subnet map for unban function
2023-08-03 11:28:51,056 [ERROR] Can't find vector address in subnet map for unban function

When this is happening Fastnetmon is still capturing traffic and can notice attacks (Using fastnetmon_client we can see that it sees traffic higher than set thresholds and puts the IP address in the 'ban list', but the ban action is never called)

Restarting the Fastnetmon fixes the issue, but this happens again in some time (sometimes it takes 1-2 hours, sometimes longer), but always happens right after the unban action.

Full log attached at the top.

Any help in fixing this would be appreciated, thanks!

pavel-odintsov commented 1 year ago

Hello!

We've reworked this logic completely as it clearly has race condition issues. I can recommend installing new version using this guide: https://fastnetmon.com/install/ it will resolve this issue completely.

pavel-odintsov commented 1 year ago

I'm closing this issue as we're pretty sure that proposed solution will help. Feel free to reopen it if needed.

AndriusV4 commented 1 year ago

For now it looks like that the newest version doesn't have this issue anymore or at least we haven't ran into it yet. Thanks!

pavel-odintsov commented 1 year ago

Hello!

Great news. Thank you for confirming.