Snort mailing list archives

Re: snort 1.8/solaris 8

From: "Michael H. Warfield" <mhw () wittsend com>
Date: Tue, 10 Jul 2001 20:06:32 -0400

On Wed, Jul 11, 2001 at 06:35:40AM +0700, Fyodor wrote:

http://snort.sourceforge.net/snort-1.8p1.tar.gz (a copy of todays
-current tarball) incorporates all the fixes for this (and a few other)
problems.


        Just downloaded and built this in the hopes that it would
cure a segv I was experiencing.  It seems to have changed something
(but it could just be the network traffic that changed - I'm monitoring
a /17 "darknet") but I still got a segv.

[root@darkroom snort-1.8p1]# gdb snort
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) attach 26410
Attaching to program: /usr/src/redhat/BUILD/snort-1.8p1/snort, Pid 26410
0x400ffc02 in ?? ()
(gdb) continue
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x8073c61 in BuildPacket (s=0x809c0ec, stream_size=134694624, p=0xbffff3dc, 
    direction=134692194) at spp_stream4.c:2584
2584        stream_pkt->tcph->th_ack = p->tcph->th_ack;
(gdb) where
#0  0x8073c61 in BuildPacket (s=0x809c0ec, stream_size=134694624, 
    p=0xbffff3dc, direction=134692194) at spp_stream4.c:2584
#1  0x809c0ec in codes ()
#2  0x8073ccb in BuildPacket (s=0x809c0ec, stream_size=134694624, p=0x809c0ec, 
    direction=0) at spp_stream4.c:2599
#3  0x8073d62 in PsAlloc (size=134856940) at spp_stream4.c:2647
#4  0x8076acb in gen_linktype ()
#5  0x8076e76 in gen_thostop ()
#6  0x80757b2 in pcap_open_live_new ()
#7  0x8055be3 in InitOutputPlugins () at plugbase.c:107
#8  0x804a88a in ShowUsage (progname=0x0) at snort.c:536
#9  0x8078ca6 in gen_broadcast ()
#10 0x80795d1 in init_val ()
#11 0x804bd70 in OpenPcap (intf=0x0, num=1) at snort.c:1575
#12 0x804a778 in ProcessPacket (user=0xe <Address 0xe out of bounds>, 
    pkthdr=0xbffffaf4, 
    pkt=0xbffffb30 
"tüÿ¿\226üÿ¿¤üÿ¿¶üÿ¿Äüÿ¿ãüÿ¿ðüÿ¿\003ýÿ¿\035ýÿ¿(ýÿ¿6ýÿ¿rýÿ¿}ýÿ¿\222ýÿ¿¢ýÿ¿¬ýÿ¿Øýÿ¿ãýÿ¿\002þÿ¿\017þÿ¿\027þÿ¿Úÿÿ¿") at 
snort.c:465
#13 0x400659cb in ?? ()
(gdb)


        This isn't where it blew up the last time on 1.8-RELEASE.

        This is a RedHat 6.2 system and I build 1.8p1 into an RPM
(to try and keep revs on the system straight).

        Anything I can try to debug it further?

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort 1.8/solaris 8 Jeff Ito (Jul 10)
- Re: snort 1.8/solaris 8 Fyodor (Jul 10)
  - Re: snort 1.8/solaris 8 Michael H. Warfield (Jul 10)
- <Possible follow-ups>
- RE: snort 1.8/solaris 8 Kevin Brown (Jul 10)