Snort mailing list archives

Re: Stream4 update checked in

From: Lai Zit Seng <lzs () pobox com>
Date: Thu, 19 Jul 2001 12:55:51 +0800 (SGT)

I'm trying this latest build, but it still seems to dump core. It is a
segfault in memcpy() now. The stack trace:

#0  0x401c9b9c in memcpy () from /lib/i686/libc.so.6
#1  0x08073271 in TraverseFunc (NodePtr=0x87e5270, build_data=0xbffff280)
    at spp_stream4.c:408
#2  0x080724d8 in ubi_btTraverse (RootPtr=0x870443c,
    EachNode=0x80731ac <TraverseFunc>, UserData=0xbffff280)
    at ubi_BinTree.c:1006
#3  0x08075f44 in BuildPacket (s=0x8704418, stream_size=7924,
p=0xbffff380,
    direction=0) at spp_stream4.c:2679
#4  0x08075d17 in FlushStream (s=0x8704418, p=0xbffff380, direction=0)
    at spp_stream4.c:2573
#5  0x080740fa in ReassembleStream4 (p=0xbffff380) at spp_stream4.c:1123
#6  0x08055cba in Preprocess (p=0xbffff380) at rules.c:3427
#7  0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff870,
    pkt=0x402a1042 "") at snort.c:512
#8  0x08077816 in packet_ring_recv () at eval.c:41
#9  0x08077b3f in pcap_read () at eval.c:41
#10 0x080787ef in pcap_loop () at eval.c:41
#11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441
#12 0x0804b3cf in main (argc=8, argv=0xbffffacc) at snort.c:445
#13 0x4015e177 in __libc_start_main (main=0x804ad70 <main>, argc=8,
    ubp_av=0xbffffacc, init=0x804a23c <_init>, fini=0x80821e0 <_fini>,
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffffabc)
    at ../sysdeps/generic/libc-start.c:129

Regards,

.lzs

On Thu, 19 Jul 2001, Martin Roesch wrote:

Ok, everyone tracking stream4 development should check out the most
recent CVS commit, I've changed the reassembly mechanisms to be much
less naive about what they'll find in the stream packet cache and have
developed a safer pruning mechanism for clearing rebuilt segments (I
hope).  Please download it and have a look when you get the chance!



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Stream4 update checked in Martin Roesch (Jul 18)
- Re: Stream4 update checked in Lai Zit Seng (Jul 18)
  - Re: Stream4 update checked in Lai Zit Seng (Jul 18)
  - Re: Stream4 update checked in Martin Roesch (Jul 19)
    - Re: Stream4 update checked in Lai Zit Seng (Jul 19)
    - Re: Stream4 update checked in Martin Roesch (Jul 19)
    - Re: Stream4 update checked in Lai Zit Seng (Jul 19)