Snort mailing list archives
Re: Stream4 update checked in
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 19 Jul 2001 09:13:10 -0400
Can you go into gdb and type the following commands: up p spd->stream_offset p spd->payload_size p spd->seq_num p trunc_size p s->base_seq p s->last_ack Thanks. -Marty Lai Zit Seng wrote:
I'm trying this latest build, but it still seems to dump core. It is a segfault in memcpy() now. The stack trace: #0 0x401c9b9c in memcpy () from /lib/i686/libc.so.6 #1 0x08073271 in TraverseFunc (NodePtr=0x87e5270, build_data=0xbffff280) at spp_stream4.c:408 #2 0x080724d8 in ubi_btTraverse (RootPtr=0x870443c, EachNode=0x80731ac <TraverseFunc>, UserData=0xbffff280) at ubi_BinTree.c:1006 #3 0x08075f44 in BuildPacket (s=0x8704418, stream_size=7924, p=0xbffff380, direction=0) at spp_stream4.c:2679 #4 0x08075d17 in FlushStream (s=0x8704418, p=0xbffff380, direction=0) at spp_stream4.c:2573 #5 0x080740fa in ReassembleStream4 (p=0xbffff380) at spp_stream4.c:1123 #6 0x08055cba in Preprocess (p=0xbffff380) at rules.c:3427 #7 0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff870, pkt=0x402a1042 "") at snort.c:512 #8 0x08077816 in packet_ring_recv () at eval.c:41 #9 0x08077b3f in pcap_read () at eval.c:41 #10 0x080787ef in pcap_loop () at eval.c:41 #11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441 #12 0x0804b3cf in main (argc=8, argv=0xbffffacc) at snort.c:445 #13 0x4015e177 in __libc_start_main (main=0x804ad70 <main>, argc=8, ubp_av=0xbffffacc, init=0x804a23c <_init>, fini=0x80821e0 <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffffabc) at ../sysdeps/generic/libc-start.c:129 Regards, .lzs On Thu, 19 Jul 2001, Martin Roesch wrote:Ok, everyone tracking stream4 development should check out the most recent CVS commit, I've changed the reassembly mechanisms to be much less naive about what they'll find in the stream packet cache and have developed a safer pruning mechanism for clearing rebuilt segments (I hope). Please download it and have a look when you get the chance!_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stream4 update checked in Martin Roesch (Jul 18)
- Re: Stream4 update checked in Lai Zit Seng (Jul 18)
- Re: Stream4 update checked in Lai Zit Seng (Jul 18)
- Re: Stream4 update checked in Martin Roesch (Jul 19)
- Re: Stream4 update checked in Lai Zit Seng (Jul 19)
- Re: Stream4 update checked in Martin Roesch (Jul 19)
- Re: Stream4 update checked in Lai Zit Seng (Jul 19)
- Re: Stream4 update checked in Lai Zit Seng (Jul 18)