Snort mailing list archives
Re: Stream4 update checked in
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 19 Jul 2001 13:29:13 -0400
Ok, I just checked in another update to stream4, try this one and let me know how it works... -Marty Lai Zit Seng wrote:
On Thu, 19 Jul 2001, Martin Roesch wrote:Can you go into gdb and type the following commands:Sure. Just in case I'm doing something silly... here's my snort command line: snort -z est -DNy -c /etc/snort/snort.conf -i eth1 (gdb) bt #0 0x401c9b9c in memcpy () from /lib/i686/libc.so.6 #1 0x08073271 in TraverseFunc (NodePtr=0x85f6848, build_data=0xbffff280) at spp_stream4.c:408 #2 0x080724d8 in ubi_btTraverse (RootPtr=0x85f5814, EachNode=0x80731ac <TraverseFunc>, UserData=0xbffff280) at ubi_BinTree.c:1006 #3 0x08075f44 in BuildPacket (s=0x85f57f0, stream_size=209, p=0xbffff380, direction=0) at spp_stream4.c:2679 #4 0x08075d17 in FlushStream (s=0x85f57f0, p=0xbffff380, direction=0) at spp_stream4.c:2573 #5 0x080740fa in ReassembleStream4 (p=0xbffff380) at spp_stream4.c:1123 #6 0x08055cba in Preprocess (p=0xbffff380) at rules.c:3427 #7 0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff870, pkt=0x402a5042 "") at snort.c:512 #8 0x08077816 in packet_ring_recv () at eval.c:41 #9 0x08077b3f in pcap_read () at eval.c:41 #10 0x080787ef in pcap_loop () at eval.c:41 #11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441 #12 0x0804b3cf in main (argc=8, argv=0xbffffacc) at snort.c:445 #13 0x4015e177 in __libc_start_main (main=0x804ad70 <main>, argc=8, ubp_av=0xbffffacc, init=0x804a23c <_init>, fini=0x80821e0 <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffffabc) at ../sysdeps/generic/libc-start.c:129 (gdb) up #1 0x08073271 in TraverseFunc (NodePtr=0x85f6848, build_data=0xbffff280) at spp_stream4.c:408 408 (gdb) p spd->stream_offset No symbol "spd" in current context. (gdb) p spd->payload_size No symbol "spd" in current context. (gdb) p spd->seq_num No symbol "spd" in current context. (gdb) p trunc_size $1 = 140470344 (gdb) p s->base_seq Cannot access memory at address 0x67f6e839 (gdb) p s->last_ack Cannot access memory at address 0x67f6e83d Hmm I've no idea why it is complaining about 'spd'. Regards, .lzs _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stream4 update checked in Martin Roesch (Jul 18)
- Re: Stream4 update checked in Lai Zit Seng (Jul 18)
- Re: Stream4 update checked in Lai Zit Seng (Jul 18)
- Re: Stream4 update checked in Martin Roesch (Jul 19)
- Re: Stream4 update checked in Lai Zit Seng (Jul 19)
- Re: Stream4 update checked in Martin Roesch (Jul 19)
- Re: Stream4 update checked in Lai Zit Seng (Jul 19)
- Re: Stream4 update checked in Lai Zit Seng (Jul 18)