Re: Stream4 update checked in

[Lai Zit Seng <laizs () comp nus edu sg>]

Hi...

So far so good.. over 4 hours now :) Thanks!

Regards,

.lzs

On Thu, 19 Jul 2001, Martin Roesch wrote:

> Ok, I just checked in another update to stream4, try this one and let me
> know how it works...
>
>      -Marty
>
> Lai Zit Seng wrote:
> > On Thu, 19 Jul 2001, Martin Roesch wrote:
> >
> > > Can you go into gdb and type the following commands:
> >
> > Sure. Just in case I'm doing something silly... here's my snort command
> > line: snort -z est -DNy -c /etc/snort/snort.conf -i eth1
> >
> > (gdb) bt
> > #0  0x401c9b9c in memcpy () from /lib/i686/libc.so.6
> > #1  0x08073271 in TraverseFunc (NodePtr=0x85f6848, build_data=0xbffff280)
> >     at spp_stream4.c:408
> > #2  0x080724d8 in ubi_btTraverse (RootPtr=0x85f5814,
> >     EachNode=0x80731ac <TraverseFunc>, UserData=0xbffff280)
> >     at ubi_BinTree.c:1006
> > #3  0x08075f44 in BuildPacket (s=0x85f57f0, stream_size=209, p=0xbffff380,
> >     direction=0) at spp_stream4.c:2679
> > #4  0x08075d17 in FlushStream (s=0x85f57f0, p=0xbffff380, direction=0)
> >     at spp_stream4.c:2573
> > #5  0x080740fa in ReassembleStream4 (p=0xbffff380) at spp_stream4.c:1123
> > #6  0x08055cba in Preprocess (p=0xbffff380) at rules.c:3427
> > #7  0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff870,
> >     pkt=0x402a5042 "") at snort.c:512
> > #8  0x08077816 in packet_ring_recv () at eval.c:41
> > #9  0x08077b3f in pcap_read () at eval.c:41
> > #10 0x080787ef in pcap_loop () at eval.c:41
> > #11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441
> > #12 0x0804b3cf in main (argc=8, argv=0xbffffacc) at snort.c:445
> > #13 0x4015e177 in __libc_start_main (main=0x804ad70 <main>, argc=8,
> >     ubp_av=0xbffffacc, init=0x804a23c <_init>, fini=0x80821e0 <_fini>,
> >     rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffffabc)
> >     at ../sysdeps/generic/libc-start.c:129
> > (gdb) up
> > #1  0x08073271 in TraverseFunc (NodePtr=0x85f6848, build_data=0xbffff280)
> >     at spp_stream4.c:408
> > 408
> > (gdb) p spd->stream_offset
> > No symbol "spd" in current context.
> > (gdb) p spd->payload_size
> > No symbol "spd" in current context.
> > (gdb) p spd->seq_num
> > No symbol "spd" in current context.
> > (gdb) p trunc_size
> > $1 = 140470344
> > (gdb) p s->base_seq
> > Cannot access memory at address 0x67f6e839
> > (gdb) p s->last_ack
> > Cannot access memory at address 0x67f6e83d
> >
> > Hmm I've no idea why it is complaining about 'spd'.
> >
> > Regards,
> >
> > .lzs
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > http://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> --
> Martin Roesch
> roesch () sourcefire com
> http://www.sourcefire.com - http://www.snort.org


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users