Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 1.8.4b1 dumping core

From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 15 Feb 2002 22:01:52 -0500
Ok, for the sake of my sanity, please tell me you're on Ethernet and not
PPPoE.  Is that true?

     -Marty

On 2/15/02 9:36 PM, "Kris Kennaway" <kris () obsecurity org> wrote:


On Mon, Feb 04, 2002 at 11:06:28PM +0700, Fyodor wrote:

(gdb) bt
#0  pcap_read (p=0x0, cnt=134884155, callback=0x875bac0, user=0xc <Address
0xc out of bounds>)
    at /usr/src/lib/libpcap/../../contrib/libpcap/pcap-bpf.c:121
#1  0x807f430 in pcap_loop (p=0x8130000, cnt=-1, callback=0x875bac0,
user=0x0)
    at /usr/src/lib/libpcap/../../contrib/libpcap/pcap.c:79


That's very interesting. Pcap_t struct ptr which we pass to pcap_loop is
a meaningful pointer but pcap_read already has it set to NULL. Very
likely something messy has happened. (also user ptr got overwritten,
that normally shouldn't happen).
Strange that it didn't coredump somewhere at the beginning of
pcap_read():


Just FYI, this hasn't gone away..I've rebuilt snort a couple of times
in the meantime.  It seems to mostly dump core when I'm loading down
the network it's monitoring.

All of the coredumps I've bothered to check are in the same place (as
above).


ls -l /var/cores/

total 385056
-rw-------  1 root  wheel  7311360 Feb  3 20:29 snort.0.23239.core
-rw-------  1 root  wheel  8114176 Feb  6 19:17 snort.0.23903.core
-rw-------  1 root  wheel  7311360 Feb  3 20:46 snort.0.25722.core
-rw-------  1 root  wheel  8740864 Feb 15 18:29 snort.0.27952.core
-rw-------  1 root  wheel  7430144 Feb  3 16:52 snort.0.29362.core
-rw-------  1 root  wheel  7311360 Feb  3 20:49 snort.0.31452.core
-rw-------  1 root  wheel  7843840 Feb  3 21:25 snort.0.31697.core
-rw-------  1 root  wheel  7516160 Feb  2 16:22 snort.0.39788.core
-rw-------  1 root  wheel  7344128 Feb  3 21:58 snort.0.47071.core
-rw-------  1 root  wheel  8380416 Feb  3 20:24 snort.0.4715.core
-rw-------  1 root  wheel  7491584 Feb  4 03:54 snort.0.58269.core
-rw-------  1 root  wheel  7331840 Feb  3 17:10 snort.0.77834.core
-rw-------  1 root  wheel  7323648 Feb  3 17:20 snort.0.77888.core
-rw-------  1 root  wheel  7536640 Feb 15 18:29 snort.0.79705.core
-rw-------  1 root  wheel  7532544 Feb 15 18:29 snort.0.80215.core
-rw-------  1 root  wheel  7540736 Feb 15 18:30 snort.0.80981.core
-rw-------  1 root  wheel  7561216 Feb 15 18:31 snort.0.82992.core
-rw-------  1 root  wheel  7528448 Feb  2 16:43 snort.0.83120.core
-rw-------  1 root  wheel  7532544 Feb 15 18:31 snort.0.83659.core
-rw-------  1 root  wheel  7532544 Feb 15 18:32 snort.0.84139.core
-rw-------  1 root  wheel  7561216 Feb 15 18:33 snort.0.85029.core
-rw-------  1 root  wheel  7516160 Feb  2 15:28 snort.0.85884.core
-rw-------  1 root  wheel  7311360 Feb  3 18:52 snort.0.88255.core
-rw-------  1 root  wheel  7389184 Feb  3 15:59 snort.0.89818.core
-rw-------  1 root  wheel  7569408 Feb  3 19:27 snort.0.90795.core
-rw-------  1 root  wheel  7311360 Feb  4 04:20 snort.0.9569.core




Kris



-- 
Martin Roesch - Founder/CEO Sourcefire Inc. - (410) 552-6999
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: