Snort mailing list archives
Re: memory corruption in 2.8.6
From: Russ Combs <rcombs () sourcefire com>
Date: Wed, 28 Apr 2010 16:10:40 -0400
If you configure with --enable-corefiles you will get a core file when the program crashes. You may need to set `ulimit -c unlimited`. You can then open the core in a debugger to see the stack. If you are using gdb, you can do `gdb -c <corefile>` and then 'bt' at the command prompt. On Wed, Apr 28, 2010 at 3:19 PM, Safwat Fahmy <safwat.fahmy () safemedia com>wrote:
Russ Where the backtrace file will be generated?? Thanks *From:* Russ Combs [mailto:rcombs () sourcefire com] *Sent:* Wednesday, April 28, 2010 1:34 PM *To:* Safwat Fahmy *Cc:* jesler () sourcefire com; Snort-users () lists sourceforge net *Subject:* Re: [Snort-users] memory corruption in 2.8.6 I'm unable to reproduce it. Can reconfigure with --enable-corefiles and send a backtrace please? On Wed, Apr 28, 2010 at 1:27 PM, Safwat Fahmy <safwat.fahmy () safemedia com> wrote: Thank you Russ Yes we are working with libnet 1.0.2a Just a reminder 2.8.6 work perfectly in a sniffer mode. The problem occurs only in inline mode running in the background. If I use the –Qvc the sig error will not happen Thanks Safwat *From:* Russ Combs [mailto:rcombs () sourcefire com] *Sent:* Wednesday, April 28, 2010 1:22 PM *To:* Safwat Fahmy *Cc:* jesler () sourcefire com; Snort-users () lists sourceforge net *Subject:* Re: [Snort-users] memory corruption in 2.8.6 Might this be a libnet issue? Are you sure you are linking with the correct version for your platform? On Wed, Apr 28, 2010 at 12:46 PM, Safwat Fahmy <safwat.fahmy () safemedia com> wrote: Running snort 2.8.6 with the flowing command line: /snort286inline/bin/snort -QDc /mnt/smlog/snort286inline/etc/snort.conf -l /mnt/smlog/logs br0 Result in the following error: initializing Inline mode building cached socket reset packets ** glibc detected *** /mnt/smlog/snort286inline/bin/snort: malloc(): memory corruption: 0x000000000143ece0 *** ====== Backtrace: ========= This is the config options: re --enable-build-dynamic-examples --enable-ipv6 --enable-gre --enable-timestats --enable-perfprofiling --enable-inline --enable-sourcefire --enable-aruba --enable-react --enable-flexresp2 --with-libpcap-libraries=/usr/lib64 --with-libpcre-libraries=/usr/lib64 --with-libipq-includes=/usr/include --with-libipq-libraries=/usr/lib --with-libnet-includes=/usr/include --with-libnet-libraries=/usr/lib64 --with-dnet-libraries=/usr/lib64 --with-mysql=/usr/share/mysql --with-mysql-includes=/usr/include/mysql --with-mysql-libraries=/usr/lib64/Mysql ip_queue and iptables_ filter were modprobe + iptables -I FORWARD -j QUEUE Can you help with this Many thanks Safwat ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- memory corruption in 2.8.6 Safwat Fahmy (Apr 28)
- Re: memory corruption in 2.8.6 Russ Combs (Apr 28)
- Re: memory corruption in 2.8.6 Safwat Fahmy (Apr 28)
- Re: memory corruption in 2.8.6 Russ Combs (Apr 28)
- Re: memory corruption in 2.8.6 Safwat Fahmy (Apr 28)
- Re: memory corruption in 2.8.6 Russ Combs (Apr 28)
- Re: memory corruption in 2.8.6 Joel Esler (Apr 28)
- Re: memory corruption in 2.8.6 Safwat Fahmy (Apr 28)
- Re: memory corruption in 2.8.6 Safwat Fahmy (Apr 28)
- Re: memory corruption in 2.8.6 Russ Combs (Apr 28)
- <Possible follow-ups>
- FW: memory corruption in 2.8.6 Safwat Fahmy (Apr 28)
- Re: FW: memory corruption in 2.8.6 Russ Combs (Apr 28)
- Re: FW: memory corruption in 2.8.6 Safwat Fahmy (Apr 28)
- Re: FW: memory corruption in 2.8.6 Russ Combs (Apr 29)
- Re: FW: memory corruption in 2.8.6 Safwat Fahmy (Apr 29)
- Re: FW: memory corruption in 2.8.6 Billy Marshall (Apr 29)
- Re: FW: memory corruption in 2.8.6 Safwat Fahmy (Apr 29)
- Re: FW: memory corruption in 2.8.6 Russ Combs (Apr 28)