Snort mailing list archives
Re: [rhelv5-list] snort 2.9.0 Centos 5.5
From: vincent () cojot name
Date: Mon, 8 Nov 2010 11:54:49 +0100 (CET)
Hi everyone, Another quick followup: snort-2.9.0.1 works fine with libpcap-1.1.1 on RHEL5.5 if compiled with --disable-remote. I wonder if that libpcap feature is important to snort.. If not, then I'll just disable it for now.. Vincent On Fri, 5 Nov 2010, vincent () cojot name wrote:
Hi Russ, Here's what I got: [root@rh5x64 x86_64]# gdb /usr/sbin/snort GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/sbin/snort...Reading symbols from /usr/lib/debug/usr/sbin/snort-mysql.debug... done. (gdb) set args -i eth0 (gdb) r Starting program: /usr/sbin/snort -i eth0 --== Initializing Snort ==-- Initializing Output Plugins! pcap DAQ configured to passive. Acquiring network traffic from "eth0". Program received signal SIGSEGV, Segmentation fault. 0x00000000004a072c in pcap_daq_start () (gdb) bt #0 0x00000000004a072c in pcap_daq_start () #1 0x0000000000438974 in DAQ_Start () at ../../src/sfdaq.c:414 #2 0x0000000000424f2a in SnortMain (argc=3, argv=0x7fffffffe6d8) at ../../src/snort.c:712 #3 0x000000323301d994 in __libc_start_main () from /lib64/libc.so.6 #4 0x00000000004046a9 in _start () Also, the last few lines of 'strace /usr/sbin/snort -i eth0' result in: open("/proc/net/dev", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aeb64ab0000 read(3, "Inter-| Receive "..., 4096) = 571 close(3) = 0 munmap(0x2aeb64ab0000, 4096) = 0 socket(PF_PACKET, SOCK_RAW, 768) = 3 ioctl(3, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0 ioctl(3, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=00:0c:29:8a:b8:dd}) = 0 ioctl(3, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=2}) = 0 bind(3, {sa_family=AF_PACKET, proto=0x03, if2, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0 getsockopt(3, SOL_SOCKET, SO_ERROR, [3676992137137750016], [4]) = 0 setsockopt(3, SOL_PACKET, PACKET_ADD_MEMBERSHIP, "\2\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 0 setsockopt(3, SOL_PACKET, 0x8 /* PACKET_??? */, [1], 4) = 0 setsockopt(3, SOL_PACKET, PACKET_RX_RING, "\0\20\0\0\234\2\0\0\6\0\0008\5\0\0", 16) = 0 mmap(NULL, 2736128, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2aeb64ab0000 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 ioctl(4, SIOCGIFADDR, {ifr_name="eth0", ifr_addr={AF_INET, inet_addr("192.168.128.157")}}) = 0 ioctl(4, SIOCGIFNETMASK, {ifr_name="eth0", ifr_netmask={AF_INET, inet_addr("255.255.255.0")}}) = 0 close(4) = 0 open("/proc/net/dev", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aeb64d4c000 read(4, "Inter-| Receive "..., 4096) = 571 close(4) = 0 munmap(0x2aeb64d4c000, 4096) = 0 getsockopt(3, SOL_PACKET, PACKET_STATISTICS, "\16\0\0\0\0\0\0\0", [8]) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 04)
- Re: [rhelv5-list] snort 2.9.0 Centos 5.5 Russ Combs (Nov 04)
- Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 05)
- Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 08)
- Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 05)
- Re: [rhelv5-list] snort 2.9.0 Centos 5.5 vincent (Nov 05)
- Re: [rhelv5-list] snort 2.9.0 Centos 5.5 Russ Combs (Nov 04)