Snort mailing list archives
Re: snort SIGSEGV
From: Russ Combs <rcombs () sourcefire com>
Date: Wed, 2 Jan 2013 12:54:22 -0500
Hi - thanks for reporting the issue. I thought we had fixed something like this but can't locate a change to fix it. Can you reproduce this issue? It would be great to get a pcap and conf. Otherwise, upgrading may be your quickest way around it. Thanks Russ On Wed, Dec 26, 2012 at 4:42 AM, Smit Smit <lonely.ruyk () yandex ru> wrote:
Hello.
Please help me with my problem.
I use snort since April 2012 and it work fine but last one or two months
sometimes one of my sensors dies from SIGSEGV
here is bt from gdb
#0 0x000000080190b7f5 in free () from /lib/libc.so.7
#1 0x0000000000496020 in Stream5DropSegment (seg=0x81b3a7040) at
snort_stream5_tcp.c:3222
#2 0x00000000004960b7 in Stream5SeglistDeleteNode (st=0x80f9d8e00,
seg=Variable "seg" is not available.
) at snort_stream5_tcp.c:9376
#3 0x00000000004a165f in CheckFlushPolicyOnAck (tcpssn=0x80f9d8e00,
talker=0x80f9d8e00, listener=0x80f9d8f70, tdb=0x7fffffffc630,
p=0x7fffffffc820)
at snort_stream5_tcp.c:3337
#4 0x00000000004a6bad in ProcessTcp (lwssn=0x81c751270, p=0x7fffffffc820,
tdb=0x7fffffffc630, s5TcpPolicy=0x811c07000) at snort_stream5_tcp.c:8804
#5 0x00000000004a9995 in Stream5ProcessTcp (p=0x7fffffffc820,
lwssn=0x81c751270, s5TcpPolicy=0x811c07000, skey=0x7fffffffc740) at
snort_stream5_tcp.c:5276
#6 0x0000000000482dd5 in Stream5Process (p=0x7fffffffc820,
context=Variable "context" is not available.
) at spp_stream5.c:1422
#7 0x0000000000437ee8 in Preprocess (p=0x7fffffffc820) at detect.c:211
#8 0x000000000042d0d8 in ProcessPacket (p=0x7fffffffc820, pkthdr=Variable
"pkthdr" is not available.
) at snort.c:1648
#9 0x000000000042f87d in PacketCallback (user=Variable "user" is not
available.
) at snort.c:1508
#10 0x00000000004c8945 in pcap_process_loop ()
#11 0x0000000801229392 in pcap_create () from /usr/local/lib/libpcap.so.1
#12 0x00000000004c8d74 in pcap_daq_acquire ()
#13 0x0000000000447c7c in DAQ_Acquire (max=Variable "max" is not available.
) at sfdaq.c:541
#14 0x0000000000430bef in PacketLoop () at snort.c:2929
#15 0x0000000000431a05 in SnortMain (argc=1, argv=0x7fffffffd6a0) at
snort.c:782
#16 0x000000000040470e in _start ()
(gdb) l snort_stream5_tcp.c:3222
3217
3218 if(seg->pktOrig != NULL)
3219 {
3220 mem_in_use -= seg->caplen;
3221 dropped += seg->caplen;
3222 free(seg->pktOrig);
3223 seg->pktOrig = NULL;
3224 }
3225
3226 mem_in_use -= sizeof(StreamSegment);
FreeBSD# snort -V
,,_ -*> Snort! <*-
o" )~ Version 2.9.3.1 IPv6 GRE (Build 40) FreeBSD
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 1998-2012 Sourcefire, Inc., et al.
Using libpcap version 1.1.1
Using PCRE version: 8.30 2012-02-04
Using ZLIB version: 1.2.5
P.S.: Thanks and sorry for my English.
------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: snort SIGSEGV Russ Combs (Jan 02)