Snort mailing list archives

Snort Dumps....

From: JSeddon () semtech com
Date: Mon, 6 Aug 2001 14:22:16 -0700
This is the first time I've used used this list to troubleshoot a core dump
so point me right if I'm screwing it up.  I'm running snort1.8 on a
RedHat7.1 box.  Snort runs great for anywhere from 1-5 hours but never
longer.  Then it dumps a core.  I've followed the FAQ procedure and here's
the gdb output.  Is there anything else I can forward that will help us
figure this out?

James

     GNU gdb 5.0rh-5 Red Hat Linux 7.1
     Copyright 2001 Free Software Foundation, Inc.
     GDB is free software, covered by the GNU General Public License, and
     you are
     welcome to change it and/or distribute copies of it under certain
     conditions.
     Type "show copying" to see the conditions.
     There is absolutely no warranty for GDB.  Type "show warranty" for
     details.
     This GDB was configured as "i386-redhat-linux"...
     Core was generated by `snort -c /etc/snort/snort.conf -d -D -o -h
     204.216.171.0/24'.
     Program terminated with signal 11, Segmentation fault.
     Reading symbols from /lib/i686/libm.so.6...done.
     Loaded symbols for /lib/i686/libm.so.6
     Reading symbols from /lib/libnsl.so.1...done.
     Loaded symbols for /lib/libnsl.so.1
     Reading symbols from /usr/lib/libssl.so.1...done.
     Loaded symbols for /usr/lib/libssl.so.1
     Reading symbols from /usr/lib/libcrypto.so.1...done.
     Loaded symbols for /usr/lib/libcrypto.so.1
     Reading symbols from /lib/i686/libc.so.6...done.
     Loaded symbols for /lib/i686/libc.so.6
     Reading symbols from /lib/libdl.so.2...done.
     Loaded symbols for /lib/libdl.so.2
     Reading symbols from /lib/ld-linux.so.2...done.
     Loaded symbols for /lib/ld-linux.so.2
     Reading symbols from /lib/libnss_files.so.2...done.
     Loaded symbols for /lib/libnss_files.so.2
     Reading symbols from /lib/libnss_nisplus.so.2...done.
     Loaded symbols for /lib/libnss_nisplus.so.2
     #0  0x08052981 in mSearch (
         buf=0x402b02db "MC_COOKIETEST=YES\r\n\r\nC_IN min 12v <>
     load_I_min",
         blen=65510, ptrn=0x8465f90 ".ewl", plen=4, skip=0x8465fa0,
     shift=0x84663a8)
         at mstring.c:506
     ---Type <return> to continue, or q <return> to quit---
     506          }
     (gdb) where
     #0  0x08052981 in mSearch (
         buf=0x402b02db "MC_COOKIETEST=YES\r\n\r\nC_IN min 12v <>
     load_I_min",
         blen=65510, ptrn=0x8465f90 ".ewl", plen=4, skip=0x8465fa0,
     shift=0x84663a8)
         at mstring.c:506
     #1  0x08058c06 in CheckUriPatternMatch (p=0xbffff290,
     otn_idx=0x84654b0,
         fp_list=0x84663c0) at sp_pattern_match.c:873
     #2  0x0805614f in EvalOpts (List=0x81196f0, p=0xbffff290) at
     rules.c:4026
     #3  0x08055e89 in EvalHeader (rtn_idx=0x80fa3e8, p=0xbffff290) at
     rules.c:3745
     #4  0x08055e14 in EvalPacket (List=0x809ed18, mode=2, p=0xbffff290)
         at rules.c:3673
     #5  0x08055c90 in Detect (p=0xbffff290) at rules.c:3565
     #6  0x08055ac7 in Preprocess (p=0xbffff290) at rules.c:3433
     #7  0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff780,
         pkt=0x402b0042 "") at snort.c:512
     #8  0x08077426 in packet_ring_recv () at eval.c:41
     #9  0x0807774f in pcap_read () at eval.c:41
     #10 0x080783ff in pcap_loop () at eval.c:41
     #11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441
     #12 0x0804b3cf in main (argc=8, argv=0xbffff9d4) at snort.c:445
     #13 0x40161177 in __libc_start_main (main=0x804ad70 <main>, argc=8,
         ubp_av=0xbffff9d4, init=0x804a23c <_init>, fini=0x8081df0 <_fini>,
         rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff9cc)
         at ../sysdeps/generic/libc-start.c:129
     (gdb) bt
     #0  0x08052981 in mSearch (
         buf=0x402b02db "MC_COOKIETEST=YES\r\n\r\nC_IN min 12v <>
     load_I_min",
         blen=65510, ptrn=0x8465f90 ".ewl", plen=4, skip=0x8465fa0,
     shift=0x84663a8)
         at mstring.c:506
     #1  0x08058c06 in CheckUriPatternMatch (p=0xbffff290,
     otn_idx=0x84654b0,
         fp_list=0x84663c0) at sp_pattern_match.c:873
     #2  0x0805614f in EvalOpts (List=0x81196f0, p=0xbffff290) at
     rules.c:4026
     #3  0x08055e89 in EvalHeader (rtn_idx=0x80fa3e8, p=0xbffff290) at
     rules.c:3745
     #4  0x08055e14 in EvalPacket (List=0x809ed18, mode=2, p=0xbffff290)
         at rules.c:3673
     #5  0x08055c90 in Detect (p=0xbffff290) at rules.c:3565
     #6  0x08055ac7 in Preprocess (p=0xbffff290) at rules.c:3433
     #7  0x0804b4ff in ProcessPacket (user=0x0, pkthdr=0xbffff780,
         pkt=0x402b0042 "") at snort.c:512
     #8  0x08077426 in packet_ring_recv () at eval.c:41
     #9  0x0807774f in pcap_read () at eval.c:41
     #10 0x080783ff in pcap_loop () at eval.c:41
     #11 0x0804c8b0 in InterfaceThread (arg=0x0) at snort.c:1441
     #12 0x0804b3cf in main (argc=8, argv=0xbffff9d4) at snort.c:445
     #13 0x40161177 in __libc_start_main (main=0x804ad70 <main>, argc=8,
         ubp_av=0xbffff9d4, init=0x804a23c <_init>, fini=0x8081df0 <_fini>,
         rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff9cc)
         at ../sysdeps/generic/libc-start.c:129




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Snort Dumps.... JSeddon (Aug 06)
- Re: Snort Dumps.... George D. Nincehelser (Aug 06)