Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 1.8.1-RELEASE & FreeBSD 4.X (including latest 4.4-STABLE)

From: Borja Marcos <borjamar () sarenet es>
Date: Thu, 27 Sep 2001 20:39:55 +0200

        Hello,

        I have been experiencing crashes in Snort 1.8.1-RELEASE under FreeBSD 
4.X. The process died with signal 11.

        There is a problem anyway in the Snort Makefile. gcc 2.95.2 has problems 
with the "-O2" optimization, so using it as a default may not be a good 
idea. I had problems with -O2 with Argus; problems disappeared removing 
the "-O2". As far as I know, this gcc bug affects most if not all 
platforms.

        Changing the optimization level has not helped, however. It seems to be a 
problem with the spp_arpspoof module. Any ideas?


        The backtrace is:

(gdb) backtrace
#0  0x805f2b1 in Database (p=0xbfbff584,
    msg=0x808d320 "Ethernet source/ARP sender address mismatch",
    arg=0x80cd680, event=0xbfbff510) at spo_database.c:823
#1  0x8056c5d in CallAlertPlugins (p=0xbfbff584,
    message=0x808d320 "Ethernet source/ARP sender address mismatch", 
args=0x0,
    event=0xbfbff510) at rules.c:3551
#2  0x8056bf3 in CallAlertFuncs (p=0xbfbff584,
    message=0x808d320 "Ethernet source/ARP sender address mismatch", 
head=0x0,
    event=0xbfbff510) at rules.c:3523
#3  0x807aaf4 in ARPspoofPreprocFunction (p=0xbfbff584) at 
spp_arpspoof.c:263
#4  0x8056aa3 in Preprocess (p=0xbfbff584) at rules.c:3426
#5  0x804b74f in ProcessPacket (user=0x0, pkthdr=0x80d0d28,
    pkt=0x80d0d3a "ÿÿÿÿÿÿ\002\002Â\036 Å\b\006") at snort.c:534
#6  0x280c56b9 in pcap_read () from /usr/lib/libpcap.so.2
#7  0x280c532f in pcap_loop () from /usr/lib/libpcap.so.2
#8  0x804cc80 in InterfaceThread (arg=0x0) at snort.c:1561
#9  0x804b610 in main (argc=27, argv=0xbfbffb3c) at snort.c:467
#10 0x804aed9 in _start ()


        Regards,




        Borja.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: