Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort dumps core after 2 hours

From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 19 Jul 2001 18:16:21 -0400
Download build 46 and try again.

   -Marty

Andreas Maus wrote:


Hi!

I grabbed snort 1.8p1 from the site and start it.
After approx. 2 hours it dumps core.

My system is:

Linux conglom-o 2.2.13 #18 Wed Jun 6 15:48:17 CEST 2001 i586 unknown

Running gdb against the core file it says:

root@conglom-o:~ $ gdb /usr/local/bin/snort core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-suse-linux-gnu"...
Core was generated by `/usr/local/bin/snort -A full -l /var/log/snort -U -y -z e
st -c /etc/rules/snort'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /usr/lib/libmysqlclient.so.6...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_db.so.2...done.
Reading symbols from /lib/libdb.so.3...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  0x807790b in Rotate (p=0x811c678) at ubi_SplayTree.c:212
212     ubi_SplayTree.c: No such file or directory.
(gdb) where
#0  0x807790b in Rotate (p=0x811c678) at ubi_SplayTree.c:212
#1  0x807797b in Splay (SplayWithMe=0x811c678) at ubi_SplayTree.c:252
#2  0x8077a12 in ubi_sptRemove (RootPtr=0x811c678, DeadNode=0x811c678)
    at ubi_SplayTree.c:346
#3  0x807abd6 in DeleteSession (ssn=0x811c678, time=995573587)
    at spp_stream4.c:2109
#4  0x807afb0 in PruneSessionCache (thetime=995573587, mustdie=0)
    at spp_stream4.c:2290
#5  0x80795b1 in ReassembleStream4 (p=0xbfffeea4) at spp_stream4.c:1152
#6  0x80577e3 in Preprocess (p=0xbfffeea4) at rules.c:3427
#7  0x804c5ec in ProcessPacket (user=0x0, pkthdr=0xbffff344, pkt=0x8154d12 "")
    at snort.c:512
#8  0x807ce0f in pcap_read ()
#9  0x807d71c in pcap_loop ()
#10 0x804dcc0 in InterfaceThread (arg=0x0) at snort.c:1441
#11 0x804c4a8 in main (argc=17, argv=0xbffff4a4) at snort.c:445
(gdb)

Snort says it is:

root@conglom-o:~ $ /usr/local/bin/snort -V
-*> Snort! <*-
Version 1.8-RELEASE (Build 43)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

Any ideas?

Andreas Maus.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Martin Roesch
roesch () sourcefire com
http://www.sourcefire.com - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: