Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Segfault under 2.4.11-pre1

From: roman () danyliw com
Date: Tue, 2 Oct 2001 11:57:17 US/Eastern
A backtrace from gdb would be really helpful in addition to the strace.

Likewise, try running snort without the -D option to get additional
debugging messages.

Roman


Hi !

I use SNORT-release-1.8.1 with libpcap 0.6.2 under linux 2.4.8 and
2.4.11-pre1 redhat 6.2.

I got a segfault when starting snort with :

/usr/local/bin/snort -c /etc/snort.conf -i eth0 -D -N -s

Here is the last line of my strace :
----------------------------
write(1, "Initializing rule chains...\n", 28Initializing rule chains...
) = 28
stat("/etc/snort.conf", {st_mode=S_IFREG|0644, st_size=18031, ...}) = 0
open("/etc/snort.conf", O_RDONLY)       = 4
fstat64(0x4, 0xbffff464)                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40016000
read(4, "#-------------------------------"..., 4096) = 4096
read(4, "rguments loads the defaults (tim"..., 4096) = 4096
read(4, "acing it with \n# a normalized re"..., 4096) = 4096
open("/var/log/snort/portscan.log", O_RDWR|O_APPEND|O_CREAT, 0666) = 5
fstat64(0x5, 0xbfffd2f4)                = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x40017000
fstat64(0x5, 0xbfffd3bc)                = 0
_llseek(5, 4096, [4096], SEEK_SET)      = 0
read(5, ":09 172.16.20.16:53 -> 172.16.20"..., 1373) = 1373
write(1, "Using LOCAL time\n", 17Using LOCAL time
)      = 17
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
----------------------------

Anoyone got this under 2.4.x kernels ?

Jean-Francois Nadeau


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: