Snort mailing list archives

RE: Snort-inline issue

From: "Amit Kumar Gupta" <amitkumar.gupta () wipro com>
Date: Tue, 7 Jan 2003 17:14:15 +0530
And one more thing, I found that it is mainly failing in the case where the fragment bit is set. (Means Core Dump is 
coming after those packets for which Frag bit is set).

Sorry to provide the incomplete information in the first instance.

Regards,
AMit


-----Original Message-----
From:   Amit Kumar Gupta
Sent:   Tue 1/7/2003 4:44 PM
To:     snort-users () lists sourceforge net
Cc:     
Subject:        [Snort-users] Snort-inline issue

Hi list,

I have compiled snort-inline and was using it.
I gave the following command :-
snort -vde -l /var/log/snort/
It gives the core dump. (consistently in OPenLogFile function),
The backtrace of the core file is attached below. 
However, if i try independently i.e either printing on the screen or writing into a file one at a time then it succeeds.

Any clues, list?

The core backtrace is :-


0x400e1341 in chunk_alloc (ar_ptr=0x4018af00, nb=368) at malloc.c:2781
#1  0x400e113a in __libc_malloc (bytes=364) at malloc.c:2714
#2  0x400d32b1 in _IO_new_fopen (filename=0xbfffea10 "/var/log/snort//10.114.5.10/TCP:58430-6000", 
    mode=0x808680e "a") at iofopen.c:48
#3  0x08064c7b in OpenLogFile (mode=0, p=0xbffff2c0) at spo_log_ascii.c:333
#4  0x0806486c in LogAscii (p=0xbffff2c0, msg=0x0, arg=0x0, event=0x0) at spo_log_ascii.c:122
#5  0x0805a64e in CallLogPlugins (p=0xbffff2c0, message=0x0, args=0x0, event=0x0) at detect.c:232
#6  0x080559a3 in ProcessPacket (user=0x0, pkthdr=0xbffff780, pkt=0x81525f8 "") at snort.c:586
#7  0x08072e5a in pcap_read_packet ()
#8  0x08073bf3 in pcap_loop ()
#9  0x08056d70 in InterfaceThread (arg=0x0) at snort.c:1659
#10 0x080558b6 in SnortMain (argc=4, argv=0xbffff974) at snort.c:531
#11 0x4007e177 in __libc_start_main (main=0x8055300 <main>, argc=4, ubp_av=0xbffff974, 
    init=0x80497d8 <_init>, fini=0x807beb0 <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff96c)
    at ../sysdeps/generic/libc-start.c:129


Regards,
Amit



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld =omething 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users





-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Snort-inline issue Amit Kumar Gupta (Jan 07)
- <Possible follow-ups>
- RE: Snort-inline issue Amit Kumar Gupta (Jan 07)