Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Segfault on fun funy rule

From: "Jason Monroe \"JC\"" <monroe () nas nasa gov>
Date: Wed, 25 Feb 2004 20:25:50 -0800
Hello Everybody,

Downloaded 2.1.1 built it against Fedora Core 1 
pcre 4.4 
libpcap-0.7.2-7.1

[root@Fedora1 root]# gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit
--host=i386-redhat-linux
Thread model: posix
gcc version 3.3.2 20031022 (Red Hat Linux 3.3.2-1)


Have rule in local.rules that causes breakage 

alert tcp any any -> any any (msg:"Telnet login as
root";content:"root";nocase;flow:to_server:established;)

I mistakenly typed a ":" instead of "," between the flow statement 

When I correct the rule snort is able to init correctly :) 
(the glass is half full)


[root@Fedora1 root]# /opt/snort/bin/snort -T -v -c /etc/snort/snort.conf
.... sparing details

telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Segmentation fault



I looked at the FAQ said DO GDB so here it is 
[root@Fedora1 root]# gdb snort
GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
 
(gdb) run snort -T -v -c /etc/snort/snort.conf
Starting program: /opt/snort/bin/snort snort -T -v -c
/etc/snort/snort.conf
Running in IDS mode
Log directory = /var/log/snort
 
Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
        syntax error
PCAP command: snort
Fatal Error, Quitting..
 
Program exited with code 01.
(gdb) where
No stack.
(gdb) bt
No stack.





-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: