Snort mailing list archives

Re: flexresp2 is back and needs testing

From: Pedro Fortuna <pedro.fortuna () gmail com>
Date: Thu, 9 Sep 2004 01:58:09 +0100

Jeff, I did, I used the sp_respond2.diff.gz you sent today directly to
my (other) mail box (pfeito_at_netcabo.pt) and to other 6 or 7 guys.

I'm going to repeat the process as I type this e-mail:

Installation (you can see filesize and confirm that it is version 1.0.1):
-rw-r--r--  1 root root  16414 Sep  9 02:55 sp_respond2.diff.gz

# gzip -d sp_respond2.diff.gz

-rw-r--r--  1 root root  66323 Sep  9 02:55 sp_respond2.diff

# patch –p0 < sp_respond2.diff
patching file configure.in
patching file doc/Makefile.am
patching file doc/README.FLEXRESP2
patching file src/parser.c
patching file src/plugbase.c
patching file src/snort.h
patching file src/detection-plugins/Makefile.am
patching file src/detection-plugins/sp_react.c
patching file src/detection-plugins/sp_react.h
patching file src/detection-plugins/sp_respond.c
patching file src/detection-plugins/sp_respond.h
patching file src/detection-plugins/sp_respond2.c
patching file src/detection-plugins/sp_respond2.h

# aclocal
# autoheader
# automake
# autoconf

# ./configure --with-mysql=/usr/local/mysql --enable-flexresp2
# make
# make install
# /etc/init.d/snort start
# grep "sp_respond" /var/log/messages
Sep  9 03:08:29 paco snort: FATAL ERROR: sp_respond2: Unable to
allocate hash table memory.

And Snort stops running.
I didnt saw this problem on the previous version that you sent me 2 or
3 weeks ago.

Any clues?

Best Regards,
Pedro Fortuna

On Wed, 8 Sep 2004 20:03:46 -0400, Jeff Nathan <jeff () snort org> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pedro,

I sent two different patches.  Try the second one I sent (version
1.0.1), it had already contained a fix for that bug.

Thanks.

- -Jeff

On Sep 8, 2004, at 7:19 PM, Pedro Fortuna wrote:

Hi Jeff,

I recompiled snort 2.2.0 again with the new patch and I had no
problems. When I start Snort I get this error message in
/var/log/messages:

Sep  9 01:14:46 fwall snort: FATAL ERROR: sp_respond2: Unable to
allocate hash table memory.

I dont have a clue what could be, or if its an error that only occurs
in my system, with my current configuration. Doesnt seem to be out of
mem related since the system reported 20MB free.

[root@fwall etc]# cat /proc/meminfo
        total:    used:    free:  shared: buffers:  cached:
Mem:  129114112 107544576 21569536        0  9756672 49917952
Swap: 271425536        0 271425536
MemTotal:       126088 kB
MemFree:         21064 kB
MemShared:           0 kB
Buffers:          9528 kB
Cached:          48748 kB
SwapCached:          0 kB
Active:          18664 kB
Inactive:        73152 kB
HighTotal:           0 kB
HighFree:            0 kB
LowTotal:       126088 kB
LowFree:         21064 kB
SwapTotal:      265064 kB
SwapFree:       265064 kB

I'll wait for some feedback from other beta tester's.

Best Regards,
Pedro Fortuna (AKA pfeito)

On Wed, 8 Sep 2004 10:15:55 -0400, Jeff Nathan <jeff () snort org> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Sep 5, 2004, at 5:14 PM, Pedro Fortuna wrote:

Hi Jeff,

 Did you had the time to work on it yet? My presentation must be
finished by 8th, so it would be great if a fixed version of flexresp2
would come out till then... if not, life goes on :)
Thanks,
-pfeito


Yes, I finished a testable version.  It's in your inbox.  As for the
rest of the snortees, anyone wishing to test this before it's imported
into the tree should email me directly or find me on the freenode IRC
channel.

- -Jeff

- --
The most technical single-track security conference in the West.
Vancouver B.C., Canada   April, 2004   http://cansecwest.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBPxQhEqr8+Gkj0/0RAs2sAJwOapqK+mpDRrtUp3Dk+D3UUOH6SwCfRtOu
EnaK+AURB1G9DWMKPsSxUd4=
=wtWj
-----END PGP SIGNATURE-----


- --
Packets gone wild.
http://nemesis.sourceforge.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFBP53mEqr8+Gkj0/0RAgiWAJ4tFo2cbH2Dp6CYXcDSJmYoD5cfEgCeOl7I
wJWt4cl0xz6ftARmN33wdVA=
=SdZr
-----END PGP SIGNATURE-----



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idP47&alloc_id808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: flexresp2 is back and needs testing, (continued)
- - Re: flexresp2 is back and needs testing Jeff Nathan (Aug 30)
- RE: flexresp2 is back and needs testing pfeito (Aug 30)
  - Re: flexresp2 is back and needs testing Jeff Nathan (Aug 31)
    - Re: flexresp2 is back and needs testing Pedro Fortuna (Aug 31)
    - Re: flexresp2 is back and needs testing Pedro Fortuna (Sep 05)
    - Re: flexresp2 is back and needs testing Jeff Nathan (Sep 08)
    - Re: flexresp2 is back and needs testing James Riden (Sep 08)
    - Re: flexresp2 is back and needs testing Jeff Nathan (Sep 08)
    - Re: flexresp2 is back and needs testing Pedro Fortuna (Sep 08)
    - Re: flexresp2 is back and needs testing Jeff Nathan (Sep 08)
    - Re: flexresp2 is back and needs testing Pedro Fortuna (Sep 08)
    - Re: flexresp2 is back and needs testing Jeff Nathan (Sep 08)
    - Re: flexresp2 is back and needs testing Pedro Fortuna (Sep 09)
    - Re: flexresp2 is back and needs testing Jeff Nathan (Sep 09)
    - Re: flexresp2 is back and needs testing Pedro Fortuna (Sep 18)
    - flexresp2 is in CVS Jeff Nathan (Sep 18)