Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: segfault issue

From: cihan.ayyildiz () securitas com tr
Date: Mon, 7 Mar 2011 03:10:36 +0200

Hi Again ;

Yes,  my shared VRT rules are correct (2.9.0.3 also im a subscriber) And i
compiled them with my own parameters (because of gentoo path difference)
then dump with my conf successfully.

dump printout attached.


(See attached file: dump_snort.txt)

regards.


Cihan AYYILDIZ
Bilgi İşlem Uzmanı  /  IT Specialist




From:   Joel Esler <jesler () sourcefire com>
To:     cihan.ayyildiz () securitas com tr
Cc:     snort-users () lists sourceforge net
Date:   07.03.2011 02:54
Subject:        Re: [Snort-users] segfault issue



We received your bug report as well.  Thank you.

Are you, by chance, using Shared Object rules from the VRT?  And if you are
using Shared Object rules, are you sure you are using the correct ones for
2.9.0.3?

If not, then we'll need a good backtrace of the segfault.

Check out docs/BUGS in the Snort tarball in order to get us a core from
Snort.

Joel

2011/3/6 <cihan.ayyildiz () securitas com tr>

      Hi All ;

      I have an error like below and crashed the snort....

      kernel: snort[1191]: segfault at 1065a9d32 ip 00007eff29836143 sp
      00007fff62456a08 error 6 in libc-2.11.2.so[7eff297b5000+150000]


      my os

      Linux  2.6.36-gentoo-r5 #1 SMP Fri Mar 4 20:14:56 EET 2011 x86_64
      Intel(R)
      Xeon(R) CPU E5620 @ 2.40GHz GenuineIntel GNU/Linux

      my version


        ,,_     -*> Snort! <*-
       o"  )~   Version 2.9.0.3 (Build 98)
        ''''    By Martin Roesch & The Snort Team:
      http://www.snort.org/snort/snort-team
                Copyright (C) 1998-2010 Sourcefire, Inc., et al.
                Using libpcap version 1.1.1
                Using PCRE version: 7.9 2009-04-11
                Using ZLIB version: 1.2.3

      i have emerged snort from portage tree

      which is that

      [ebuild   R   ] net-analyzer/snort-2.9.0.3
      USE="decoder-preprocessor-rules
      dynamicplugin mysql threads zlib -active-response* -aruba -debug
      -flexresp3
      -gre -inline-init-failopen* -ipv6 -linux-smp-stats -mpls -normalizer*
      -odbc
      -perfprofiling -postgres -ppm -prelude -react* -reload-error-restart
      (-selinux) -static -targetbased" 0 kB


      im using in inline mod daq with NFQ

      regards.


      Cihan AYYILDIZ
      Bilgi İşlem Uzmanı  /  IT Specialist
      Sistem & Ağ Yöneticisi  /  System & Network Administrator

      Securitas Güvenlik Hizmetleri / Securitas Security Services Turkey
      E-mail : cihan.ayyildiz () securitas com tr
      Ofis / Office Phone : +90.312.473.59.90 / 114
      Cep / Mobile : +90.532.450.18.13        VPN : 2225

      if you learn Red Hat, you'll know Red Hat, but if you learn
      Slackware,
      you'll know Linux


      ------------------------------------------------------------------------------

      What You Don't Know About Data Connectivity CAN Hurt You
      This paper provides an overview of data connectivity, details
      its effect on application quality, and explores various alternative
      solutions. http://p.sf.net/sfu/progress-d2d
      _______________________________________________
      Snort-users mailing list
      Snort-users () lists sourceforge net
      Go to this URL to change user options or unsubscribe:
      https://lists.sourceforge.net/lists/listinfo/snort-users
      Snort-users list archive:
      http://www.geocrawler.com/redir-sf.php3?list=snort-users



--
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net

Attachment: dump_snort.txt
Description: 

------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: