Snort mailing list archives
Re: Segfault issue again with afpacket
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Thu, 10 Mar 2011 21:16:44 -0500
NFQ is not currently supported on Gentoo, but afpacket should work fine. Start by completely removing the SO rules. Comment out the following lines: dynamicdetection directory /usr/lib64/snort_dynamicrules and any line that has "include $SO_RULE_PATH" The only segfaults I've seen on Gentoo were related to using precompiled SO rules. Wally On Thu, Mar 10, 2011 at 1:20 PM, <cihan.ayyildiz () securitas com tr> wrote:
when i tried to run snort with NFQ, i get segfault error then crashed the snort (randomly occcured, 5 times in a day). (i have sent this bug report before) now i'm trying to use AFPACKET. then i get the similer segfault and crashes (randomly but more times before). error is below Mar 10 18:30:17 SnortGateway kernel: snort[31411]: segfault at fffffffcbd49b610 ip 000000000046aeea sp 00007fff8762c808 error 6 in snort [400000+ed000] my system Linux SnortGateway 2.6.36-gentoo-r5 #1 SMP Fri Mar 4 20:14:56 EET 2011 x86_64 Intel(R) Xeon(R) CPU E5620 @ 2.40GHz GenuineIntel GNU/Linux my version ,,_ -*> Snort! <*- o" )~ Version 2.9.0.4 (Build 111) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.02 2010-03-19 Using ZLIB version: 1.2.3 i use the correct shared rules and daq 0.5. compiler parameters [ebuild R ] net-analyzer/snort-2.9.0.4-r1 USE="active-response decoder-preprocessor-rules dynamicplugin mysql normalizer perfprofiling react reload-error-restart threads zlib -aruba -debug -flexresp3 -gre -inline-init-failopen -ipv6 -linux-smp-stats -mpls -odbc -postgres -ppm -prelude (-selinux) -static -targetbased" 0 kB also i cant use the snort inline mode anymore. (nfq , ipq and afpacket) regards. Cihan AYYILDIZ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Segfault issue again with afpacket cihan . ayyildiz (Mar 10)
- Re: Segfault issue again with afpacket Jason Wallace (Mar 10)
- Re: Segfault issue again with afpacket cihan . ayyildiz (Mar 11)
- Re: Segfault issue again with afpacket Jason Wallace (Mar 10)