Snort mailing list archives
segfault while running snort 2.9.0.5 on CentOS 5.6
From: "Charles Low" <charles.low () citictel-cpc com>
Date: Wed, 20 Apr 2011 11:32:49 +0800 (HKT)
Hi, I am encountering a segmentation fault when running my own compile snort on CentOS 5.6 (x86_64). It appears randomly, and I am not familiar to handling such, so would like to ask for your help to troubleshoot the cause of problem. Thanks for your help in advance. I am using pulledpork to fetch VRT subscribed rules with so rules enabled (based on RHEL-5-5 precompiled rules) dmesg ------ snort[2255]: segfault at 0000000000000000 rip 00000000004ed9e6 rsp 00007fff04aad120 error 4 gdb output (attached to the running snort process which compiled with enable-debug and enable-debug-msg) ----------- Reading symbols from /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...don e. Loaded symbols for /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so Reading symbols from /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...done. Loaded symbols for /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffa5ba7000 0x00000000004eb050 in sflist_next (s=0x138e8180) at sflsq.c:219 219 if( s->cur ) (gdb) continue Continuing. [New Thread 0x40e83940 (LWP 2274)] Program received signal SIGSEGV, Segmentation fault. 0x00000000004ed9e6 in sfxhash_find_node_row (t=0x0, key=0x7fffa5a01f20, rindex=0x7fffa5a01ed4) at sfxhash.c:719 719 hashkey = t->sfhashfcn->hash_fcn( t->sfhashfcn, (gdb) backtrace #0 0x00000000004ed9e6 in sfxhash_find_node_row (t=0x0, key=0x7fffa5a01f20, rindex=0x7fffa5a01ed4) at sfxhash.c:719 #1 0x00000000004edd4b in sfxhash_find (t=0x0, key=0x7fffa5a01f20) at sfxhash.c:937 #2 0x000000000049dde5 in findFlowIPStats (sfFlow=0x134a220, src_addr=0x29384a40, dst_addr=0x29384a58, swapped=0x7fffa5a01f94) at perf-flow.c:334 #3 0x000000000049e1db in UpdateFlowIPState (sfFlow=0x134a220, src_addr=0x29384a40, dst_addr=0x29384a58, state=SFS_STATE_UDP_CREATED) at perf-flow.c:383 #4 0x00000000004e4fe8 in NewUdpSession (p=0x7fffa5a02240, lwssn=0x29384a10, s5UdpPolicy=0x12070600) at snort_stream5_udp.c:414 #5 0x00000000004e5661 in ProcessUdp (lwssn=0x29384a10, p=0x7fffa5a02240, s5UdpPolicy=0x12070600) at snort_stream5_udp.c:598 #6 0x00000000004e529f in Stream5ProcessUdp (p=0x7fffa5a02240, lwssn=0x29384a10, s5UdpPolicy=0x12070600, skey=0x7fffa5a020d0) at snort_stream5_udp.c:532 #7 0x00000000004b6e9a in Stream5Process (p=0x7fffa5a02240, context=0x0) at spp_stream5.c:1199 #8 0x0000000000444b17 in Preprocess (p=0x7fffa5a02240) at detect.c:176 #9 0x0000000000437982 in ProcessPacket (user=0x0, pkthdr=0x7fffa5a03090, pkt=0x2aaaaaaac042 "\377\377\377\377\377\377\b", ft=0x0) at snort.c:1480 #10 0x00000000004375d0 in PacketCallback (user=0x0, pkthdr=0x7fffa5a03090, pkt=0x2aaaaaaac042 "\377\377\377\377\377\377\b") at snort.c:1394 #11 0x000000000050c775 in pcap_process_loop (user=0x29384240 "\260\272\367(", pkth=<value optimized out>, data=0x7fffa5a01ed4 "") at daq_pcap.c:357 #12 0x00002baa3668ee4a in pcap_read_linux_mmap () from /usr/local/lib/libpcap.so.1 #13 0x000000000050cbdb in pcap_daq_acquire (handle=0x29384240, cnt=-1, callback=<value optimized out>, user=<value optimized out>) at daq_pcap.c:375 #14 0x000000000045ba20 in DAQ_Acquire (max=-1, callback=0x437421 <PacketCallback>, user=0x0) at sfdaq.c:457 #15 0x0000000000439e60 in PacketLoop () at snort.c:2777 #16 0x0000000000436525 in SnortMain (argc=3, argv=0x7fffa5a03328) at snort.c:729 #17 0x000000000043641e in main (argc=3, argv=0x7fffa5a03328) at snort.c:661 Best regards, Charles Low Assistant Product Consultant Security Services CITIC Telecom International CPC Limited 20/F, Lincoln House, Taikoo Place, 979 Kings Road, Quarry Bay, Hong Kong D: (852) 2170 7439 M: (852) 6222 9341 F: (852) 2795 1262 E: charles.low () citictel-cpc com W: www.citictel-cpc.com Email Disclaimer The information contained in this e-mail (and attachment(s)) is confidential and is intended solely for the addressee. If you are not the intended recipient, please notify the sender immediately and delete this e-mail from your system. Any unauthorised use, disclosure, copying, printing, forwarding or dissemination of or dealing with any part of this information is prohibited. CITIC Telecom International CPC Limited does not bear any responsibility for the contents of any e-mail transmitted by its staff for any reason other than bona fide business purposes. Any information that is not transmitted via secure, tamper-proof technology should not be relied upon, unless advised or agreed otherwise in writing by an authorised representative of the Company. As information sent under e-mail could be intercepted, corrupted, lost, destroyed, incomplete, or could arrive late or contain viruses, the Company does not accept liability or obligation for any errors or omissions in the contents of this e-mail (and attachment(s)), which arise as result of email transmission. Where applicable, if the sender sends this e-mail as an agent for a principal (disclosed or otherwise), all rights of such principal regarding confidentiality, non-disclosure and privilege against the recipient are hereby reserved. ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- segfault while running snort 2.9.0.5 on CentOS 5.6 Charles Low (Apr 19)
- Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Michael Altizer (Apr 19)
- Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Charles Low (Apr 20)
- Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Russ Combs (Apr 20)
- Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Charles Low (Apr 20)
- Re: segfault while running snort 2.9.0.5 on CentOS 5.6 Michael Altizer (Apr 19)