Snort mailing list archives
Re: Snort crash when reload rules with tag session
From: Netanel Maman <netanelmaman0 () gmail com>
Date: Sun, 1 Jun 2014 15:29:01 +0300
program received signal SIGSEGV, Segmentation fault. x0000000000000030 in ?? () (gdb) where 0 0x0000000000000030 in ?? () 1 0x0000000000447e06 in CallLogFuncs (p=Oxee9680, message=0x545f20 "Tagged Packet", head=ex16a1530, event=0x7fffffffdccO) at detect.c:373 2 0x0000000000447d1c in CheckTagging (p=0xee9688) at detect.c:341 3 0x0000000000447a44 in Preprocess (p=Oxee9688) at detect.c:267 4 0x00000000004395e4 in ProcessPacket (p=0xee9680, pkthdr=0x7fffffffe160, pkt=0x7fffbf300840 "lI", ft=0x0) at snort.c:1867 5 0x0000000000439117 in PacketCallback (user=0x0, pkthdr=0x7fffffffe168, pkt=0x7fffbf300840 "lI") at snort.c:1704 • 6 Ox00007fffbfd6e05e in pfring_daq_acquire (handle=0x18c51d0, cnt=0, callback=<value optimized out>, metaback=<value optimized out>, user=0x0) at daq_pfring_dna.c:681 7 Ox000000000045fe39 in DAQ Acquire (max=0, callback=0x438f7e <PacketCallback>, user=0x0) at sfdaq.c:540 8 0x000000000043bd76 in Pac1etLoop () at snort.c:3210 • 9 Ox0000000000437f73 in SnortMain (argc=17, argv=0x7fffffffe398) at snort.c:907 10 Ox0000000000437da5 in main (argc=17, argv=0x7fffffffe398) at snort.c:807 On May 29, 2014 8:44 PM, "Carter Waxman (cwaxman)" <cwaxman () cisco com> wrote:
Hello, Could you please attach a backtrace from gdb? Thanks, Carter From: נתנאל ממן <netanelmaman0 () gmail com> Date: Thursday, May 29, 2014 12:29 PM To: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge netSubject: [Snort-devel] Snort crash when reload rules with tag session Hello guys, please help me solve a stranger bug. I have rules with tag session option. When I'm reload conf via control socket the conf reload succesfully but crash one second after. When i reload the same rule without tag option, snort reload successfully. I think that snort free some important struct of tags, but i dont find which and where. The version of Snort you're running: 2.9.6.1 Information on the rules you have enabled: General local rule with "tag:session,100,seconds;" How Snort was built: configure --enable-control-socket make Did you build from source: Yes Platform information: Centos 6.3 x86_64, kernel 2.6.32, intel 86 Any output that may be helpful: gdb show that crash occur when call to log function after check tagging func in decode.c . Im faild to understand why. Thanks about your amazing work, net
------------------------------------------------------------------------------ Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort crash when reload rules with tag session נתנאל ממן (May 29)
- Re: Snort crash when reload rules with tag session Carter Waxman (cwaxman) (May 29)
- Re: Snort crash when reload rules with tag session Netanel Maman (Jun 01)
- Re: Snort crash when reload rules with tag session Carter Waxman (cwaxman) (May 29)