Snort mailing list archives
Re: Snort 2.9.7.0 enters into infinity loop getApplicationData
From: souber () interia pl
Date: Mon, 24 Nov 2014 11:33:18 +0100
below stack could be helpful (gdb) bt #0 getApplicationData (scbptr=0x7fffc4d81600, protocol=30) at spp_session.c:2741 #1 0x00000000004e467d in get_file_session (ssnptr=<optimized out>) at file_service.c:237 #2 get_main_file_context (ssnptr=<optimized out>) at file_service.c:253 #3 get_file_processed_size (ssnptr=<optimized out>) at file_service.c:868 #4 get_file_position (pkt=<optimized out>) at file_service.c:1028 #5 get_file_position (pkt=<optimized out>) at file_service.c:1015 #6 0x000000000048688e in SnortHttpInspect (GlobalConf=0x16cb410, p=0x196f6d0) at snort_httpinspect.c:4376 #7 0x00000000004805c9 in HttpInspect (p=<optimized out>, context=<optimized out>) at spp_httpinspect.c:211 #8 0x000000000043d69e in DispatchPreprocessors (policy=<optimized out>, policy_id=<optimized out>, p=0x196f6d0) at detect.c:136 #9 Preprocess (p=0x196f6d0) at detect.c:234 #10 0x00000000004b344f in _flush_to_seq (st=0x7fffeaf4ab50, bytes=<optimized out>, p=0xe91c60, dir=64, dp=<error reading variable: Unhandled dwarf expression opcode 0xfa>, sp=<error reading variable: Unhandled dwarf expression opcode 0xfa>, dip=<error reading variable: Unhandled dwarf expression opcode 0xfa>, sip=<error reading variable: Unhandled dwarf expression opcode 0xfa>, tcpssn=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at snort_stream_tcp.c:4336 #11 0x00000000004b9951 in StreamFlushTalker (p=p@entry=0xe91c60, scb=<optimized out>) at snort_stream_tcp.c:4883 #12 0x0000000000490838 in StreamResponseFlushStream (p=0xe91c60) at spp_stream6.c:913 #13 StreamResponseFlushStream (p=0xe91c60) at spp_stream6.c:906 #14 0x0000000000492374 in freeSessionApplicationData (session=0x7fffc4d81600) at spp_session.c:1756 #15 0x00000000004be476 in ProcessTcp (scb=scb@entry=0x7fffc4d81600, p=p@entry=0xe91c60, tdb=tdb@entry=0x7fffffffdc80, s5TcpPolicy=s5TcpPolicy@entry=0x7fffe62b7010) at snort_stream_tcp.c:8629 #16 0x00000000004c0183 in StreamProcessTcp (p=p@entry=0xe91c60, scb=scb@entry=0x7fffc4d81600, s5TcpPolicy=0x7fffe62b7010, skey=skey@entry=0x7fffffffdd10) at snort_stream_tcp.c:5639 #17 0x000000000049016a in StreamProcess (p=0xe91c60, context=<optimized out>) at spp_stream6.c:751 #18 0x000000000043d69e in DispatchPreprocessors (policy=<optimized out>, policy_id=<optimized out>, p=0xe91c60) at detect.c:136 #19 Preprocess (p=p@entry=0xe91c60) at detect.c:234 #20 0x00000000004317f8 in ProcessPacket (p=p@entry=0xe91c60, pkthdr=pkthdr@entry=0x7fffffffde20, pkt=pkt@entry=0x7fffd0695676 "\252", ft=ft@entry=0x0) at snort.c:1873 #21 0x0000000000433c20 in PacketCallback (user=<optimized out>, pkthdr=0x7fffffffde20, pkt=0x7fffd0695676 "\252") at snort.c:1717 #22 0x00000000004efef5 in pcap_process_loop () #23 0x00007ffff7fbdfbe in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8 #24 0x00000000004f038d in pcap_daq_acquire () #25 0x000000000045261c in DAQ_Acquire (max=max@entry=0, callback=callback@entry=0x433a80 <PacketCallback>, user=user@entry=0x0) at sfdaq.c:543 #26 0x0000000000434d04 in PacketLoop () at snort.c:3268 #27 SnortMain (argc=11, argv=<optimized out>) at snort.c:920 #28 0x00007ffff6709ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #29 0x0000000000405aad in _start ()
Hello, I have a problem with newest version of snort :( For some reason main process enters into infinity loop in getApplicationData (spp_session.c). I cannot determine how it's possible :( Facts: 1. appData is the same with appData->next 2. appData->protocol is 5 (PP_HTTINSPECT) 3. protocol variable in getApplicaionData is 30 (PP_FILE) 4. it's not only one loop, after set NULL in next snort stack in another endless loop Any help? Any idea? Cheers, Jul. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.7.0 enters into infinity loop getApplicationData souber (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData souber (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui Cao (huica) (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui cao (Dec 02)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui Cao (huica) (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData souber (Nov 24)