[Snort-devel] Re: [Snort-users] Today's updates
lenb at ...122...
Sun Nov 19 08:59:30 EST 2000
Since the below, and a few changes in my rules file, I am seeing good
results with the address list, now I have a new quirk. I am seeing
snort crash, with no logged errors. When I performed a postmortem
with gdb the backtrace looks like this:
#0 0x401a8e28 in free ()
#1 0xacb500 in ?? ()
#2 0x1ca98 in TcpStreamPruneSessions () at spp_tcp_stream.c:599
#3 0x1c3e6 in TcpStreamPacket (p=0xbfbfd26c) at spp_tcp_stream.c:244
#4 0xc2b9 in Preprocess (p=0xbfbfd26c) at rules.c:2946
#5 0x1eea in ProcessPacket (user=0x0, pkthdr=0x29000, pkt=0x29012 "")
#6 0x40046d91 in pcap_read ()
#7 0x4004729f in pcap_dispatch ()
#8 0x400472d7 in pcap_loop ()
#9 0x3862 in InterfaceThread (arg=0x0) at snort.c:1252
#10 0x1ded in main (argc=8, argv=0xbfbfd784) at snort.c:398
I am seeing no more leakage from the defrag module, memory use looks
very stable under NetBSD-1.4.2 i386. Thanks bunches for all of your
On Sat, 18 Nov 2000, roesch wrote:
> Hi Guys,
> I worked on the IP list code some more today, it seems to be working better now under all "normal" configurations I have. (this should fix the problem you indicated today Len) If you've been playing with it and had problems, check out the latest. I also cleaned up the TCP stream preprocessor a bit and changed its memory management to allocate buffers as indicated by the window size of the connections. I also restated the TCP connection states with #define variables, cleaned up the new packet/log counters, and switched to calling it version 1.7-beta4. There are some other minor little tweaks in there as well.
> Additionally, last night I redefined all of the "!$HOME_NET" variables in the rules files that ship with Snort to $EXTERNAL_NET. This works better with the new IP parsing code, so please define your "!"'s *inside* of your vars from now on if you can. :)
> Martin Roesch
> roesch at ...48...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
Site Engineer for Sasquatch Computer
lenb at ...122...
More information about the Snort-devel