[Snort-devel] 1.7b5 oddities

Erek Adams erek at ...105...
Thu Nov 23 13:42:52 EST 2000


I'd been running 1.7b2 for about 15 days when it dumped core.  I grabbed the
current out of CVS and gave it a whirl.  But, no such luck...

Machine: SunOS gomez 5.7 Generic_106541-08 sun4m sparc SUNW,SPARCstation-5

===
gcc -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall  -c snort.c
In file included from snort.h:70,
                 from snort.c:45:
plugbase.h:20: unterminated `#if' conditional
make: *** [snort.o] Error 1
===

Ok, so I decide to grab the snort-1.7-beta5.tar.gz from incidents.crg (Thanks
Jed!).  

And now, it compiles, but gives the following:
===
[erek at ...106...]/local/snort#/usr/local/bin/snort -c /local/snort/erek.rules -d -h
xxx.xxx.xxx.xxx/27 -l /local/snort/logs -o -s

        --== Initializing Snort ==--
Rule application order changed to Pass->Alert->Log

Initializing Network Interface le0
Decoding Ethernet on interface le0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
WARNING: command line overrides rules file alert plugin!
Segmentation fault (core dumped)
[erek at ...106...]/local/snort#truss -o /tmp/snort_truss /usr/local/bin/snort -c
/local/snort/erek.rules -d -h xxx.xxx.xxx.xxx/27 -l /local/snort/logs -o -s

        --== Initializing Snort ==--
Rule application order changed to Pass->Alert->Log

Initializing Network Interface le0
Decoding Ethernet on interface le0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
WARNING: command line overrides rules file alert plugin!
[erek at ...106...]/local/snort#tail /tmp/snort_truss 
fstat64(6, 0xEFFFEC60)                          = 0
brk(0x0007BFA8)                                 = 0
brk(0x0007DFA8)                                 = 0
ioctl(6, TCGETA, 0xEFFFEBEC)                    Err#25 ENOTTY
read(6, " # - - - - - - - - - - -".., 8192)     = 8192
    Incurred fault #6, FLTBOUNDS  %pc = 0x00022364
      siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
    Received signal #11, SIGSEGV [default]
      siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000
        *** process killed ***
===

OK, so time to -DDEBUG and see whats going on with gdb:

===
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c snort.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c log.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c decode.c
decode.c: In function `DecodeEthPkt':
decode.c:54: warning: long unsigned int format, uint32_t arg (arg 2)
decode.c:54: warning: long unsigned int format, uint32_t arg (arg 3)
decode.c:78: warning: long unsigned int format, uint32_t arg (arg 2)
decode.c: In function `DecodeTRPkt':
decode.c:189: warning: long unsigned int format, uint32_t arg (arg 2)
decode.c:189: warning: long unsigned int format, uint32_t arg (arg 3)
decode.c: In function `DecodeFDDIPkt':
decode.c:320: warning: long unsigned int format, uint32_t arg (arg 2)
decode.c:320: warning: long unsigned int format, uint32_t arg (arg 3)
decode.c: In function `DecodeIP':
decode.c:621: warning: long unsigned int format, uint32_t arg (arg 3)
decode.c:721: warning: long unsigned int format, uint32_t arg (arg 2)
decode.c: In function `DecodeTCP':
decode.c:817: warning: long unsigned int format, uint32_t arg (arg 3)
decode.c:863: warning: long unsigned int format, uint32_t arg (arg 2)
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
mstring.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c rules.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
plugbase.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_pattern_match.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_tcp_flag_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_icmp_type_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_icmp_code_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_ttl_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_ip_id_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_tcp_ack_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_tcp_seq_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
sp_dsize_check.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
spp_http_decode.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
spp_minfrag.c
gcc -DDEBUG -DHAVE_CONFIG_H -I. -I. -I.   -DBSD_COMP  -g -O2 -Wall -c
spp_portscan.c
spp_portscan.c: In function `IsServer':
spp_portscan.c:1523: request for member `ip_addr' in something not a structure
or union
spp_portscan.c:1524: request for member `netmask' in something not a structure
or union
spp_portscan.c: In function `CreateServerList':
spp_portscan.c:1603: request for member `netmask' in something not a structure
or union
make: *** [spp_portscan.o] Error 1
===

And all I did was a a -DDEBUG flag...  I guess the ghost of Turkey past is out
for me...  ;-)

Oh, yeah--1.6.3 works just fine.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net






More information about the Snort-devel mailing list