[Snort-devel] Re: beta 6 reports...

Fyodor fygrave at ...1...
Thu Nov 30 13:04:49 EST 2000


> I'm still getting some wierd errors on Solaris.
> 
> One thing I have found:  1.6.3 was/is able to see that you only have one
> interface on a box and default to using it.  1.7b6 doesn't.  In fact, if you
> don't specify it, it will cause the program to dump core on Solaris 2.7.  
> 
> Reading symbols from /usr/lib/nss_files.so.1...done.
> #0  0xef636dcc in strlen () from /usr/lib/libc.so.1
> (gdb) bt
> #0  0xef636dcc in strlen () from /usr/lib/libc.so.1
> #1  0xef67fba0 in _doprnt () from /usr/lib/libc.so.1
> #2  0xef681758 in printf () from /usr/lib/libc.so.1
> #3  0x19fac in main (argc=10, argv=0xeffffbd4) at snort.c:205
> ---

eek.. ouch. :) you compiled snort with -DDEBUG switch, right? :) Interface is (was(!) :))
not known at this stage if not specified with -i switch. I moved interface
lookup code into post command-line parsing stage, so we should catch up with all these problems by now.
command line options parsed --> interface is known :)

> ----
> Program terminated with signal 11, Segmentation Fault.
> Reading symbols from /usr/lib/libsocket.so.1...done.
> Reading symbols from /usr/lib/libnsl.so.1...done.
> Reading symbols from /usr/lib/libc.so.1...done.
> Reading symbols from /usr/lib/libdl.so.1...done.
> Reading symbols from /usr/lib/libmp.so.2...done.
> Reading symbols from /usr/lib/nss_files.so.1...done.
> #0  ParseRuleOptions (rule=0x0, rule_type=1, protocol=6) at rules.c:1593
> 1593            free(toks[i]);
> (gdb) bt
> #0  ParseRuleOptions (rule=0x0, rule_type=1, protocol=6) at rules.c:1593
> #1  0x22598 in ParseRule (
>     prule=0xefffeda2 "pass tcp 205.164.217.39 80 <> any any", inclevel=1)
>     at rules.c:554
> #2  0x21e84 in ParseRulesFile (file=0x6c000 "", inclevel=1) at rules.c:144
> #3  0x222bc in ParseRule (
>     prule=0xeffff6d0 "include /local/snort/rapidnet.rules", inclevel=0)
>     at rules.c:364
> #4  0x21e84 in ParseRulesFile (file=0x6c000 "", inclevel=0) at rules.c:144
> #5  0x1a09c in main (argc=12, argv=0xeffffbc4) at snort.c:256
> ----
> 
> I think I broke it...  :(

That's probably parser which choked up on emty rule as it seems. :) Can you show it to us? :)
I have commited fixes though, hope it works for you now :)

-- 
http://www.notlsd.net
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7  B288 5CE5 A713 0969 A4D1



More information about the Snort-devel mailing list