[Snort-devel] Re: beta 6 reports...

Erek Adams erek at ...105...
Thu Nov 30 15:00:35 EST 2000


On Fri, 1 Dec 2000, Fyodor wrote:

> eek.. ouch. :) you compiled snort with -DDEBUG switch, right? :) Interface
> is (was(!) :)) not known at this stage if not specified with -i switch. I
> moved interface lookup code into post command-line parsing stage, so we
> should catch up with all these problems by now. command line options
> parsed --> interface is known :)

Yep, with -DDEBUG and -ggdb.  Not sure why it didn't pull the names in...

Nice.  It was just a odd thing at first. :)

> That's probably parser which choked up on emty rule as it seems. :) Can
> you show it to us? :) I have commited fixes though, hope it works for you
> now :)

Sure....  And FYI, I've got one 'param' ruleset with all the params in it,
which then calls and includes the current rapidnet rules (heh, guess I should
call it snort-org.rules now :).  Inside of rapidnet.rules, everything but
rules are commented out.

And the odd part--This ruleset is the same one with _no changes_ that runs
under 1.6.3. 

I'll go grab cvs right now and see. :)

---
[*] Splitting string: include /local/snort/rapidnet.rules
curr_str = 0
max_strs = 9  curr_str = 0
Allocating 8 bytes for token tok[0]: include
curr_str = 1
max_strs = 9  curr_str = 1
Checking if curr_str (1) >= max_strs (9)
Allocating 28 bytes for last token tok[1]: /local/snort/rapidnet.rules
mSplit got 2 tokens!
[*] Rule start
Rule type: Include
Opening rules file: /local/snort/rapidnet.rules
[*] Splitting string: pass tcp 205.164.217.39 80 <> any any
curr_str = 0
max_strs = 9  curr_str = 0
Allocating 5 bytes for token tok[0]: pass
curr_str = 1
max_strs = 9  curr_str = 1
Checking if curr_str (1) >= max_strs (9)
Allocating 4 bytes for token tok[1]: tcp
curr_str = 2
max_strs = 9  curr_str = 2
Checking if curr_str (2) >= max_strs (9)
Allocating 15 bytes for token tok[2]: 205.164.217.39
curr_str = 3
max_strs = 9  curr_str = 3
Checking if curr_str (3) >= max_strs (9)
Allocating 3 bytes for token tok[3]: 80
curr_str = 4
max_strs = 9  curr_str = 4
Checking if curr_str (4) >= max_strs (9)
Allocating 3 bytes for token tok[4]: <>
curr_str = 5
max_strs = 9  curr_str = 5
Checking if curr_str (5) >= max_strs (9)
Allocating 4 bytes for token tok[5]: any
curr_str = 6
max_strs = 9  curr_str = 6
Checking if curr_str (6) >= max_strs (9)
Allocating 4 bytes for last token tok[6]: any
mSplit got 7 tokens!
[*] Rule start
Rule type: Pass
Got address string: 205.164.217.39
regular IP address, processing...
[*] Splitting string: 205.164.217.39
curr_str = 0
max_strs = 1  curr_str = 0
Allocating 15 bytes for last token tok[0]: 205.164.217.39
mSplit got 1 tokens!
[*] Splitting string: 205.164.217.39
curr_str = 0
max_strs = 1  curr_str = 0
Allocating 15 bytes for last token tok[0]: 205.164.217.39
mSplit got 1 tokens!
[*] Splitting string: 80
curr_str = 0
max_strs = 1  curr_str = 0
Allocating 3 bytes for last token tok[0]: 80
mSplit got 1 tokens!
Bidirectional rule!
Got address string: any
regular IP address, processing...
proto_node.flags = 0x288
Processing Head Node....
Initializing RTN function list!
Functions: CheckBidirectional->
Adding new rule to list
RuleListEnd
Adding new rule to list
Parsing Rule Options...
OptListEnd
Adding new rule to list
Segmentation fault (core dumped)
---

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net




More information about the Snort-devel mailing list