[Snort-devel] Oh oh... I just got my first core dump on 1.8.1!

Phil Wood cpw at ...86...
Thu Aug 30 18:38:08 EDT 2001


Let me know if there are any things to look at in this core file.

Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /usr/lib/mysql/libmysqlclient.so.6...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /lib/libnss_nisplus.so.2...done.
Reading symbols from /lib/libnss_nis.so.2...done.
Reading symbols from /lib/libnss_dns.so.2...done.
Reading symbols from /lib/libresolv.so.2...done.
#0  0x8df6d74c in ?? ()
(gdb) up
#1  0x807f584 in FlushStream (s=0x8809bd8, p=0xbffff21c, direction=0)
    at spp_stream4.c:2648
2648            gotevent = Preprocess(stream_pkt);
(gdb) down
#0  0x8df6d74c in ?? ()
(gdb) where
#0  0x8df6d74c in ?? ()
#1  0x807f584 in FlushStream (s=0x8809bd8, p=0xbffff21c, direction=0)
    at spp_stream4.c:2648
#2  0x807d4f3 in ReassembleStream4 (p=0xbffff21c) at spp_stream4.c:1203
#3  0x8059686 in Preprocess (p=0xbffff21c) at rules.c:3426
#4  0x804c790 in ProcessPacket (user=0x0, pkthdr=0xbffff708, pkt=0x40547672 "")
    at snort.c:540
#5  0x8081b9c in packet_ring_recv ()
#6  0x8081ed4 in pcap_read ()
#7  0x8082c73 in pcap_loop ()
#8  0x804e067 in InterfaceThread (arg=0x0) at snort.c:1572
#9  0x804c674 in main (argc=21, argv=0xbffff8fc) at snort.c:473
(gdb) list
2643        if(stream_size > 0 && ubi_trCount(s->dataPtr))
2644        {
2645            /* put the stream together into a packet or something */
2646            BuildPacket(s, stream_size, p, direction);
2647
2648            gotevent = Preprocess(stream_pkt);
2649
2650            //(void)ubi_trTraverse(s->dataPtr, SegmentCleanTraverse, s);
2651            SegmentCleanTraverse(s);
2652            /*bzero(stream_pkt->data, stream_size);*/
(gdb) up
#1  0x807f584 in FlushStream (s=0x8809bd8, p=0xbffff21c, direction=0)
    at spp_stream4.c:2648
2648            gotevent = Preprocess(stream_pkt);
(gdb) print *stream_pkt
$1 = {pkth = 0x817baa0, pkt = 0x817bc20 "", fddihdr = 0x0, fddisaps = 0x0, 
  fddisna = 0x0, fddiiparp = 0x0, fddiother = 0x0, trh = 0x0, trhllc = 0x0, 
  trhmr = 0x0, sllh = 0x0, eh = 0x817bc20, vh = 0x0, ehllc = 0x0, 
  ehllcother = 0x0, ah = 0x0, iph = 0x817bbf0, orig_iph = 0x0, 
  ip_options_len = 0, ip_options_data = 0x0, tcph = 0x817bd80, 
  orig_tcph = 0x0, tcp_options_len = 0, tcp_options_data = 0x0, udph = 0x0, 
  orig_udph = 0x0, icmph = 0x0, orig_icmph = 0x0, ext = 0x0, 
  data = 0x817bf10 "njXVtStvsr3t7bOjqu7czyuyp83+7XjYP\r\nLaildnr4rMYtWX9fgfJnw9/aI+LPwvsG0rwL43vtO0933PaPslRG/wBhH+5X02Iy+lPdXPDo\r\nY+cTlPEXjjxZ4z1qfxR4p1u41G/lHzXFxNuYVvhcFCKsYYnFzkdLP+0V8Z7vwN/wrubxzqLe\r\nHZIvI+y4T/Vf88t+z"..., 
  dsize = 65259, frag_flag = 0 '\000', frag_offset = 0, mf = 0 '\000', 
  df = 0 '\000', rf = 0 '\000', sp = 80, dp = 39474, orig_sp = 0, orig_dp = 0, 
  caplen = 0, URI = {
    uri = 0x817bf9a "zXFxNuYVvhcFCKsYYnFzkdLP+0V8Z7vwN/wrubxzqLe\r\nHZIvI+y4T/Vf88t+zft/2awjldOLv1N5ZjNqxwEF48MqTwO8Lx/cdH2PW8cPCJxyrTZ61cft\r\nR/Hy70S30Sb4pau9rabWQo3775fu7n++9cVPK6cXex6UsynLT+vyPP8Axd418S+OtfuPEvi3\r\nW7jUdVu"..., 
    length = 4}, ssnptr = 0x0, ip_options = {{code = 0 '\000', len = 0, 
      data = 0x0} <repeats 40 times>}, ip_option_count = 0, 
  ip_lastopt_bad = 0 '\000', tcp_options = {{code = 0 '\000', len = 0, 
      data = 0x0} <repeats 40 times>}, tcp_option_count = 0, 
  tcp_lastopt_bad = 0 '\000', csum_flags = 0 '\000', 
  packet_flags = 2147483650, wire_packet = 0 '\000'}
(gdb) print stream_pkt->pkth
$2 = (struct pcap_pkthdr *) 0x817baa0
(gdb) print *stream_pkt->pkth
$3 = {ts = {tv_sec = 999204548, tv_usec = 363279}, caplen = 65313, 
  len = 65313, ifindex = 0, protocol = 0, pkt_type = 0 '\000'}
(gdb) 
$4 = {ts = {tv_sec = 999204548, tv_usec = 363279}, caplen = 65313, 
  len = 65313, ifindex = 0, protocol = 0, pkt_type = 0 '\000'}
(gdb) print s
$5 = (Stream *) 0x0
(gdb) list
2643        if(stream_size > 0 && ubi_trCount(s->dataPtr))
2644        {
2645            /* put the stream together into a packet or something */
2646            BuildPacket(s, stream_size, p, direction);
2647
2648            gotevent = Preprocess(stream_pkt);
2649
2650            //(void)ubi_trTraverse(s->dataPtr, SegmentCleanTraverse, s);
2651            SegmentCleanTraverse(s);
2652            /*bzero(stream_pkt->data, stream_size);*/




More information about the Snort-devel mailing list