[Snort-devel] Sporadic segfaults of snort-1.8p1
ast at ...537...
Sat Jul 14 15:19:53 EDT 2001
1.8p1 segfaults sporadically (1-2 times/day)
System: Linux spider 2.2.19 #2 Fri Jul 6 17:31:42 CEST 2001 i686 unknown
CFLAGS: -O3 -fomit-frame-pointer -funroll-loops -fexpensive-optimizations
-fschedule-insns2 -mwide-multiply -march=pentiumpro -mcpu=pentiumpro
-malign-loops=2 -malign-jumps=2 -malign-functions=4
Note: CFLAGS is valid for the whole system (no distro!).
libz.so.1 => /usr/lib/libz.so.1 (0x4001d000)
libm.so.6 => /lib/libm.so.6 (0x4002e000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40053000)
libmysqlclient.so.10 => /usr/local/mysql/lib/mysql/libmysqlclient.so.10
libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x400a4000)
libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x400d3000)
libc.so.6 => /lib/libc.so.6 (0x401a5000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x402eb000)
libdl.so.2 => /lib/libdl.so.2 (0x4031a000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
spider:/tmp/snort # gdb snort core.1
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
(no debugging symbols found)...
Core was generated by `/tmp/snort/snort -D -i eth1 -b -c
/var/lib/snort/conf18/snort.eth1.conf -z est'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/local/mysql/lib/mysql/libmysqlclient.so.10...done.
Loaded symbols for /usr/local/mysql/lib/mysql/libmysqlclient.so.10
Reading symbols from /usr/lib/libssl.so.0.9.6...done.
Loaded symbols for /usr/lib/libssl.so.0.9.6
Reading symbols from /usr/lib/libcrypto.so.0.9.6...done.
Loaded symbols for /usr/lib/libcrypto.so.0.9.6
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0 0x807e5af in Splay ()
#0 0x807e5af in Splay ()
If you do need any other information please contact me directly (I'm not
attaching core/config to this mail).
Hint: the problem seems to be caused by defragmentation or tcp stream
reassembly. Nothing happens when there's mostly outgoing traffic (not
fragmented, no tcp reassembly). Activated candidates are: frag2, stream4 and
stream4_reassemble. Another indication for this is that until now the snort
instances running on the internal network didn't crash.
D.O.M. Datenverarbeitung GmbH
More information about the Snort-devel