[Snort-devel] snort 1.7 segv

Lawrence C Mc Abee lcm at ...405...
Tue May 1 23:54:52 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain; charset=us-ascii


System Architecture (Sparc, x86, etc):	x86
Operating System and version: Linux, rh-6.2, 2.2.17-14
What rules (if any) you were using: rules tarball from snort.org, with some commented out
What command line switches you were using: just -c
Any Snort error messages: none, just segv.

uname -a output: Linux HOSTNAME 2.2.17-14 #11 SMP Thu Apr 19 22:16:10 EDT 2001 i686 unknown

comments: Seems load related. snort consistently cores out during large file 
 transfers involving machine it is running on.

gdb output:

Core was generated by `/usr/local/bin/snort -c /home/lcm/WORK/snort/conf/snort.conf'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/local/lib/libpcap.so.0...done.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_nis.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  0x805c1da in fragcompare (i=0x858e978, j=0x858e978) at spp_defrag.c:171
171         if(SADDR(i) > SADDR(j))
(gdb) where
#0  0x805c1da in fragcompare (i=0x858e978, j=0x858e978) at spp_defrag.c:171
#1  0x805c370 in fragsplay (i=0x858e978, t=0x8594238) at spp_defrag.c:244
#2  0x805c512 in fragdelete (i=0x858e978, t=0x8594238) at spp_defrag.c:378
#3  0x805cc63 in PreprocDefrag (p=0xbfffeec0) at spp_defrag.c:938
#4  0x8054a35 in Preprocess (p=0xbfffeec0) at rules.c:3016
#5  0x804c476 in ProcessPacket (user=0x0, pkthdr=0xbffff338, pkt=0x80fbcd0 "")
    at snort.c:463
#6  0x4001aa60 in pcap_read_packet () from /usr/local/lib/libpcap.so.0
#7  0x4001a87a in pcap_read () from /usr/local/lib/libpcap.so.0
#8  0x4001b8d1 in pcap_loop () from /usr/local/lib/libpcap.so.0
#9  0x804d23e in InterfaceThread (arg=0x0) at snort.c:1278
#10 0x804c377 in main (argc=3, argv=0xbffff494) at snort.c:397





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Trust No One

iD8DBQE674UMPrw2Xr+ozBcRAunrAKCdc55HBceyCl3YCmq2W6ZH0mSAfgCeM+ml
BIRzTVF0VlMuQukeqYserCk=
=2WtV
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list