[Snort-devel] New Stream reassembly code committed

Joe McAlerney joey at ...60...
Tue May 8 17:23:16 EDT 2001


I got a seg fault after a minute or two.  It looks like dummy->pkt is
NULL, which I'm assuming it shouldn't be.  I can print out more
information if you need it.

-Joe M.

-- 
|   Joe McAlerney     joey at ...63...   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+

Packet (10 B0EED956/2C2FA3E3 28740) - 10.0.0.220:1081 ->
216.136.173.19:80 (0)
HASH: cfa1b1eb
spp_tcp_stream3.c:500: status: 4/4
pulling data from packet
No data in packet
Data list for: server
  0: 2C2F987B(1460)
  1: 2C2F9E2F(1460)

Finding length of packet based on ACK
Data list for: server
  0: 2C2F987B(1460)
  1: 2C2F9E2F(1460)

Trying to make a new packet!  psize: 2920
In fill buffer on server side with size: 2920
Packet!
ip header starts at: 0x80bcb44, length is 2960
Bad IP checksum
IP header length: 20
TCP th_off is 5, passed len is 2940
Bad TCP checksum
tcp header starts at: 0x80bcb58
fragments =>
    mem used: 0
    mem freed: 0
    fragmemuse: 0

Program received signal SIGSEGV, Segmentation fault.
0x1da01ef0 in ?? ()
(gdb) bt
#0  0x1da01ef0 in ?? ()
#1  0x804b77b in ProcessPacket (user=0x0, pkthdr=0x80bcb30,
pkt=0x80bcb40 "")
    at snort.c:501
#2  0x80782f1 in TcpStream3Packetize (sptr=0x84a9e10, pb=0x0,
psize=2920, 
    server_packet=0) at spp_tcp_stream3.c:1092
#3  0x8077973 in TcpStream3Packet (p=0xbfffeed0) at
spp_tcp_stream3.c:555
#4  0x8056fde in Preprocess (p=0xbfffeed0) at rules.c:3358
#5  0x804b77b in ProcessPacket (user=0x0, pkthdr=0xbffff370,
pkt=0x80bb030 "")
    at snort.c:501
#6  0x80789b2 in pcap_read_packet ()
#7  0x807974b in pcap_loop ()
#8  0x804cc94 in InterfaceThread (arg=0x0) at snort.c:1377
#9  0x804b64b in main (argc=0, argv=0x0) at snort.c:434
#10 0x401a4f31 in __libc_start_main (main=0x804af7c <main>, argc=9, 
    ubp_av=0xbffff524, init=0x804a334 <_init>, fini=0x80818dc <_fini>, 
    rtld_fini=0x4000e274 <_dl_fini>, stack_end=0xbffff51c)
    at ../sysdeps/generic/libc-start.c:129
(gdb) print dummy->pkth
$1 = (struct pcap_pkthdr *) 0x80bcb30
(gdb) print dummy->pkt 
$2 = (u_int8_t *) 0x80bcb40 ""




More information about the Snort-devel mailing list