[Snort-devel] New Stream reassembly code committed

Martin Roesch roesch at ...402...
Wed May 9 00:43:33 EDT 2001


Ok, try it again, there are a bunch of tweaks and bug fixes in CVS now
(beta5 build 19).

    -Marty

Joe McAlerney wrote:
> 
> I got a seg fault after a minute or two.  It looks like dummy->pkt is
> NULL, which I'm assuming it shouldn't be.  I can print out more
> information if you need it.
> 
> -Joe M.
> 
> --
> |   Joe McAlerney     joey at ...63...   |
> | Silicon Defense - Technical Support for Snort |
> |       http://www.silicondefense.com/          |
> +--                                           --+
> 
> Packet (10 B0EED956/2C2FA3E3 28740) - 10.0.0.220:1081 ->
> 216.136.173.19:80 (0)
> HASH: cfa1b1eb
> spp_tcp_stream3.c:500: status: 4/4
> pulling data from packet
> No data in packet
> Data list for: server
>   0: 2C2F987B(1460)
>   1: 2C2F9E2F(1460)
> 
> Finding length of packet based on ACK
> Data list for: server
>   0: 2C2F987B(1460)
>   1: 2C2F9E2F(1460)
> 
> Trying to make a new packet!  psize: 2920
> In fill buffer on server side with size: 2920
> Packet!
> ip header starts at: 0x80bcb44, length is 2960
> Bad IP checksum
> IP header length: 20
> TCP th_off is 5, passed len is 2940
> Bad TCP checksum
> tcp header starts at: 0x80bcb58
> fragments =>
>     mem used: 0
>     mem freed: 0
>     fragmemuse: 0
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x1da01ef0 in ?? ()
> (gdb) bt
> #0  0x1da01ef0 in ?? ()
> #1  0x804b77b in ProcessPacket (user=0x0, pkthdr=0x80bcb30,
> pkt=0x80bcb40 "")
>     at snort.c:501
> #2  0x80782f1 in TcpStream3Packetize (sptr=0x84a9e10, pb=0x0,
> psize=2920,
>     server_packet=0) at spp_tcp_stream3.c:1092
> #3  0x8077973 in TcpStream3Packet (p=0xbfffeed0) at
> spp_tcp_stream3.c:555
> #4  0x8056fde in Preprocess (p=0xbfffeed0) at rules.c:3358
> #5  0x804b77b in ProcessPacket (user=0x0, pkthdr=0xbffff370,
> pkt=0x80bb030 "")
>     at snort.c:501
> #6  0x80789b2 in pcap_read_packet ()
> #7  0x807974b in pcap_loop ()
> #8  0x804cc94 in InterfaceThread (arg=0x0) at snort.c:1377
> #9  0x804b64b in main (argc=0, argv=0x0) at snort.c:434
> #10 0x401a4f31 in __libc_start_main (main=0x804af7c <main>, argc=9,
>     ubp_av=0xbffff524, init=0x804a334 <_init>, fini=0x80818dc <_fini>,
>     rtld_fini=0x4000e274 <_dl_fini>, stack_end=0xbffff51c)
>     at ../sysdeps/generic/libc-start.c:129
> (gdb) print dummy->pkth
> $1 = (struct pcap_pkthdr *) 0x80bcb30
> (gdb) print dummy->pkt
> $2 = (u_int8_t *) 0x80bcb40 ""
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch
roesch at ...402...
http://www.sourcefire.com - http://www.snort.org




More information about the Snort-devel mailing list