[Snort-devel] [ snort-Bugs-453465 ] coredump for snort 1.8.1-REL on freebsd

noreply at ...12... noreply at ...12...
Thu Sep 27 23:34:04 EDT 2001


Bugs item #453465, was opened at 2001-08-20 12:09
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=453465&group_id=3357

Category: None
Group: None
>Status: Closed
>Resolution: Duplicate
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Martin Roesch (roesch)
Summary: coredump for snort 1.8.1-REL on freebsd

Initial Comment:
Ran snort 1.8.REL on freebsd (4.3 -REL, stock os 
binaries) and 4.4-RC2 (recompiled for hardware)
Both produce core dumps at almost random times.

One (custom compile) uses a realtek enet card on a 
850mhz PIII, other (stock freebsd binariews) uses 
Diginal enet card on a 133mhz Pentium.

I sent email to ports maintainers and they suggested 
that I send in a snort bug report.

snort started with 
/usr/local/bin/snort -b -d \
-c /usr/local/share/snort/snort.conf -o -D -A fast

sometimes it runs for hours, sometimes for mins.
data in the 'alert' file does not seem to be 
coordinated with core dump.

I have several (8,9mb) core dumps if you want them.



----------------------------------------------------------------------

>Comment By: Martin Roesch (roesch)
Date: 2001-09-27 23:21

Message:
Logged In: YES 
user_id=18573

Fixed in CVS.

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2001-09-21 11:42

Message:
Logged In: NO 

In case anyone is looking at this, it might be in FREEBSD 
4.4.RC2.  I recompiled under 4.3-Released and have had no 
problems.

----------------------------------------------------------------------

Comment By: Thomas Jones (tejones)
Date: 2001-09-10 12:42

Message:
Logged In: YES 
user_id=319890

I have almost identical behavior - FreeBSD system with 
random coredump times.  I have binaries compiled with -ggdb 
option and cores.  (Currently running FreeBSD 5.0-CURRENT 
#3, de0: <Digital 21140A Fast Ethernet>.)

(gdb) where
#0  0x8088567 in SubSlide (P=0xfc45890c, whichway=0) at 
ubi_BinTree.c:394
#1  0x80885c7 in Neighbor (P=0x8089db8, whichway=2) at 
ubi_BinTree.c:419
#2  0x8088ba0 in ubi_btNext (P=0xfc45890c) at 
ubi_BinTree.c:879
#3  0x808da25 in PruneSessionCache (thetime=4232415500, 
mustdie=0) at spp_stream4.c:2414
#4  0x808b842 in ReassembleStream4 (p=0xfc45890c) at 
spp_stream4.c:1272
#5  0x805aa90 in Preprocess (p=0xfc45890c) at rules.c:3426
#6  0x804b577 in ProcessPacket (user=0xfc45890c <Address 
0xfc45890c out of bounds>, pkthdr=0x0, pkt=0xbfbff594 "���� 
�\b\b")
    at snort.c:534
#7  0x280dc5ed in pcap_read () from /usr/lib/libpcap.so.2
#8  0x280dc263 in pcap_loop () from /usr/lib/libpcap.so.2
#9  0x804cea2 in InterfaceThread (arg=0xfc45890c) at 
snort.c:1561
#10 0x804b413 in main (argc=-62551796, argv=0x0) at 
snort.c:467



----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=453465&group_id=3357




More information about the Snort-devel mailing list