[Snort-devel] Bug on Snort 1.8.6 running on a sparc.

Blyth A J C (Comp) ajcblyth at ...1255...
Thu Apr 11 03:21:03 EDT 2002


Greetings,

I am running Mandrake 7.1 on a sparc. When I compile Snort 1.8.6 it core
dumps on me. In fact the only version of snort that does not is 1.8.3. Here
is the log file. Please tell me if I am doing coming stupid or am an just
going mad :-)

If you want me to run snort with any particular option turned on/off then
please mail me, and I will send you the results.


Regards


Andrew

-------------------------------------------ERROR LOG
FILE--------------------------------------------------------------
Script started on Thu Apr 11 10:19:19 2002
[root at ...1256... snort-1.8.6]# uname -a
Linux j4-itrl-16.comp.glam.ac.uk 2.2.16-5mdk #1 Fri Jun 16 16:00:53 CEST
2000 sparc64 unknown
[root at ...1256... snort-1.8.6]# ./snort 
snort.c:681: Parsing command line...
snort.c:1251: pcap_cmd is NULL
Log directory = /var/log/snort
snort.c:172: Opening interface: eth0

Initializing Network Interface eth0
snaplength info: set=1514/compiled=1514/wanted=0
using config file ./snort.conf
snort.c:3284: Config file = ./snort.conf, config dir = ./ 
Initializing Preprocessors!
Registering keyword:preproc => http_decode:0x27018
Registering keyword:preproc => http_decode_ignore:0x2706c
spp_http_decode.c:115: Preprocessor: HttpDecode in setup...
Registering keyword:preproc => portscan:0x29068
Registering keyword:preproc => portscan-ignorehosts:0x29b80
Registering keyword:preproc => defrag:0x2e3d4
Registering keyword:preproc => stream2:0x34818
Preprocessor: TcpStream2 is setup...
Registering keyword:preproc => spade:0x37030
Registering keyword:preproc => spade-homenet:0x374c0
Registering keyword:preproc => spade-stats:0x37710
Registering keyword:preproc => spade-threshlearn:0x37808
Registering keyword:preproc => spade-adapt:0x37ab8
Registering keyword:preproc => spade-adapt2:0x380c8
Registering keyword:preproc => spade-adapt3:0x38f94
Registering keyword:preproc => spade-survey:0x397d4
Registering keyword:preproc => unidecode:0x435a0
Preprocessor: Unidecode in setup...
Registering keyword:preproc => rpc_decode:0x4458c
Preprocessor: RpcDecode in setup...
Registering keyword:preproc => bo:0x44904
Preprocessor: Back Orifice is setup...
Registering keyword:preproc => telnet_neg:0x44eb8
Registering keyword:preproc => telnet_negotiation:0x44eb8
Registering keyword:preproc => telnet_decode:0x44eb8
Preprocessor: Telnet Negotiation Decode is setup...
Registering keyword:preproc => stream4:0x48248
Registering keyword:preproc => stream4_reassemble:0x489fc
spp_stream4.c:555: Preprocessor: Stream4 is setup...
Registering keyword:preproc => frag2:0x4c954
spp_frag2.c:296: Preprocessor: frag2 is setup...
Registering keyword:preproc => arpspoof:0x4ddd8
Registering keyword:preproc => arpspoof_detect_host:0x4defc
spp_arpspoof.c:168: Preprocessor: ARPspoof is setup...
Initializing Plug-ins!
Registering keyword:func => content:0x24934
Registering keyword:func => content-list:0x24878
Registering keyword:func => offset:0x24a24
Registering keyword:func => depth:0x24b80
Registering keyword:func => nocase:0x24cb0
Registering keyword:func => regex:0x24d68
Registering keyword:func => uricontent:0x249ac
sp_pattern_match.c:38: Plugin: PatternMatch Initialized!
Registering keyword:func => flags:0x25efc
Plugin: TCPFlagCheck Initialized!
Registering keyword:func => itype:0x2628c
Plugin: IcmpTypeCheck Initialized
Registering keyword:func => icode:0x26454
Plugin: IcmpCodeCheck Initialized
Registering keyword:func => ttl:0x265e8
Plugin: TTLCheck Initialized
Registering keyword:func => id:0x26a40
Plugin: IpIdCheck Initialized
Registering keyword:func => ack:0x26b78
Plugin: TcpAckCheck Initialized
Registering keyword:func => seq:0x26c98
Plugin: TcpSeqCheck Initialized
Registering keyword:func => dsize:0x26dc8
Plugin: DsizeCheck Initialized
Registering keyword:func => ipopts:0x2a0f0
Plugin: IpOptionCheck Initialized
Registering keyword:func => rpc:0x2a448
Plugin: RPCCheck Initialized
Registering keyword:func => icmp_id:0x2a838
Plugin: IcmpIdCheck Setup
Registering keyword:func => icmp_seq:0x2a9a8
Plugin: IcmpSeqCheck Setup
Registering keyword:func => session:0x2d558
Plugin: Session Setup
Registering keyword:func => tos:0x34548
Plugin: IpTosCheck Initialized
Registering keyword:func => reference:0x367f0
Plugin: Reference Setup
Registering keyword:func => fragbits:0x36c5c
Plugin: FragBits Setup
Registering keyword:func => window:0x44380
Plugin: TcpWinCheckInit Initialized
Registering keyword:func => ip_proto:0x45f38
Plugin: IpProto Setup
Registering keyword:func => sameip:0x45a94
Plugin: IpSameCheck Initialized
Registering keyword:func => classtype:0x45ba0
Registering keyword:func => priority:0x45d54
sp_priority.c:84: Plugin: Priority Setup
Initializating Output Plugins!
Registering keyword:output => alert_syslog:0x2ab1c
Output plugin: Alert-Syslog is setup...
Registering keyword:output => log_tcpdump:0x2b424
Output plugin: Log-Tcpdump is setup...
Registering keyword:output => database:0x2b868
database(debug): database plugin is registered...
Registering keyword:output => alert_fast:0x30d80
Output plugin: FastAlert is setup...
Registering keyword:output => alert_full:0x30f10
Output plugin: FullAlert is setup...
Registering keyword:output => alert_smb:0x310c0
spo_alert_smb.c:60: Output plugin: AlertSmb is setup...
Registering keyword:output => alert_unixsock:0x31658
Output plugin: AlertUnixSock is setup...
Registering keyword:output => xml:0x318e0
xml_plugin: : Output plugin: xml is registered
Registering keyword:output => CSV:0x450d0
Output plugin: CSV is setup...
Registering keyword:output => log_unified:0x46cd0
Registering keyword:output => alert_unified:0x46d84
spo_unified.c:93: Output plugin: Unified logging/alerting is setup...
Registering keyword:output => log_null:0x4e0d4
spo_log_null.c:54: Output plugin: LogNull is setup...
-------------------------------------------------
 Keyword     |       Preprocessor @ 
-------------------------------------------------
http_decode  :       0x27018
http_decode_ignore:       0x2706c
portscan     :       0x29068
portscan-ignorehosts:       0x29b80
defrag       :       0x2e3d4
stream2      :       0x34818
spade        :       0x37030
spade-homenet:       0x374c0
spade-stats  :       0x37710
spade-threshlearn:       0x37808
spade-adapt  :       0x37ab8
spade-adapt2 :       0x380c8
spade-adapt3 :       0x38f94
spade-survey :       0x397d4
unidecode    :       0x435a0
rpc_decode   :       0x4458c
bo           :       0x44904
telnet_neg   :       0x44eb8
telnet_negotiation:       0x44eb8
telnet_decode:       0x44eb8
stream4      :       0x48248
stream4_reassemble:       0x489fc
frag2        :       0x4c954
arpspoof     :       0x4ddd8
arpspoof_detect_host:       0x4defc
-------------------------------------------------

-------------------------------------------------
 Keyword     |      Plugin Registered @
-------------------------------------------------
content      :      0x24934
content-list :      0x24878
offset       :      0x24a24
depth        :      0x24b80
nocase       :      0x24cb0
regex        :      0x24d68
uricontent   :      0x249ac
flags        :      0x25efc
itype        :      0x2628c
icode        :      0x26454
ttl          :      0x265e8
id           :      0x26a40
ack          :      0x26b78
seq          :      0x26c98
dsize        :      0x26dc8
ipopts       :      0x2a0f0
rpc          :      0x2a448
icmp_id      :      0x2a838
icmp_seq     :      0x2a9a8
session      :      0x2d558
tos          :      0x34548
reference    :      0x367f0
fragbits     :      0x36c5c
window       :      0x44380
ip_proto     :      0x45f38
sameip       :      0x45a94
classtype    :      0x45ba0
priority     :      0x45d54
-------------------------------------------------

-------------------------------------------------
 Keyword     |          Output @ 
-------------------------------------------------
alert_syslog :       0x2ab1c
log_tcpdump  :       0x2b424
database     :       0x2b868
alert_fast   :       0x30d80
alert_full   :       0x30f10
alert_smb    :       0x310c0
alert_unixsock:       0x31658
xml          :       0x318e0
CSV          :       0x450d0
log_unified  :       0x46cd0
alert_unified:       0x46d84
log_null     :       0x4e0d4
-------------------------------------------------

Parsing Rules file ./snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
initial idx set to '
'
[*] Processing rule: var HOME_NET any

mstring.c:110: [*] Splitting string: var HOME_NET any
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 4 bytes for token mstring.c:170: tok[0]: var
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 9 bytes for token mstring.c:170: tok[1]: HOME_NET
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 4 bytes for last token mstring.c:258: tok[2]: any
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Variable
initial idx set to '
'
[*] Processing rule: var EXTERNAL_NET any

mstring.c:110: [*] Splitting string: var EXTERNAL_NET any
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 4 bytes for token mstring.c:170: tok[0]: var
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 13 bytes for token mstring.c:170: tok[1]:
EXTERNAL_NET
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 4 bytes for last token mstring.c:258: tok[2]: any
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Variable
initial idx set to '
'
[*] Processing rule: var SMTP $HOME_NET

ExpandVars, Before: var SMTP $HOME_NET
ExpandVars, After: var SMTP any
mstring.c:110: [*] Splitting string: var SMTP any
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 4 bytes for token mstring.c:170: tok[0]: var
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 5 bytes for token mstring.c:170: tok[1]: SMTP
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 4 bytes for last token mstring.c:258: tok[2]: any
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Variable
initial idx set to '
'
[*] Processing rule: var HTTP_SERVERS $HOME_NET

ExpandVars, Before: var HTTP_SERVERS $HOME_NET
ExpandVars, After: var HTTP_SERVERS any
mstring.c:110: [*] Splitting string: var HTTP_SERVERS any
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 4 bytes for token mstring.c:170: tok[0]: var
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 13 bytes for token mstring.c:170: tok[1]:
HTTP_SERVERS
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 4 bytes for last token mstring.c:258: tok[2]: any
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Variable
initial idx set to '
'
[*] Processing rule: var SQL_SERVERS $HOME_NET

ExpandVars, Before: var SQL_SERVERS $HOME_NET
ExpandVars, After: var SQL_SERVERS any
mstring.c:110: [*] Splitting string: var SQL_SERVERS any
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 4 bytes for token mstring.c:170: tok[0]: var
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 12 bytes for token mstring.c:170: tok[1]:
SQL_SERVERS
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 4 bytes for last token mstring.c:258: tok[2]: any
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Variable
initial idx set to '
'
[*] Processing rule: var DNS_SERVERS $HOME_NET

ExpandVars, Before: var DNS_SERVERS $HOME_NET
ExpandVars, After: var DNS_SERVERS any
mstring.c:110: [*] Splitting string: var DNS_SERVERS any
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 4 bytes for token mstring.c:170: tok[0]: var
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 12 bytes for token mstring.c:170: tok[1]:
DNS_SERVERS
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 4 bytes for last token mstring.c:258: tok[2]: any
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Variable
initial idx set to '
'
[*] Processing rule: var RULE_PATH ./

mstring.c:110: [*] Splitting string: var RULE_PATH ./
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 4 bytes for token mstring.c:170: tok[0]: var
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 10 bytes for token mstring.c:170: tok[1]:
RULE_PATH
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 3 bytes for last token mstring.c:258: tok[2]: ./
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Variable
initial idx set to '
'
[*] Processing rule: preprocessor frag2

mstring.c:110: [*] Splitting string: preprocessor frag2
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 13 bytes for token mstring.c:170: tok[0]:
preprocessor
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:248: Allocating 6 bytes for last token mstring.c:258: tok[1]:
frag2
mstring.c:263: mSplit got 2 tokens!
[*] Rule start
Rule type: Preprocessor
mstring.c:110: [*] Splitting string: preprocessor frag2
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 1  curr_str = 0
mstring.c:248: Allocating 19 bytes for last token mstring.c:258: tok[0]:
preprocessor frag2
mstring.c:263: mSplit got 1 tokens!
mstring.c:110: [*] Splitting string: preprocessor frag2
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 1  curr_str = 0
mstring.c:156: Allocating 13 bytes for token mstring.c:170: tok[0]:
preprocessor
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 1  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (1)
mstring.c:196: Finishing up...
mstring.c:197: Allocating 6 bytes for last token mstring.c:207: tok[1]:
frag2
mstring.c:211: max_strs = 1  curr_str = 1
mstring.c:213: mSplit got 2 tokens!
comparing: "frag2" => "http_decode"
comparing: "frag2" => "http_decode_ignore"
comparing: "frag2" => "portscan"
comparing: "frag2" => "portscan-ignorehosts"
comparing: "frag2" => "defrag"
comparing: "frag2" => "stream2"
comparing: "frag2" => "spade"
comparing: "frag2" => "spade-homenet"
comparing: "frag2" => "spade-stats"
comparing: "frag2" => "spade-threshlearn"
comparing: "frag2" => "spade-adapt"
comparing: "frag2" => "spade-adapt2"
comparing: "frag2" => "spade-adapt3"
comparing: "frag2" => "spade-survey"
comparing: "frag2" => "unidecode"
comparing: "frag2" => "rpc_decode"
comparing: "frag2" => "bo"
comparing: "frag2" => "telnet_neg"
comparing: "frag2" => "telnet_negotiation"
comparing: "frag2" => "telnet_decode"
comparing: "frag2" => "stream4"
comparing: "frag2" => "stream4_reassemble"
comparing: "frag2" => "frag2"
spp_frag2.c:303: Initializing frag2
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
initial idx set to '
'
[*] Processing rule: preprocessor stream4: detect_scans

mstring.c:110: [*] Splitting string: preprocessor stream4: detect_scans
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 9  curr_str = 0
mstring.c:156: Allocating 13 bytes for token mstring.c:170: tok[0]:
preprocessor
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 9  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (9)
mstring.c:156: Allocating 9 bytes for token mstring.c:170: tok[1]: stream4:
mstring.c:175: curr_str = 2
mstring.c:177: max_strs = 9  curr_str = 2
mstring.c:183: Checking if curr_str (2) >= max_strs (9)
mstring.c:248: Allocating 13 bytes for last token mstring.c:258: tok[2]:
detect_scans
mstring.c:263: mSplit got 3 tokens!
[*] Rule start
Rule type: Preprocessor
mstring.c:110: [*] Splitting string: preprocessor stream4: detect_scans
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 1  curr_str = 0
mstring.c:156: Allocating 21 bytes for token mstring.c:170: tok[0]:
preprocessor stream4
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 1  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (1)
mstring.c:196: Finishing up...
mstring.c:197: Allocating 13 bytes for last token mstring.c:207: tok[1]:
detect_scans
mstring.c:211: max_strs = 1  curr_str = 1
mstring.c:213: mSplit got 2 tokens!
mstring.c:110: [*] Splitting string: preprocessor stream4
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 1  curr_str = 0
mstring.c:156: Allocating 13 bytes for token mstring.c:170: tok[0]:
preprocessor
mstring.c:175: curr_str = 1
mstring.c:177: max_strs = 1  curr_str = 1
mstring.c:183: Checking if curr_str (1) >= max_strs (1)
mstring.c:196: Finishing up...
mstring.c:197: Allocating 8 bytes for last token mstring.c:207: tok[1]:
stream4
mstring.c:211: max_strs = 1  curr_str = 1
mstring.c:213: mSplit got 2 tokens!
comparing: "stream4" => "http_decode"
comparing: "stream4" => "http_decode_ignore"
comparing: "stream4" => "portscan"
comparing: "stream4" => "portscan-ignorehosts"
comparing: "stream4" => "defrag"
comparing: "stream4" => "stream2"
comparing: "stream4" => "spade"
comparing: "stream4" => "spade-homenet"
comparing: "stream4" => "spade-stats"
comparing: "stream4" => "spade-threshlearn"
comparing: "stream4" => "spade-adapt"
comparing: "stream4" => "spade-adapt2"
comparing: "stream4" => "spade-adapt3"
comparing: "stream4" => "spade-survey"
comparing: "stream4" => "unidecode"
comparing: "stream4" => "rpc_decode"
comparing: "stream4" => "bo"
comparing: "stream4" => "telnet_neg"
comparing: "stream4" => "telnet_negotiation"
comparing: "stream4" => "telnet_decode"
comparing: "stream4" => "stream4"
spp_stream4.c:577: log_dir is /var/log/snort
mstring.c:110: [*] Splitting string: detect_scans
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 11  curr_str = 0
mstring.c:248: Allocating 13 bytes for last token mstring.c:258: tok[0]:
detect_scans
mstring.c:263: mSplit got 1 tokens!
mstring.c:110: [*] Splitting string: detect_scans
mstring.c:111: curr_str = 0
mstring.c:138: max_strs = 3  curr_str = 0
mstring.c:248: Allocating 13 bytes for last token mstring.c:258: tok[0]:
detect_scans
mstring.c:263: mSplit got 1 tokens!
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
Bus error (core dumped)
[root at ...1256... snort-1.8.6]#   
[root at ...1256... snort-1.8.6]# gdb snort core 
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-mandrake-linux"...

warning: "/home/ajcblyth/bellerophon/snort-1.8.6/core": no core file handler
recognizes format, using default
Core was generated by `./snort'.
Program terminated with signal 10, Bus error.
Reading symbols from /lib/libm.so.6...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  0x4bf44 in InitStream4Pkt () at spp_stream4.c:2938
2938	    stream_pkt->iph->ip_ver   = 0x4;
(gdb) bt 
#0  0x4bf44 in InitStream4Pkt () at spp_stream4.c:2938
#1  0x48374 in Stream4Init (args=0xefffcd60 "/var/log/snort/session.log")
    at spp_stream4.c:597
#2  0x1eae8 in ParsePreprocessor (rule=0xb1520 "") at rules.c:1336
#3  0x1df5c in ParseRule (rule_file=0xb1c48, 
    prule=0xeffff350 "preprocessor stream4: detect_scans", inclevel=0)
    at rules.c:538
#4  0x1d988 in ParseRulesFile (file=0x8a000 "", inclevel=0) at rules.c:198
#5  0x166d0 in ReadConfFile () at snort.c:3310
#6  0x11f00 in main (argc=1, argv=0xeffff9d4) at snort.c:192
(gdb) quit
[root at ...1256... snort-1.8.6]# exit
exit

Script done on Thu Apr 11 10:20:33 2002
-------------------------------------------ERROR LOG
FILE--------------------------------------------------------------




More information about the Snort-devel mailing list