[Snort-devel] Version 1.8.4 (Build 99)

Phil Wood cpw at ...86...
Wed Apr 17 16:48:03 EDT 2002


I'm sorry, haven't got around to upgrading on this particular sensor.
However, it has been very stable for a long time.  And, I've not seen
this particular segfault.  Have you?

Version 1.8.4 (Build 99)

Core was generated by `snort -L b220020417.0000 -b -o -R -b2 -i eth1 -S SCANLOG=/data/pw/log/slop/b220'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/mysql/libmysqlclient.so.9...done.
Loaded symbols for /usr/lib/mysql/libmysqlclient.so.9
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_nisplus.so.2...done.
Loaded symbols for /lib/libnss_nisplus.so.2
Reading symbols from /lib/libnss_nis.so.2...done.
Loaded symbols for /lib/libnss_nis.so.2
#0  0x8079dde in ubi_btKillTree (RootPtr=0x401b2f00, 
    FreeNode=0x807e75c <KillSpd>) at ubi_BinTree.c:395
395           P = P->Link[ whichway ];
(gdb) where
#0  0x8079dde in ubi_btKillTree (RootPtr=0x401b2f00, 
    FreeNode=0x807e75c <KillSpd>) at ubi_BinTree.c:395
#1  0x807ddf9 in FlushStream (s=0x86e1868, p=0xbfffee40, direction=0)
    at spp_stream4.c:2393
#2  0x807be5a in ReassembleStream4 (p=0xbfffee40) at spp_stream4.c:1256
#3  0x8059946 in Preprocess (p=0xbfffee40) at rules.c:3539
#4  0x804c8f3 in ProcessPacket (user=0x0, pkthdr=0xbffff330, pkt=0x403b6682 "")
    at snort.c:548
#5  0x808dc0d in pcap_ring_recv (p=0x8160b50, cnt=-1, 
    callback=0x804c7c4 <ProcessPacket>, user=0x0) at pcap-ring.c:279
#6  0x8081dc3 in pcap_loop (p=0x8160b50, cnt=-1, 
    callback=0x804c7c4 <ProcessPacket>, user=0x0) at pcap.c:81
#7  0x804fc50 in InterfaceThread (arg=0x0) at snort.c:1704
#8  0x804c7b5 in main (argc=17, argv=0xbffff4d4) at snort.c:478
#9  0x400b0b65 in __libc_start_main (main=0x804c11c <main>, argc=17, 
    ubp_av=0xbffff4d4, init=0x804b66c <_init>, fini=0x80fc34c <_fini>, 
    rtld_fini=0x4000df24 <_dl_fini>, stack_end=0xbffff4cc)
    at ../sysdeps/generic/libc-start.c:111
(gdb) list
390        */
391       {
392
393       if( NULL != P )
394         while( NULL != P->Link[ whichway ] )
395           P = P->Link[ whichway ];
396       return( P );
397       } /* SubSlide */
398
399     static ubi_btNodePtr Neighbor( register ubi_btNodePtr P,
(gdb) up
#1  0x807ddf9 in FlushStream (s=0x86e1868, p=0xbfffee40, direction=0)
    at spp_stream4.c:2393
2393        (void)ubi_trKillTree(Root, KillSpd);
(gdb) up
#2  0x807be5a in ReassembleStream4 (p=0xbfffee40) at spp_stream4.c:1256
1256                            FlushStream(&ssn->server, p, REVERSE);
(gdb) print ssn->server
$4 = {ip = 141411640, port = 50542, state = 109 'm', isn = 1019085309, 
  current_seq = 449111, base_seq = 1514, last_ack = 460239146, 
  win_size = 31532, pkts_sent = 99222964, bytes_sent = 23429, data = {
    root = 0x0, cmp = 0, count = 793, flags = 0 '\000'}, dataPtr = 0x401b2f00}
(gdb) print *p
$5 = {pkth = 0xbffff330, pkt = 0x403b6682 "", fddihdr = 0x0, fddisaps = 0x0, 
  fddisna = 0x0, fddiiparp = 0x0, fddiother = 0x0, trh = 0x0, trhllc = 0x0, 
  trhmr = 0x0, sllh = 0x0, pfh = 0x0, eh = 0x403b6682, vh = 0x0, ehllc = 0x0, 
  ehllcother = 0x0, ah = 0x0, iph = 0x403b6690, orig_iph = 0x0, 
  ip_options_len = 0, ip_options_data = 0x0, tcph = 0x403b66a4, 
  orig_tcph = 0x0, tcp_options_len = 0, tcp_options_data = 0x0, udph = 0x0, 
  orig_udph = 0x0, icmph = 0x0, orig_icmph = 0x0, ext = 0x0, 
  data = 0x403b66b8 "\004c�\b�\0228���'\f4���Y \223r\022p��\232\t��\b$\016\234d*..\022�^�E`\035��\030p�:f\2021\ewNk�$S\221\b�\002\036b��\022�\233&\t8�.3�\230\025x��L�T\230\001\017+U\r\207�\216\0020'\030\e\r\035\235�\f�QK\201�\032�k�N\017\0220!\030\003\237\020���LcK!�S\\Y]\034\026)\211O", dsize = 1460, 
  frag_flag = 0 '\000', frag_offset = 0, mf = 0 '\000', df = 1 '\001', 
  rf = 0 '\000', sp = 80, dp = 1212, orig_sp = 0, orig_dp = 0, caplen = 0, 
  URI = {uri = 0x0, length = 0}, ssnptr = 0x86e1858, ip_options = {{
      code = 0 '\000', len = 0, data = 0x0} <repeats 40 times>}, 
  ip_option_count = 0, ip_lastopt_bad = 0 '\000', tcp_options = {{
      code = 0 '\000', len = 0, data = 0x0} <repeats 40 times>}, 
  tcp_option_count = 0, tcp_lastopt_bad = 0 '\000', csum_flags = 0 '\000', 
  packet_flags = 132}


Thanks,

Phil




More information about the Snort-devel mailing list