[Snort-devel] bug in latest cvs

mitchell mitchell at ...1518...
Thu Aug 1 06:18:27 EDT 2002

- System Architecture = alpha EV6
- Operating System and version = linux 2.4.18 compiler 2.96-rh
- Version of snort = cvs from jul 30 3:00pm CST
- What preprocessors you loaded = 
	stream4: detect_state_problem, disable_evasion_alerts
	preprocessor stream4_reassemble noalerts
	preprocessor http_decode: 80 unicode iis_alt_unicode double_encode
	iis_flip_slash full_whitespace
	preprocessor rpc_decode: 111 32771
	preprocessor bo: -nobrute
	preprocessor telnet_decode
	preprocessor asn1_decode
	preprocessor conversation: allowed_ip_protocols all, timeout 60,
	max_conversations 32000
	preprocessor portscan2: scanners_max 3200, targets_max 5000,
	target_limit 5, port_limit 20, timeout 60
-What rules (if any) you were using = 
	all the default rules that come with 1.9.x cvs
What output plug-ins you loaded = 
	output alert_unified: filename snort.alert, limit 256
	output log_unified: filename snort.log, limit 256

- What command line switches you were using = 
	-c /etc/snort/snort.conf -i eth1 -D

-- the core file backtrace with --enable-debug 

gdb snort core 
GNU gdb Red Hat Linux (5.1-0.71)
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
welcome to change it and/or distribute copies of it under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
This GDB was configured as "alpha-redhat-linux"...
Core was generated by `./snort -c /etc/snort/snort.conf -i eth1 -D'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libm.so.6.1...done.
Loaded symbols for /lib/libm.so.6.1
Reading symbols from /lib/libnsl.so.1.1...done.
Loaded symbols for /lib/libnsl.so.1.1
Reading symbols from /lib/libc.so.6.1...done.
Loaded symbols for /lib/libc.so.6.1
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_nisplus.so.2...done.
Loaded symbols for /lib/libnss_nisplus.so.2
#0  0x120043e58 in PreprocUrlDecode (p=0x11ffff0e0) at
430             index++;
(gdb) bt
#0  0x120043e58 in PreprocUrlDecode (p=0x11ffff0e0) at
#1  0x120022404 in Preprocess (p=0x11ffff0e0) at detect.c:80
#2  0x120019c60 in ProcessPacket (user=0x120067954 "SNORT_DEBUG", 
    pkthdr=0x120076a75, pkt=0x12015bed8 "*\002âÐ") at snort.c:580
    #3  0x120056f58 in pcap_read_packet ()
    #4  0x120058818 in pcap_loop ()
    #5  0x12001bc4c in InterfaceThread (arg=0x120067954) at snort.c:1612
    #6  0x120019a4c in SnortMain (argc=537521168, argv=0x1200b3920) at
    #7  0x120019118 in main (argc=537295188, argv=0x120019a80) at
    #8  0x2000012a85c in __libc_start_main (main=0x120019100 <main>,
    argc=6, ubp_av=0x11ffff9b8, init=0x120002ca0 <_init>, 
    fini=0x2000002b800 <_dl_debug_mask>, rtld_fini=0x2c6edf52, 
    stack_end=0x11ffff9a0) at

This is a sensor seeing ~5000-7000 packets a second 
snort 1.8.7 does fine on the machine stays up for months at a time.

If you  need or want any more information just let me know.


More information about the Snort-devel mailing list