[Snort-devel] [ snort-Bugs-571215 ] SIGBUS with Snort 1.8.6 and Linux 2.4.18

noreply at ...12... noreply at ...12...
Wed Jun 19 10:42:05 EDT 2002


Bugs item #571215, was opened at 2002-06-19 10:10
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=571215&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: SIGBUS with Snort 1.8.6 and Linux 2.4.18

Initial Comment:
Hello everybody !! 
 
I'm using a Debian Linux distribution with Snort 1.8.6. 
My kernel is a 2.4.18 and the box is an old Sparc Station 
LX. 
 
When I install the Debian package (Snort 1.8.6), I've got 
a SIGBUS error when I start snort (with debian's default 
options). 
 
So, I removed the package and install snort with sources 
and a ./configure --enable-debug; make; make install. 
Then, I've got exactely the same problem. My 
configuration file is the default one. If I remove this 3 
options from the default configuration file, no more 
SIGBUS (but a less userfull snort):  
 
preprocessor frag2 
preprocessor stream4: detect_scans 
preprocessor stream4_reassemble 
 
This is what I get with gdb: 
Starting program: /goinfre/snort/snort-1.8.6/snort 
snort.c:681: Parsing command line... 
snort.c:1251: pcap_cmd is NULL 
Log directory = /var/log/snort 
snort.c:172: Opening interface: eth0 
 
Initializing Network Interface eth0 
snaplength info: set=1514/compiled=1514/wanted=0 
using config file ./snort.conf 
snort.c:3284: Config file = ./snort.conf, config dir = ./ 
Initializing Preprocessors! 
Registering keyword:preproc => http_decode:0x27300 
Registering keyword:preproc => 
http_decode_ignore:0x27354 
spp_http_decode.c:115: Preprocessor: HttpDecode in 
setup... 
Registering keyword:preproc => portscan:0x29350 
Registering keyword:preproc => 
portscan-ignorehosts:0x29e68 
Registering keyword:preproc => defrag:0x2e6bc 
Registering keyword:preproc => stream2:0x34b00 
Preprocessor: TcpStream2 is setup... 
Registering keyword:preproc => spade:0x37318 
Registering keyword:preproc => spade-homenet:0x377a8 
Registering keyword:preproc => spade-stats:0x379d4 
Registering keyword:preproc => 
spade-threshlearn:0x37acc 
Registering keyword:preproc => spade-adapt:0x37d7c 
Registering keyword:preproc => spade-adapt2:0x3838c 
Registering keyword:preproc => spade-adapt3:0x39264 
Registering keyword:preproc => spade-survey:0x39aa4 
Registering keyword:preproc => unidecode:0x438d8 
Preprocessor: Unidecode in setup... 
Registering keyword:preproc => rpc_decode:0x448c4 
Preprocessor: RpcDecode in setup... 
Registering keyword:preproc => bo:0x44c3c 
Preprocessor: Back Orifice is setup... 
Registering keyword:preproc => telnet_neg:0x451f0 
Registering keyword:preproc => 
telnet_negotiation:0x451f0 
Registering keyword:preproc => telnet_decode:0x451f0 
Preprocessor: Telnet Negotiation Decode is setup... 
Registering keyword:preproc => stream4:0x48580 
Registering keyword:preproc => 
stream4_reassemble:0x48d34 
spp_stream4.c:555: Preprocessor: Stream4 is setup... 
Registering keyword:preproc => frag2:0x4cc8c 
spp_frag2.c:296: Preprocessor: frag2 is setup... 
Registering keyword:preproc => arpspoof:0x4e110 
Registering keyword:preproc => 
arpspoof_detect_host:0x4e234 
spp_arpspoof.c:168: Preprocessor: ARPspoof is setup... 
Initializing Plug-ins! 
Registering keyword:func => content:0x24c1c 
Registering keyword:func => content-list:0x24b60 
Registering keyword:func => offset:0x24d0c 
Registering keyword:func => depth:0x24e68 
Registering keyword:func => nocase:0x24f98 
Registering keyword:func => regex:0x25050 
Registering keyword:func => uricontent:0x24c94 
sp_pattern_match.c:38: Plugin: PatternMatch Initialized! 
Registering keyword:func => flags:0x261e4 
Plugin: TCPFlagCheck Initialized! 
Registering keyword:func => itype:0x26574 
Plugin: IcmpTypeCheck Initialized 
Registering keyword:func => icode:0x2673c 
Plugin: IcmpCodeCheck Initialized 
Registering keyword:func => ttl:0x268d0 
Plugin: TTLCheck Initialized 
Registering keyword:func => id:0x26d28 
Plugin: IpIdCheck Initialized 
Registering keyword:func => ack:0x26e60 
Plugin: TcpAckCheck Initialized 
Registering keyword:func => seq:0x26f80 
Plugin: TcpSeqCheck Initialized 
Registering keyword:func => dsize:0x270b0 
Plugin: DsizeCheck Initialized 
Registering keyword:func => ipopts:0x2a3d8 
Plugin: IpOptionCheck Initialized 
Registering keyword:func => rpc:0x2a730 
Plugin: RPCCheck Initialized 
Registering keyword:func => icmp_id:0x2ab20 
Plugin: IcmpIdCheck Setup 
Registering keyword:func => icmp_seq:0x2ac90 
Plugin: IcmpSeqCheck Setup 
Registering keyword:func => session:0x2d840 
Plugin: Session Setup 
Registering keyword:func => tos:0x34830 
Plugin: IpTosCheck Initialized 
Registering keyword:func => reference:0x36ad8 
Plugin: Reference Setup 
Registering keyword:func => fragbits:0x36f44 
Plugin: FragBits Setup 
Registering keyword:func => window:0x446b8 
Plugin: TcpWinCheckInit Initialized 
Registering keyword:func => ip_proto:0x46270 
Plugin: IpProto Setup 
Registering keyword:func => sameip:0x45dcc 
Plugin: IpSameCheck Initialized 
Registering keyword:func => classtype:0x45ed8 
Registering keyword:func => priority:0x4608c 
sp_priority.c:84: Plugin: Priority Setup 
Initializating Output Plugins! 
Registering keyword:output => alert_syslog:0x2ae04 
Output plugin: Alert-Syslog is setup... 
Registering keyword:output => log_tcpdump:0x2b70c 
Output plugin: Log-Tcpdump is setup... 
Registering keyword:output => database:0x2bb50 
database(debug): database plugin is registered... 
Registering keyword:output => alert_fast:0x31068 
Output plugin: FastAlert is setup... 
Registering keyword:output => alert_full:0x311f8 
Output plugin: FullAlert is setup... 
Registering keyword:output => alert_smb:0x313a8 
spo_alert_smb.c:60: Output plugin: AlertSmb is setup... 
Registering keyword:output => alert_unixsock:0x31940 
Output plugin: AlertUnixSock is setup... 
Registering keyword:output => xml:0x31bc8 
xml_plugin: : Output plugin: xml is registered 
Registering keyword:output => CSV:0x45408 
Output plugin: CSV is setup... 
Registering keyword:output => log_unified:0x47008 
Registering keyword:output => alert_unified:0x470bc 
spo_unified.c:93: Output plugin: Unified logging/alerting is 
setup... 
Registering keyword:output => log_null:0x4e40c 
spo_log_null.c:54: Output plugin: LogNull is setup... 
------------------------------------------------- 
 Keyword     |       Preprocessor @ 
------------------------------------------------- 
http_decode  :       0x27300 
http_decode_ignore:       0x27354 
portscan     :       0x29350 
portscan-ignorehosts:       0x29e68 
defrag       :       0x2e6bc 
stream2      :       0x34b00 
spade        :       0x37318 
spade-homenet:       0x377a8 
spade-stats  :       0x379d4 
spade-threshlearn:       0x37acc 
spade-adapt  :       0x37d7c 
spade-adapt2 :       0x3838c 
spade-adapt3 :       0x39264 
spade-survey :       0x39aa4 
unidecode    :       0x438d8 
rpc_decode   :       0x448c4 
bo           :       0x44c3c 
telnet_neg   :       0x451f0 
telnet_negotiation:       0x451f0 
telnet_decode:       0x451f0 
stream4      :       0x48580 
stream4_reassemble:       0x48d34 
frag2        :       0x4cc8c 
arpspoof     :       0x4e110 
arpspoof_detect_host:       0x4e234 
------------------------------------------------- 
 
------------------------------------------------- 
 Keyword     |      Plugin Registered @ 
------------------------------------------------- 
content      :      0x24c1c 
content-list :      0x24b60 
offset       :      0x24d0c 
depth        :      0x24e68 
nocase       :      0x24f98 
regex        :      0x25050 
uricontent   :      0x24c94 
flags        :      0x261e4 
itype        :      0x26574 
icode        :      0x2673c 
ttl          :      0x268d0 
id           :      0x26d28 
ack          :      0x26e60 
seq          :      0x26f80 
dsize        :      0x270b0 
ipopts       :      0x2a3d8 
rpc          :      0x2a730 
icmp_id      :      0x2ab20 
icmp_seq     :      0x2ac90 
session      :      0x2d840 
tos          :      0x34830 
reference    :      0x36ad8 
fragbits     :      0x36f44 
window       :      0x446b8 
ip_proto     :      0x46270 
sameip       :      0x45dcc 
classtype    :      0x45ed8 
priority     :      0x4608c 
------------------------------------------------- 
 
------------------------------------------------- 
 Keyword     |          Output @ 
------------------------------------------------- 
alert_syslog :       0x2ae04 
log_tcpdump  :       0x2b70c 
database     :       0x2bb50 
alert_fast   :       0x31068 
alert_full   :       0x311f8 
alert_smb    :       0x313a8 
alert_unixsock:       0x31940 
xml          :       0x31bc8 
CSV          :       0x45408 
log_unified  :       0x47008 
alert_unified:       0x470bc 
log_null     :       0x4e40c 
------------------------------------------------- 
 
Parsing Rules file ./snort.conf 
 
+++++++++++++++++++++++++++++++++++++++++++++++++++ 
Initializing rule chains... 
initial idx set to ' 
' 
[*] Processing rule: var HOME_NET any 
 
mstring.c:110: [*] Splitting string: var HOME_NET any 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 4 bytes for token mstring.c:170: 
tok[0]: var 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 9 bytes for token mstring.c:170: 
tok[1]: HOME_NET 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 4 bytes for last token 
mstring.c:258: tok[2]: any 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Variable 
initial idx set to ' 
' 
[*] Processing rule: var EXTERNAL_NET any 
 
mstring.c:110: [*] Splitting string: var EXTERNAL_NET 
any 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 4 bytes for token mstring.c:170: 
tok[0]: var 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 13 bytes for token mstring.c:170: 
tok[1]: EXTERNAL_NET 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 4 bytes for last token 
mstring.c:258: tok[2]: any 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Variable 
initial idx set to ' 
' 
[*] Processing rule: var SMTP $HOME_NET 
 
ExpandVars, Before: var SMTP $HOME_NET 
ExpandVars, After: var SMTP any 
mstring.c:110: [*] Splitting string: var SMTP any 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 4 bytes for token mstring.c:170: 
tok[0]: var 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 5 bytes for token mstring.c:170: 
tok[1]: SMTP 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 4 bytes for last token 
mstring.c:258: tok[2]: any 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Variable 
initial idx set to ' 
' 
[*] Processing rule: var HTTP_SERVERS $HOME_NET 
 
ExpandVars, Before: var HTTP_SERVERS $HOME_NET 
ExpandVars, After: var HTTP_SERVERS any 
mstring.c:110: [*] Splitting string: var HTTP_SERVERS 
any 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 4 bytes for token mstring.c:170: 
tok[0]: var 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 13 bytes for token mstring.c:170: 
tok[1]: HTTP_SERVERS 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 4 bytes for last token 
mstring.c:258: tok[2]: any 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Variable 
initial idx set to ' 
' 
[*] Processing rule: var SQL_SERVERS $HOME_NET 
 
ExpandVars, Before: var SQL_SERVERS $HOME_NET 
ExpandVars, After: var SQL_SERVERS any 
mstring.c:110: [*] Splitting string: var SQL_SERVERS any 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 4 bytes for token mstring.c:170: 
tok[0]: var 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 12 bytes for token mstring.c:170: 
tok[1]: SQL_SERVERS 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 4 bytes for last token 
mstring.c:258: tok[2]: any 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Variable 
initial idx set to ' 
' 
[*] Processing rule: var DNS_SERVERS $HOME_NET 
 
ExpandVars, Before: var DNS_SERVERS $HOME_NET 
ExpandVars, After: var DNS_SERVERS any 
mstring.c:110: [*] Splitting string: var DNS_SERVERS any 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 4 bytes for token mstring.c:170: 
tok[0]: var 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 12 bytes for token mstring.c:170: 
tok[1]: DNS_SERVERS 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 4 bytes for last token 
mstring.c:258: tok[2]: any 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Variable 
initial idx set to ' 
' 
[*] Processing rule: var RULE_PATH ./ 
 
mstring.c:110: [*] Splitting string: var RULE_PATH ./ 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 4 bytes for token mstring.c:170: 
tok[0]: var 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 10 bytes for token mstring.c:170: 
tok[1]: RULE_PATH 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 3 bytes for last token 
mstring.c:258: tok[2]: ./ 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Variable 
initial idx set to ' 
' 
[*] Processing rule: preprocessor frag2 
 
mstring.c:110: [*] Splitting string: preprocessor frag2 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 13 bytes for token mstring.c:170: 
tok[0]: preprocessor 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:248: Allocating 6 bytes for last token 
mstring.c:258: tok[1]: frag2 
mstring.c:263: mSplit got 2 tokens! 
[*] Rule start 
Rule type: Preprocessor 
mstring.c:110: [*] Splitting string: preprocessor frag2 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 1  curr_str = 0 
mstring.c:248: Allocating 19 bytes for last token 
mstring.c:258: tok[0]: preprocessor frag2 
mstring.c:263: mSplit got 1 tokens! 
mstring.c:110: [*] Splitting string: preprocessor frag2 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 1  curr_str = 0 
mstring.c:156: Allocating 13 bytes for token mstring.c:170: 
tok[0]: preprocessor 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 1  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (1) 
mstring.c:196: Finishing up... 
mstring.c:197: Allocating 6 bytes for last token 
mstring.c:207: tok[1]: frag2 
mstring.c:211: max_strs = 1  curr_str = 1 
mstring.c:213: mSplit got 2 tokens! 
comparing: "frag2" => "http_decode" 
comparing: "frag2" => "http_decode_ignore" 
comparing: "frag2" => "portscan" 
comparing: "frag2" => "portscan-ignorehosts" 
comparing: "frag2" => "defrag" 
comparing: "frag2" => "stream2" 
comparing: "frag2" => "spade" 
comparing: "frag2" => "spade-homenet" 
comparing: "frag2" => "spade-stats" 
comparing: "frag2" => "spade-threshlearn" 
comparing: "frag2" => "spade-adapt" 
comparing: "frag2" => "spade-adapt2" 
comparing: "frag2" => "spade-adapt3" 
comparing: "frag2" => "spade-survey" 
comparing: "frag2" => "unidecode" 
comparing: "frag2" => "rpc_decode" 
comparing: "frag2" => "bo" 
comparing: "frag2" => "telnet_neg" 
comparing: "frag2" => "telnet_negotiation" 
comparing: "frag2" => "telnet_decode" 
comparing: "frag2" => "stream4" 
comparing: "frag2" => "stream4_reassemble" 
comparing: "frag2" => "frag2" 
spp_frag2.c:303: Initializing frag2 
No arguments to frag2 directive, setting defaults to: 
    Fragment timeout: 60 seconds 
    Fragment memory cap: 4194304 bytes 
initial idx set to ' 
' 
[*] Processing rule: preprocessor stream4: detect_scans 
 
mstring.c:110: [*] Splitting string: preprocessor stream4: 
detect_scans 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 9  curr_str = 0 
mstring.c:156: Allocating 13 bytes for token mstring.c:170: 
tok[0]: preprocessor 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 9  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (9) 
mstring.c:156: Allocating 9 bytes for token mstring.c:170: 
tok[1]: stream4: 
mstring.c:175: curr_str = 2 
mstring.c:177: max_strs = 9  curr_str = 2 
mstring.c:183: Checking if curr_str (2) >= max_strs (9) 
mstring.c:248: Allocating 13 bytes for last token 
mstring.c:258: tok[2]: detect_scans 
mstring.c:263: mSplit got 3 tokens! 
[*] Rule start 
Rule type: Preprocessor 
mstring.c:110: [*] Splitting string: preprocessor stream4: 
detect_scans 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 1  curr_str = 0 
mstring.c:156: Allocating 21 bytes for token mstring.c:170: 
tok[0]: preprocessor stream4 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 1  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (1) 
mstring.c:196: Finishing up... 
mstring.c:197: Allocating 13 bytes for last token 
mstring.c:207: tok[1]: detect_scans 
mstring.c:211: max_strs = 1  curr_str = 1 
mstring.c:213: mSplit got 2 tokens! 
mstring.c:110: [*] Splitting string: preprocessor stream4 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 1  curr_str = 0 
mstring.c:156: Allocating 13 bytes for token mstring.c:170: 
tok[0]: preprocessor 
mstring.c:175: curr_str = 1 
mstring.c:177: max_strs = 1  curr_str = 1 
mstring.c:183: Checking if curr_str (1) >= max_strs (1) 
mstring.c:196: Finishing up... 
mstring.c:197: Allocating 8 bytes for last token 
mstring.c:207: tok[1]: stream4 
mstring.c:211: max_strs = 1  curr_str = 1 
mstring.c:213: mSplit got 2 tokens! 
comparing: "stream4" => "http_decode" 
comparing: "stream4" => "http_decode_ignore" 
comparing: "stream4" => "portscan" 
comparing: "stream4" => "portscan-ignorehosts" 
comparing: "stream4" => "defrag" 
comparing: "stream4" => "stream2" 
comparing: "stream4" => "spade" 
comparing: "stream4" => "spade-homenet" 
comparing: "stream4" => "spade-stats" 
comparing: "stream4" => "spade-threshlearn" 
comparing: "stream4" => "spade-adapt" 
comparing: "stream4" => "spade-adapt2" 
comparing: "stream4" => "spade-adapt3" 
comparing: "stream4" => "spade-survey" 
comparing: "stream4" => "unidecode" 
comparing: "stream4" => "rpc_decode" 
comparing: "stream4" => "bo" 
comparing: "stream4" => "telnet_neg" 
comparing: "stream4" => "telnet_negotiation" 
comparing: "stream4" => "telnet_decode" 
comparing: "stream4" => "stream4" 
spp_stream4.c:577: log_dir is /var/log/snort 
mstring.c:110: [*] Splitting string: detect_scans 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 11  curr_str = 0 
mstring.c:248: Allocating 13 bytes for last token 
mstring.c:258: tok[0]: detect_scans 
mstring.c:263: mSplit got 1 tokens! 
mstring.c:110: [*] Splitting string: detect_scans 
mstring.c:111: curr_str = 0 
mstring.c:138: max_strs = 3  curr_str = 0 
mstring.c:248: Allocating 13 bytes for last token 
mstring.c:258: tok[0]: detect_scans 
mstring.c:263: mSplit got 1 tokens! 
Stream4 config: 
    Stateful inspection: ACTIVE 
    Session statistics: INACTIVE 
    Session timeout: 30 seconds 
    Session memory cap: 8388608 bytes 
    State alerts: INACTIVE 
    Scan alerts: ACTIVE 
    Log Flushed Streams: INACTIVE 
 
Program received signal SIGBUS, Bus error. 
0x0004c27c in InitStream4Pkt () at spp_stream4.c:2938 
2938        stream_pkt->iph->ip_ver   = 0x4; 
(gdb) bt 
#0  0x0004c27c in InitStream4Pkt () at 
spp_stream4.c:2938 
#1  0x000486ac in Stream4Init (args=0xefffc1c0 
"/var/log/snort/session.log") at spp_stream4.c:597 
#2  0x0001edcc in ParsePreprocessor (rule=0xa2680 "") 
at rules.c:1336 
#3  0x0001e240 in ParseRule (rule_file=0xa2da8, 
prule=0xefffe7b0 "preprocessor stream4: detect_scans", 
    inclevel=0) at rules.c:538 
#4  0x0001dc6c in ParseRulesFile (file=0x7f400 "", 
inclevel=0) at rules.c:198 
#5  0x000169b4 in ReadConfFile () at snort.c:3310 
#6  0x00012250 in main (argc=1, argv=0xefffee34) at 
snort.c:192 
(gdb) 
 
Any idea ?? 
 
 
 
 
 

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=571215&group_id=3357




More information about the Snort-devel mailing list