[Snort-devel] 1.9.0 segfault on Alpha [and linux-sparc]

Ricardo A. Gorosito rgorosito at ...1077...
Wed Oct 16 16:45:04 EDT 2002


1.9.0 return Bus Error On linux/sparc : (with stream4/defrag on and off)

*#gdb ./src/snort*
<snip>
This GDB was configured as "sparc-redhat-linux"...
*(gdb) set args -v -c etc/snort.conf
(gdb) run
*Starting program: /usr/local/src/snort-1.9.0/src/snort -v -c etc/snort.conf
Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth4

        --== Initializing Snort ==--
Decoding Ethernet on interface eth4
Initializing Preprocessors!
Initializing Plug-ins!
Plugin: TcpWinCheckInit Initialized
-------------------------------------------------
 Keyword     |       Preprocessor @
-------------------------------------------------
http_decode  :       0x3eebc
http_decode_ignore:       0x3effc
portscan     :       0x4133c
portscan-ignorehosts:       0x41f30
rpc_decode   :       0x424f0
bo           :       0x3d228
telnet_decode:       0x48bfc
stream4      :       0x435dc
stream4_reassemble:       0x43e74
frag2        :       0x3d9a0
arpspoof     :       0x3cdf0
arpspoof_detect_host:       0x3cf44
asn1_decode  :       0x49064
fnord        :       0x49404
conversation :       0x4a208
portscan2    :       0x4c330
portscan2-ignorehosts:       0x4b3d8
-------------------------------------------------

-------------------------------------------------
 Keyword     |      Plugin Registered @
-------------------------------------------------
content      :      0x38cd0
content-list :      0x38c08
offset       :      0x38de8
depth        :      0x38f3c
nocase       :      0x39070
rawbytes     :      0x39118
regex        :      0x393e8
uricontent   :      0x38d5c
distance     :      0x39178
within       :      0x392b4
flags        :      0x3b310
itype        :      0x37144
icode        :      0x36bdc
ttl          :      0x3bc50
id           :      0x37b38
ack          :      0x3af38
seq          :      0x3b8a4
dsize        :      0x36794
ipopts       :      0x38278
rpc          :      0x3a450
icmp_id      :      0x36dc4
icmp_seq     :      0x36f84
session      :      0x3a9b0
tos          :      0x38054
fragbits     :      0x37494
fragoffset   :      0x37854
window       :      0x3ba08
ip_proto     :      0x37cbc
sameip       :      0x37f24
flow         :      0x3c188
-------------------------------------------------

-------------------------------------------------
 Keyword     |          Output @
-------------------------------------------------
alert_syslog :       0x2ddf4
log_tcpdump  :       0x31764
database     :       0x2f5c4
xml          :       0x31ca4
alert_fast   :       0x2d440
alert_full   :       0x2d948
alert_unixsock:       0x2e750
alert_CSV    :       0x2eb14
log_null     :       0x31694
log_unified  :       0x3594c
alert_unified:       0x35700
unified      :       0x34b10
log_ascii    :       0x35ef8
-------------------------------------------------

Parsing Rules file etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Conversation Config:
   KeepStats: 0
   Conv Count: 32000
   Timeout   : 60
   Alert Odd?: 0
   Allowed IP Protocols:  All
1273 Snort rules read...
1273 Option Chains linked into 133 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.0 (Build 209)
By Martin Roesch (roesch at ...402..., www.snort.org)

Program received signal SIGBUS, Bus error.
DecodeTCP (pkt=0x143c9a "", len=112, p=0xeffff270) at decode.c:1858
1858            ph.sip = (u_int32_t)(p->iph->ip_src.s_addr);
*(gdb) bt*
#0  DecodeTCP (pkt=0x143c9a "", len=112, p=0xeffff270) at decode.c:1858
#1  0x000142b8 in DecodeIP (pkt=0x143c86 "E\020", len=132, p=0xeffff270)
    at decode.c:1605
#2  0x00021c48 in ProcessPacket (user=0x0, pkthdr=0x84, pkt=0xeffff270 
"ïÿ÷h")
    at snort.c:544
#3  0x700474a0 in pcap_read_packet (handle=0x143ad8,
    callback=0x21c10 <ProcessPacket>, userdata=0x0) at ./pcap-linux.c:446
#4  0x700486c0 in pcap_loop (p=0x143ad8, cnt=-1,
    callback=0x21c10 <ProcessPacket>, user=0x0) at ./pcap.c:79
#5  0x00023638 in InterfaceThread (arg=0x8cff0) at snort.c:1637
#6  0x00021c08 in SnortMain (argc=577784, argv=0xeffffa34) at snort.c:514
#7  0x7014cc50 in __libc_start_main () from /lib/libc.so.6
*(gdb)*
*(gdb) set args -v
(gdb) run
*The program being debugged has been started already.
Start it from the beginning? (y or n) y

Starting program: /usr/local/src/snort-1.9.0/src/snort -v
Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface eth4

        --== Initializing Snort ==--
Decoding Ethernet on interface eth4

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.9.0 (Build 209)
By Martin Roesch (roesch at ...402..., www.snort.org)

Program received signal SIGBUS, Bus error.
DecodeTCP (pkt=0x143c9a "", len=112, p=0xeffff290) at decode.c:1858
1858            ph.sip = (u_int32_t)(p->iph->ip_src.s_addr);
*(gdb) bt*
#0  DecodeTCP (pkt=0x143c9a "", len=112, p=0xeffff290) at decode.c:1858
#1  0x000142b8 in DecodeIP (pkt=0x143c86 "E\020", len=132, p=0xeffff290)
    at decode.c:1605
#2  0x00021c48 in ProcessPacket (user=0x0, pkthdr=0x84,
    pkt=0xeffff290 "ïÿ÷\210") at snort.c:544
#3  0x700474a0 in pcap_read_packet (handle=0x143ad8,
    callback=0x21c10 <ProcessPacket>, userdata=0x0) at ./pcap-linux.c:446
#4  0x700486c0 in pcap_loop (p=0x143ad8, cnt=-1,
    callback=0x21c10 <ProcessPacket>, user=0x0) at ./pcap.c:79
#5  0x00023638 in InterfaceThread (arg=0x8cff0) at snort.c:1637
#6  0x00021c08 in SnortMain (argc=577784, argv=0xeffffa54) at snort.c:514
#7  0x7014cc50 in __libc_start_main () from /lib/libc.so.6






More information about the Snort-devel mailing list