[Snort-devel] Bus error w/ Snort 2.0

Paul Whittenburg paul at ...2079...
Mon Jul 14 09:31:03 EDT 2003


Hi,

I'm setting up a few sensors and am having a problem where Snort core dumps
after running for a while. Here are the specifics of my environment:

Solaris 9 4/03 with the latest recommended patches installed on a Sun Netra
T1 (Sparc). I compiled Snort 2.0.0 w/ gcc 3.3 and updated the rules. My
snort.conf is pretty standard - I'm not trying anything tricky. I'm listening
on a stealth interface (hme0).

-rw-------   1 root     other    117349408 Jul 11 14:06 core

Core was generated by `/usr/local/bin/snort -c /etc/snort/rules/snort.conf -d 
-i hme0 -l /var/log/snort -q'.

Program terminated with signal 10, Bus error.

#0  otnx_match (id=1073768206, index=22, data=0x8de6c) at fpdetect.c:622
622     fpdetect.c: No such file or directory.
         in fpdetect.c

(gdb) bt
#0  otnx_match (id=1073768206, index=22, data=0x8de6c) at fpdetect.c:622
#1  0x00033684 in mwmSearchExNoBC (ps=0x1cb2730,
     Tx=0x8df90 
"/CGI-BIN/FORSALE-QUERY.PL?OWNER=ON&DEALER=ON&FS=ON&WTB=ON&1100=ON&1200=ON&1000=ON&1101=ON&1001=ON&1003=ON&TIME=1&BUYERZIP=60143P9)\031'",
     n=105,
     Tc=0x10f120 
"/cgi-bin/forsale-query.pl?owner=on&dealer=on&fs=on&wtb=on&1100=on&1200=on&1000=on&1101=on&1001=on&1003=on&time=1&buyerzip=60143",
     match=0x31cbc <otnx_match>, data=0x8de6c) at mwm.c:965
#2  0x00034070 in mwmSearch (pv=0x1cb2730,
     T=0x10f120 
"/cgi-bin/forsale-query.pl?owner=on&dealer=on&fs=on&wtb=on&1100=on&1200=on&1000=on&1101=on&1001=on&1003=on&time=1&buyerzip=60143", 
n=127,
     match=0x31cbc <otnx_match>, data=0x8de6c) at mwm.c:1402
#3  0x000322dc in fpEvalHeaderSW (port_group=0x8a9af8, p=0xffbff610,
     check_ports=1) at fpdetect.c:869
#4  0x00032028 in fpEvalHeaderTcp (p=0xffbff610) at fpdetect.c:1125
#5  0x00031e7c in fpEvalPacket (p=0xffbff610) at fpdetect.c:1288
#6  0x0002e754 in Detect (p=0xffbff610) at detect.c:283
#7  0x0002e3ec in Preprocess (p=0xffbff610) at detect.c:104
#8  0x0002877c in ProcessPacket (user=0x0, pkthdr=0xffff,
     pkt=0xffbff610 "?{\030") at snort.c:595
#9  0x000539a8 in pcap_read ()
#10 0x00054b14 in pcap_loop ()
#11 0x00029db0 in InterfaceThread (arg=0x1612e0) at snort.c:1518
#12 0x00028674 in SnortMain (argc=1446624, argv=0xffbffd44) at snort.c:537

I can supply more examples of back traces if needed. If any other information
would be helpful, I can supply that also. Thanks.

-- 
   Paul Whittenburg
  <paul at ...2079...>





More information about the Snort-devel mailing list