[Snort-devel] Fwd: segfault in Snort 2.9.1 on reload

Dave Corsello dcorsello at ...3195...
Tue Oct 4 23:40:41 EDT 2011


System architecture: 32-bit guest running under VMware ESXi 4.1

1GB RAM.

OS: Ubuntu 10.04.3, 2.6.32-33-generic-pae kernel

Snort version: 2.9.1

Preprocessors loaded:

normalize_ip4
normalize_tcp: ips ecn stream
normalize_icmp4
normalize_ip6
normalize_icmp6
frag3_global
frag3_engine
stream5_global
stream5_tcp
http_inspect
http_inspect_server
rpc_decode
bo
ftp_telnet
ftp_telnet_protocol
smtp
ssh
dcerpc2
dcerpc2_server
dns
ssl
sensitive_data
sip
imap
pop

Dynamic Preprocessors loaded:

libsf_dce2_preproc.so
libsf_ssl_preproc.so
libsf_ssh_preproc.so
lib_sfdynamic_preprocessor_example.so
libsf_smtp_preproc.so
libsf_sdf_preproc.so
libsf_pop_preproc.so
libsf_imap_preproc.so
libsf_sip_preproc.so
libsf_ftptelnet_preproc.so
libsf_reputation_preproc.so
libsf_dns_preproc.so

Enabled rules: ips_policy=security (not using any so rules)

Output plugin: unified2

Command line switches:  /usr/local/bin/snort --daq nfq -c 
/etc/snort/snort.conf -Q -D

There are no Snort messages.  It's taking around 20 sec for Snort to reload.

Rules and config files are attached.

Error Message:

Oct  3 HH:MM:SS snort kernel: [247428.121545] snort[2580]: segfault at 
10c00 ip 080d1dbe sp bffe5bd0 error 4 in snort[8048000+115000]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20111004/e505770f/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: local.rules
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20111004/e505770f/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.rules
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20111004/e505770f/attachment-0001.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: threshold.conf
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20111004/e505770f/attachment-0002.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: snort.conf
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20111004/e505770f/attachment-0003.ksh>


More information about the Snort-devel mailing list