[Snort-devel] snort SIGSEGV

Smit Smit lonely.ruyk at ...3184...
Wed Dec 26 04:42:02 EST 2012


Hello.

Please help me with my problem.
I use snort since April 2012 and it work fine but last one or two months sometimes one of my sensors dies from SIGSEGV

here is bt from gdb
#0  0x000000080190b7f5 in free () from /lib/libc.so.7
#1  0x0000000000496020 in Stream5DropSegment (seg=0x81b3a7040) at snort_stream5_tcp.c:3222
#2  0x00000000004960b7 in Stream5SeglistDeleteNode (st=0x80f9d8e00, seg=Variable "seg" is not available.
) at snort_stream5_tcp.c:9376
#3  0x00000000004a165f in CheckFlushPolicyOnAck (tcpssn=0x80f9d8e00, talker=0x80f9d8e00, listener=0x80f9d8f70, tdb=0x7fffffffc630, p=0x7fffffffc820)
    at snort_stream5_tcp.c:3337
#4  0x00000000004a6bad in ProcessTcp (lwssn=0x81c751270, p=0x7fffffffc820, tdb=0x7fffffffc630, s5TcpPolicy=0x811c07000) at snort_stream5_tcp.c:8804
#5  0x00000000004a9995 in Stream5ProcessTcp (p=0x7fffffffc820, lwssn=0x81c751270, s5TcpPolicy=0x811c07000, skey=0x7fffffffc740) at snort_stream5_tcp.c:5276
#6  0x0000000000482dd5 in Stream5Process (p=0x7fffffffc820, context=Variable "context" is not available.
) at spp_stream5.c:1422
#7  0x0000000000437ee8 in Preprocess (p=0x7fffffffc820) at detect.c:211
#8  0x000000000042d0d8 in ProcessPacket (p=0x7fffffffc820, pkthdr=Variable "pkthdr" is not available.
) at snort.c:1648
#9  0x000000000042f87d in PacketCallback (user=Variable "user" is not available.
) at snort.c:1508
#10 0x00000000004c8945 in pcap_process_loop ()
#11 0x0000000801229392 in pcap_create () from /usr/local/lib/libpcap.so.1
#12 0x00000000004c8d74 in pcap_daq_acquire ()
#13 0x0000000000447c7c in DAQ_Acquire (max=Variable "max" is not available.
) at sfdaq.c:541
#14 0x0000000000430bef in PacketLoop () at snort.c:2929
#15 0x0000000000431a05 in SnortMain (argc=1, argv=0x7fffffffd6a0) at snort.c:782
#16 0x000000000040470e in _start ()

(gdb) l snort_stream5_tcp.c:3222
3217
3218            if(seg->pktOrig != NULL)
3219            {
3220                mem_in_use -= seg->caplen;
3221                dropped += seg->caplen;
3222                free(seg->pktOrig);
3223                seg->pktOrig = NULL;
3224            }
3225
3226            mem_in_use -= sizeof(StreamSegment);


FreeBSD# snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40) FreeBSD
   ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 8.30 2012-02-04
           Using ZLIB version: 1.2.5

P.S.: Thanks and sorry for my English.




More information about the Snort-devel mailing list