[Snort-devel] snort SIGSEGV

Russ Combs rcombs at ...402...
Wed Jan 2 12:54:22 EST 2013


Hi - thanks for reporting the issue.  I thought we had fixed something like
this but can't locate a change to fix it.  Can you reproduce this issue?
It would be great to get a pcap and conf.  Otherwise, upgrading may be your
quickest way around it.

Thanks
Russ

On Wed, Dec 26, 2012 at 4:42 AM, Smit Smit <lonely.ruyk at ...3184...> wrote:

> Hello.
>
> Please help me with my problem.
> I use snort since April 2012 and it work fine but last one or two months
> sometimes one of my sensors dies from SIGSEGV
>
> here is bt from gdb
> #0  0x000000080190b7f5 in free () from /lib/libc.so.7
> #1  0x0000000000496020 in Stream5DropSegment (seg=0x81b3a7040) at
> snort_stream5_tcp.c:3222
> #2  0x00000000004960b7 in Stream5SeglistDeleteNode (st=0x80f9d8e00,
> seg=Variable "seg" is not available.
> ) at snort_stream5_tcp.c:9376
> #3  0x00000000004a165f in CheckFlushPolicyOnAck (tcpssn=0x80f9d8e00,
> talker=0x80f9d8e00, listener=0x80f9d8f70, tdb=0x7fffffffc630,
> p=0x7fffffffc820)
>     at snort_stream5_tcp.c:3337
> #4  0x00000000004a6bad in ProcessTcp (lwssn=0x81c751270, p=0x7fffffffc820,
> tdb=0x7fffffffc630, s5TcpPolicy=0x811c07000) at snort_stream5_tcp.c:8804
> #5  0x00000000004a9995 in Stream5ProcessTcp (p=0x7fffffffc820,
> lwssn=0x81c751270, s5TcpPolicy=0x811c07000, skey=0x7fffffffc740) at
> snort_stream5_tcp.c:5276
> #6  0x0000000000482dd5 in Stream5Process (p=0x7fffffffc820,
> context=Variable "context" is not available.
> ) at spp_stream5.c:1422
> #7  0x0000000000437ee8 in Preprocess (p=0x7fffffffc820) at detect.c:211
> #8  0x000000000042d0d8 in ProcessPacket (p=0x7fffffffc820, pkthdr=Variable
> "pkthdr" is not available.
> ) at snort.c:1648
> #9  0x000000000042f87d in PacketCallback (user=Variable "user" is not
> available.
> ) at snort.c:1508
> #10 0x00000000004c8945 in pcap_process_loop ()
> #11 0x0000000801229392 in pcap_create () from /usr/local/lib/libpcap.so.1
> #12 0x00000000004c8d74 in pcap_daq_acquire ()
> #13 0x0000000000447c7c in DAQ_Acquire (max=Variable "max" is not available.
> ) at sfdaq.c:541
> #14 0x0000000000430bef in PacketLoop () at snort.c:2929
> #15 0x0000000000431a05 in SnortMain (argc=1, argv=0x7fffffffd6a0) at
> snort.c:782
> #16 0x000000000040470e in _start ()
>
> (gdb) l snort_stream5_tcp.c:3222
> 3217
> 3218            if(seg->pktOrig != NULL)
> 3219            {
> 3220                mem_in_use -= seg->caplen;
> 3221                dropped += seg->caplen;
> 3222                free(seg->pktOrig);
> 3223                seg->pktOrig = NULL;
> 3224            }
> 3225
> 3226            mem_in_use -= sizeof(StreamSegment);
>
>
> FreeBSD# snort -V
>
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.9.3.1 IPv6 GRE (Build 40) FreeBSD
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team
>            Copyright (C) 1998-2012 Sourcefire, Inc., et al.
>            Using libpcap version 1.1.1
>            Using PCRE version: 8.30 2012-02-04
>            Using ZLIB version: 1.2.5
>
> P.S.: Thanks and sorry for my English.
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130102/b8043704/attachment.html>


More information about the Snort-devel mailing list