[Snort-devel] Snort crash when reload rules with tag session

Netanel Maman netanelmaman0 at ...2499...
Sun Jun 1 08:29:01 EDT 2014


program received signal SIGSEGV, Segmentation fault. x0000000000000030 in
?? ()
(gdb) where 0 0x0000000000000030 in ?? ()

1 0x0000000000447e06 in CallLogFuncs (p=Oxee9680, message=0x545f20 "Tagged
Packet", head=ex16a1530, event=0x7fffffffdccO) at detect.c:373

2 0x0000000000447d1c in CheckTagging (p=0xee9688) at detect.c:341

3 0x0000000000447a44 in Preprocess (p=Oxee9688) at detect.c:267

4 0x00000000004395e4 in ProcessPacket (p=0xee9680, pkthdr=0x7fffffffe160,
pkt=0x7fffbf300840 "lI", ft=0x0) at snort.c:1867

5 0x0000000000439117 in PacketCallback (user=0x0, pkthdr=0x7fffffffe168,
pkt=0x7fffbf300840 "lI") at snort.c:1704 •

6 Ox00007fffbfd6e05e in pfring_daq_acquire (handle=0x18c51d0, cnt=0,
callback=<value optimized out>, metaback=<value optimized out>, user=0x0)
at daq_pfring_dna.c:681

7 Ox000000000045fe39 in DAQ Acquire (max=0, callback=0x438f7e
<PacketCallback>, user=0x0) at sfdaq.c:540

8 0x000000000043bd76 in Pac1etLoop () at snort.c:3210 •

9 Ox0000000000437f73 in SnortMain (argc=17, argv=0x7fffffffe398) at
snort.c:907

10 Ox0000000000437da5 in main (argc=17, argv=0x7fffffffe398) at snort.c:807
On May 29, 2014 8:44 PM, "Carter Waxman (cwaxman)" <cwaxman at ...3461...>
wrote:

>  Hello,
>
>  Could you please attach a backtrace from gdb?
>
>  Thanks,
> Carter
>
>   From: נתנאל ממן <netanelmaman0 at ...2499...>
> Date: Thursday, May 29, 2014 12:29 PM
> To: "snort-devel at lists.sourceforge.net" <snort-devel at lists.sourceforge.net
> >
> Subject: [Snort-devel] Snort crash when reload rules with tag session
>
>   Hello guys, please help me solve a stranger bug.
>
> I have rules with tag session option.
> When I'm reload conf via control socket the conf reload succesfully but
> crash one second after.
> When i reload the same rule without tag option, snort reload successfully.
> I think that snort free some important struct of tags, but i dont find
> which and where.
>
> The version of Snort you're running:
> 2.9.6.1
>
> Information on the rules you have enabled:
> General local rule with "tag:session,100,seconds;"
>
> How Snort was built:
> configure --enable-control-socket
> make
>
> Did you build from source:
> Yes
>
> Platform information:
> Centos 6.3 x86_64, kernel 2.6.32, intel 86
>
> Any output that may be helpful:
> gdb show that crash occur when call to log function after check tagging
> func in decode.c . Im faild to understand why.
>
> Thanks about your amazing work,
>
> net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140601/70e17868/attachment.html>


More information about the Snort-devel mailing list