[Snort-openappid] Segmentation Fault with reload of Snort OpenAppId

Costas Kleopa (ckleopa) ckleopa at ...5...
Mon May 19 11:49:53 EDT 2014


Thanks for your response. This is a known issue in which we have fixed in
a later release of snort with openappid.
We will be posting a new release with this fix included in the near future.

Thanks
Costas

>
>-------- Original Message --------
>
>
>
>Problem :-
>Getting a segmentation fault on reloading snort with OpenAppId
>preprocessor enabled.
>
>Snort Version -
>Version 2.9.7.0.alpha GRE (Build 29)
>Enabled openappid preprocessor
>Rules - None
>Snort Compiled & built using the openappid support.
>OS - Fedora Core 13
>
>*Steps to reproduce the bug*
>1)      Include preprocessor openappid in snort.conf file
>2)      Run snort
>3)      Reload snort by giving command kill ­SIGHUP <pid>
>4)      Snort reload gives a segmentation fault
>
>Debug information :-
>AppInfo read from /usr/local/lib/openappid/odp/appMapping.data
>Loading configuration file /usr/local/lib/openappid/odp/appid.conf
>AppId: adding appIds to list of referred web apps: 2032 1520 1306 1307
>1308 1310 1311 1312 1313 1314 1315 1316 137 1318 1319 1336 1337 1362
>1372 1373 1424 1425 1457 1491 1619 1656 1659 1720 1721 1722 1723 1724
>1725 1726 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740
>1741 1742 1743 1744 1745 1746 1747 1748 1750 1751 1752 1776 1778 1804
>1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863
>1864 1865 1866 1867 1869 1873 1874 1875 1876 1877 1878 1879 1881 1882
>1883 1884 1885 1886 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897
>1898 1899 1900 1903 1904 1905 1906 1907 1908 1909 1910 1912 1913 1919
>1920 1921 1923 1924 1925 1926 1928 1929 1930 1931 1933 1934 1935 1936
>1937 1938 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951
>1953 1955 1956 1957 1958 1959 1960
>AppId: adding appIds to list of referred web apps: 1963 1963 1964 1966
>1969 1970 1972 1973 1975 1976 1977 1978 1979 1980 1981 1983 1984 1985
>1986 1987 629 882 711 1393 1727 1728 1821 1992 1993 1806 1822 2022 2021
>2129 2131 1460 1369 1392 2057 2062 1560 665 1458 929 761 2151 2157 2158
>2159 2162 2019 2072 1508 1063 2261
>Could not read configuration file
>/usr/local/lib/openappid/custom/userappid.conf
>Setting tracker size to 10000
>
>Program received signalSIGSEGV, Segmentation fault.
>0x0000000a in ?? ()
>
>*Stack trace : *
>(gdb) bt
>#0 0x0000000a in ?? ()
>#1 0x00feafdf in clean_module () at client_app_base.c:572
>#2 ReconfigureClientApp () at client_app_base.c:603
>#3 0x00fde635 in AppIdCommonReload () at commonAppMatcher.c:340
>#4 0x00fe7c17 in AppIdReloadSwap (sc=0x9bd00468, swap_config=0x0) at
>spp_appid.c:93
>#5 0x08070891 in SwapPreprocConfigurations (sc=0x9bd00468) at
>plugbase.c:1174
>#6 0x08075326 in CheckForReload (user=0x0, pkthdr=0xbffff07c,
>pkt=0xa78061c "E") at snort.c:675
>#7 PacketCallback (user=0x0, pkthdr=0xbffff07c, pkt=0xa78061c "E") at
>snort.c:1661
>#8 0x08129957 in daq_nfq_callback (qh=0x9f2f0f8, nfmsg=0xa7805e8,
>nfad=0xbffff0ec, data=0x9f33000) at daq_nfq.c:455
>#9 0x0097f3c8 in __nfq_rcv_pkt (nlh=0xa7805d8, nfa=0xbffff110,
>data=0x9f448d0) at libnetfilter_queue.c:191
>#10 0x007fbb03 in __nfnl_handle_msg (h=<value optimized out>, nlh=<value
>optimized out>, len=120) at libnfnetlink.c:1236
>#11 0x007fbb7a in nfnl_handle_packet (h=0x9f65e08, buf=<value optimized
>out>, len=<value optimized out>) at libnfnetlink.c:1256
>#12 0x0097fb4d in nfq_handle_packet (h=0x9f448d0, buf=0xa7805d8 "x",
>len=120) at libnetfilter_queue.c:566
>#13 0x08128fa8 in nfq_daq_acquire (handle=0x9f33000, c=0,
>callback=0x8075260 <PacketCallback>, metaback=0, user=0x0) at
>daq_nfq.c:530
>#14 0x08090d0b in DAQ_Acquire (max=0, callback=0x8075260
><PacketCallback>, user=0x0) at sfdaq.c:541
>#15 0x080791b8 in PacketLoop (argc=4, argv=0xbffff3f4) at snort.c:3184
>#16 SnortMain (argc=4, argv=0xbffff3f4) at snort.c:896
>#17 0x080796f6 in main (argc=4, argv=0xbffff3f4) at snort.c:803
>
>
>





More information about the Snort-openappid mailing list