[Snort-users] snort 1.7 segmentation fault

Hammerle, Tye F. Tye.F.Hammerle at ...443...
Sun Jan 14 14:55:46 EST 2001


Here's what I got from gdb snort snort.core  This is on an OpenBSD 2.8 x386.

Guessing from the anonmsensor parts it's spade that that is killing me, I'll
try commenitng that out and see what happens. Someone else mentioned that
they needed to recomile libpcap. It looks like a bunch of the errors are
related to that. Maybe I should try to recompile libpcap? I wonder what
changed between snort 1.7b9 and 1.7 that would cause this? 'course that's
the $64k question I suppose.

I'm running pretty stock with http_decode, minfrag and portscan
preprocessors. The only thing I added was spade. I've commented out spade
and so far snort is still running, only 5 minutes but it wouldn't run 1
before.  Next I think I'll try recompiling libpcap.

Tye

# gdb snort snort.core
GNU gdb 4.16.1
Copyright 1996 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd2.8"...
Core was generated by `snort'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/lib/libpcap.so.1.1...done.
Reading symbols from /usr/lib/libm.so.0.1...done.
Reading symbols from /usr/lib/libssl.so.2.4...done.
Reading symbols from /usr/lib/libcrypto.so.2.4...done.
Reading symbols from /usr/lib/libc.so.25.2...done.
#0  0x24df8 in do_adapt3 () at spp_anomsensor.c:1282
1282            for (l=adapt3anoms; l != NULL; l=l->next)  l->val= 0.0;
(gdb) bt
#0  0x24df8 in do_adapt3 () at spp_anomsensor.c:1282
#1  0x24b15 in PreprocSpadeAdapt3 (p=0xdfbfd770) at spp_anomsensor.c:1216
#2  0xe824 in Preprocess (p=0xdfbfd770) at rules.c:3016
#3  0x1ff5 in ProcessPacket (user=0x0, pkthdr=0x4f000, pkt=0x4f012 "") at
snort.c:463
#4  0x4004f151 in pcap_read ()
#5  0x400605a7 in pcap_loop ()
#6  0x3ee9 in InterfaceThread (arg=0x0) at snort.c:1278
#7  0x1ee2 in main (argc=10, argv=0xdfbfdcb4) at snort.c:397
(gdb)







-----Original Message-----
From: Per Arne Enstad [mailto:Per.A.Enstad at ...1111...]
Sent: Sunday, January 14, 2001 12:13 PM
To: Tye F. Hammerle
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] snort 1.7 segmentation fault 


Try the same procudere as Marty instructed me to perform:

---
gdb snort snort.core

then at the (gdb) prompt:

bt
---

Any chance you are running the defrag preprocessor?
I obviously had a problem with it on FreeBSD, - after commenting out 
the defragger snort seems to be rock stable as I'm used to.

- Per Arne Enstad


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010114/a09d3a97/attachment.html>


More information about the Snort-users mailing list