[Snort-users] Coredump - 1.7 - defrag.

Scott A. McIntyre scott at ...1050...
Thu Jan 25 06:28:12 EST 2001


I'm putting 1.7 through its paces but have found it to die pretty darn
quickly with high throughput on a redhat 7 box, 2.4 kernel.

Here's the dump:

Loaded symbols for /lib/libnss_nis.so.2
#0  0x805bc47 in fragcompare (i=0x8b7c5d0, j=0x8b7c5d0) at spp_defrag.c:171
171         if(SADDR(i) > SADDR(j))

(gdb) bt

#0  0x805bc47 in fragcompare (i=0x8b7c5d0, j=0x8b7c5d0) at spp_defrag.c:171
#1  0x805bdeb in fragsplay (i=0x8b7c5d0, t=0x84c2bc8) at spp_defrag.c:244
#2  0x805bfba in fragdelete (i=0x8b7c5d0, t=0x84c2bc8) at spp_defrag.c:378
#3  0x805c74c in PreprocDefrag (p=0xbffff608) at spp_defrag.c:938
#4  0x8054226 in Preprocess (p=0xbffff608) at rules.c:3016
#5  0x804b56f in ProcessPacket (user=0x0, pkthdr=0xbffffa78, pkt=0x80902e8 "") at snort.c:463
#6  0x806adb0 in pcap_read_packet ()
#7  0x806bb3b in pcap_loop ()
#8  0x804c449 in InterfaceThread (arg=0x0) at snort.c:1278
#9  0x804b43f in main (argc=6, argv=0xbffffc2c) at snort.c:397
#10 0x4019fb5c in __libc_start_main (main=0x804aebc <main>, argc=6, ubp_av=0xbffffc2c, init=0x804a294 <_init>,
    fini=0x8073ddc <_fini>, rtld_fini=0x4000d634 <_dl_fini>,
stack_end=0xbffffc24) at ../sysdeps/generic/libc-start.c:129

I suspect if I stop using the defragger it'll work better.  :-)  Will

More information about the Snort-users mailing list