[Snort-users] Coredump - 1.7 - defrag.

Martin Roesch roesch at ...421...
Sat Jan 27 00:37:13 EST 2001


Hey Scott, 
     Could you try this in gdb:

p i->iph
p j->iph

thanks!

   -Marty

"Scott A. McIntyre" wrote:
> 
> Hi,
> 
> I'm putting 1.7 through its paces but have found it to die pretty darn
> quickly with high throughput on a redhat 7 box, 2.4 kernel.
> 
> Here's the dump:
> 
> Loaded symbols for /lib/libnss_nis.so.2
> #0  0x805bc47 in fragcompare (i=0x8b7c5d0, j=0x8b7c5d0) at spp_defrag.c:171
> 171         if(SADDR(i) > SADDR(j))
> 
> (gdb) bt
> 
> #0  0x805bc47 in fragcompare (i=0x8b7c5d0, j=0x8b7c5d0) at spp_defrag.c:171
> #1  0x805bdeb in fragsplay (i=0x8b7c5d0, t=0x84c2bc8) at spp_defrag.c:244
> #2  0x805bfba in fragdelete (i=0x8b7c5d0, t=0x84c2bc8) at spp_defrag.c:378
> #3  0x805c74c in PreprocDefrag (p=0xbffff608) at spp_defrag.c:938
> #4  0x8054226 in Preprocess (p=0xbffff608) at rules.c:3016
> #5  0x804b56f in ProcessPacket (user=0x0, pkthdr=0xbffffa78, pkt=0x80902e8 "") at snort.c:463
> #6  0x806adb0 in pcap_read_packet ()
> #7  0x806bb3b in pcap_loop ()
> #8  0x804c449 in InterfaceThread (arg=0x0) at snort.c:1278
> #9  0x804b43f in main (argc=6, argv=0xbffffc2c) at snort.c:397
> #10 0x4019fb5c in __libc_start_main (main=0x804aebc <main>, argc=6, ubp_av=0xbffffc2c, init=0x804a294 <_init>,
>     fini=0x8073ddc <_fini>, rtld_fini=0x4000d634 <_dl_fini>,
> stack_end=0xbffffc24) at ../sysdeps/generic/libc-start.c:129
> 
> I suspect if I stop using the defragger it'll work better.  :-)  Will
> try...
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list