[Snort-users] Re: snort startup problem

Brian Caswell bmc at ...312...
Tue Mar 13 21:06:22 EST 2001

Fyodor wrote:
> On Sun, Mar 11, 2001 at 09:49:40PM -0500, Martin Roesch wrote:
> > Looks like Apple has screwed something up, but try checking out the
> > latest daily tarball to see if it's fixed in the latest build (build
> > 3).  Here's the URL, try it out:
> >
> > http://snort.sourceforge.net/snort-daily.tar.gz
> >
> > Let me know how it goes!
> Daily snapshot should work there, cuz I changed behaviour of this piece...

I just pulled from CVS (to merge my changes for CSV) and it cores hard
on any alert.  I tried using gdb to attempt to figure out what was
wrong, but got nowhere quick.  -DDEBUG doesn't give much more
information either.  My rules and PCAP file are very simple, nothing
complex.  And the same rules/pcap worked before the changes that
happened today.  

If anyone wants the PCAP, config, or core just ask.  This was built on



$ ./snort -c ../rule -r /home/bmc/pcap/sidestep/dns-norm  -l /tmp/
Version 1.7 (Build 5)
By Martin Roesch (roesch at ...66..., www.snort.org)
Memory fault (core dumped)


Core was generated by `snort'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/lib/libpcap.so.1.1...done.
Reading symbols from /usr/lib/libm.so.0.1...done.
Reading symbols from /usr/lib/libssl.so.2.4...done.
Reading symbols from /usr/lib/libcrypto.so.2.4...done.
Reading symbols from /usr/lib/libc.so.25.2...done.
#0  0xdfbfd687 in ?? ()
(gdb) bt
#0  0xdfbfd687 in ?? ()
#1  0x38000000 in ?? ()
Cannot access memory at address 0x11dfbfd5.


[*] Rule Head 2
   => Got head match, checking options chain
   => Checking Option Node 2
   => Got rule match, rtn_idx type = 2
Triggering responses 0x0
Setting tags
        <!!> Generating alert! "UDP rule"
Logging Alert data!
   => Finishing alert packet!
Creating directory: /tmp//
Directory Created!
Opening file: /tmp//
File opened...
PrintIPPkt type = 17
Memory fault (core dumped)

More information about the Snort-users mailing list