[Snort-users] Snort 1.7-CanSec (Build 8) from CVS seg faulting

Jason Haar Jason.Haar at ...294...
Mon Mar 26 23:35:03 EST 2001

I've got this from the last couple of days, downloading from scratch from

This setup works fine with a Mar 15 CVS version. Compiled with libpcap-0.6.2-1
and MySQL-3.23.34-1 under Redhat 6.2/Linux 2.4.2.

[root at ...1673... log]# gdb /usr/bin/snort.cvs
GNU gdb 19991004
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
(gdb) r  -u snort -g snort -e -d -a -o -I -i eth1 -c /etc/snort/snort.conf
Starting program: /usr/bin/snort.cvs -u snort -g snort -e -d -a -o -I -i
eth1 -c /etc/snort/snort.conf

        --== Initializing Snort ==--
	Checking PID path...
	PATH_VARRUN is set to /var/run/ on this operating system
	Rule application order changed to Pass->Alert->Log
	Initializing Network Interface eth1
	WARNING: OpenPcap() device eth1 network lookup: 
	        eth1: no IPv4 address assigned
		Decoding Ethernet on interface eth1
		Initializing Preprocessors!
		Initializing Plug-ins!
		Initializating Output Plugins!
		Initializing rule chains...
		Using LOCAL time
		database: compiled support for ( mysql )
		database: configured to use mysql
		database: database name = snort
		database:          user = snort
		database: password is set
		database:          host = crom.trimble.co.nz
		database:   sensor name = crom.trimble.co.nz
		database:     sensor id = 4
		database: schema version = 100
		database: using the "log" facility
		xml_plugin: Logging to /var/log/snortxml
		xml_plugin: Using the "log" facility
		773 Snort rules read...
		773 Option Chains linked into 133 Chain Headers
		0 Dynamic rules
		Rule application order: ->pass->activation->dynamic->alert->log
		        --== Initialization Complete ==--
			-*> Snort! <*-
			Version 1.7-CanSec (Build 8)
			By Martin Roesch (roesch at ...66..., www.snort.org)
			Program received signal SIGSEGV, Segmentation fault.
			0x401fa487 in memcpy (dstpp=0x84dc344,
srcpp=0x8592ae8, len=4294967295)
    at ../sysdeps/generic/memcpy.c:55
    55      ../sysdeps/generic/memcpy.c: No such file or directory.
    (gdb) backtrace
    #0  0x401fa487 in memcpy (dstpp=0x84dc344, srcpp=0x8592ae8,
    at ../sysdeps/generic/memcpy.c:55
    #1  0x8062e7f in TcpStreamPruneSessions () at spp_tcp_stream.c:965
    #2  0x80624f9 in TcpStreamPacket (p=0xbffff264) at spp_tcp_stream.c:428
    #3  0x8054725 in Preprocess (p=0xbffff264) at rules.c:3234
    #4  0x804b358 in ProcessPacket (user=0x0, pkthdr=0xbffff6f4,
pkt=0x809a7b8 "")
    at snort.c:479
    #5  0x40035e8f in pcap_read_packet () from /usr/lib/libpcap.so.0
    #6  0x40035c91 in pcap_read () from /usr/lib/libpcap.so.0
    #7  0x40036d81 in pcap_loop () from /usr/lib/libpcap.so.0
    #8  0x804c4f3 in InterfaceThread (arg=0x0) at snort.c:1359
    #9  0x804b258 in main (argc=14, argv=0xbffff85c) at snort.c:413

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

More information about the Snort-users mailing list