[Snort-users] Snort 1.7-CanSec (Build 8) from CVS seg faulting

Martin Roesch roesch at ...421...
Tue Mar 27 01:25:04 EST 2001


The new memory management code for the stream preprocessor still has a
few bugs in it, turn it off, use an old version, or wait for the fix.  I
believe that Chris is working on it... :)

     -Marty


Jason Haar wrote:
> 
> I've got this from the last couple of days, downloading from scratch from
> CVS...
> 
> This setup works fine with a Mar 15 CVS version. Compiled with libpcap-0.6.2-1
> and MySQL-3.23.34-1 under Redhat 6.2/Linux 2.4.2.
> 
> [root at ...1673... log]# gdb /usr/bin/snort.cvs
> GNU gdb 19991004
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-redhat-linux"...
> (gdb) r  -u snort -g snort -e -d -a -o -I -i eth1 -c /etc/snort/snort.conf
> Starting program: /usr/bin/snort.cvs -u snort -g snort -e -d -a -o -I -i
> eth1 -c /etc/snort/snort.conf
> 
>         --== Initializing Snort ==--
>         Checking PID path...
>         PATH_VARRUN is set to /var/run/ on this operating system
>         Rule application order changed to Pass->Alert->Log
> 
>         Initializing Network Interface eth1
>         WARNING: OpenPcap() device eth1 network lookup:
>                 eth1: no IPv4 address assigned
>                 Decoding Ethernet on interface eth1
>                 Initializing Preprocessors!
>                 Initializing Plug-ins!
>                 Initializating Output Plugins!
> 
>                 +++++++++++++++++++++++++++++++++++++++++++++++++++
>                 Initializing rule chains...
>                 Using LOCAL time
>                 database: compiled support for ( mysql )
>                 database: configured to use mysql
>                 database: database name = snort
>                 database:          user = snort
>                 database: password is set
>                 database:          host = crom.trimble.co.nz
>                 database:   sensor name = crom.trimble.co.nz
>                 database:     sensor id = 4
>                 database: schema version = 100
>                 database: using the "log" facility
>                 xml_plugin: Logging to /var/log/snortxml
>                 xml_plugin: Using the "log" facility
>                 773 Snort rules read...
>                 773 Option Chains linked into 133 Chain Headers
>                 0 Dynamic rules
>                 +++++++++++++++++++++++++++++++++++++++++++++++++++
> 
>                 Rule application order: ->pass->activation->dynamic->alert->log
> 
>                         --== Initialization Complete ==--
> 
>                         -*> Snort! <*-
>                         Version 1.7-CanSec (Build 8)
>                         By Martin Roesch (roesch at ...66..., www.snort.org)
> 
>                         Program received signal SIGSEGV, Segmentation fault.
>                         0x401fa487 in memcpy (dstpp=0x84dc344,
> srcpp=0x8592ae8, len=4294967295)
>     at ../sysdeps/generic/memcpy.c:55
>     55      ../sysdeps/generic/memcpy.c: No such file or directory.
>     (gdb) backtrace
>     #0  0x401fa487 in memcpy (dstpp=0x84dc344, srcpp=0x8592ae8,
> len=4294967295)
>     at ../sysdeps/generic/memcpy.c:55
>     #1  0x8062e7f in TcpStreamPruneSessions () at spp_tcp_stream.c:965
>     #2  0x80624f9 in TcpStreamPacket (p=0xbffff264) at spp_tcp_stream.c:428
>     #3  0x8054725 in Preprocess (p=0xbffff264) at rules.c:3234
>     #4  0x804b358 in ProcessPacket (user=0x0, pkthdr=0xbffff6f4,
> pkt=0x809a7b8 "")
>     at snort.c:479
>     #5  0x40035e8f in pcap_read_packet () from /usr/lib/libpcap.so.0
>     #6  0x40035c91 in pcap_read () from /usr/lib/libpcap.so.0
>     #7  0x40036d81 in pcap_loop () from /usr/lib/libpcap.so.0
>     #8  0x804c4f3 in InterfaceThread (arg=0x0) at snort.c:1359
>     #9  0x804b258 in main (argc=14, argv=0xbffff85c) at snort.c:413
> 
> 
> --
> Cheers
> 
> Jason Haar
> 
> Unix/Special Projects, Trimble NZ
> Phone: +64 3 9635 377 Fax: +64 3 9635 417
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list