[Snort-users] Core on FreeBSD

Robert D. Hughes rob at ...1932...
Mon Nov 5 06:03:05 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

When creating my snort.conf, I added the line "preprocessor
stream4_reassemble: both, ports default, alerts on". This causes a core
dump on FreeBSD 4.4-STABLE. If I just use "preprocessor
stream4_reassemble: both" it works. Using "preprocessor
stream4_reassemble: both, ports 21 23 25 53 80 143 110 111 513 8880 2953
2954" also works. Is there a known issue where using "ports default"
causes snort to core? This behavior also occurs if I use "ports all" as
is shown in the trace below.

Thanks,
Rob Hughes 
Voice (H) (972) 918-0980 
Voice (C) (214) 282-7996 
Email rob at ...1932...

#0  0x282a80b6 in vfprintf () from /usr/lib/libc.so.4
(gdb) where
#0  0x282a80b6 in vfprintf () from /usr/lib/libc.so.4
#1  0x282a6ec4 in fprintf () from /usr/lib/libc.so.4
#2  0x282a721a in vfprintf () from /usr/lib/libc.so.4
#3  0x804dbbb in FatalError (format=0x808d560 "ERROR %s(%d) => Bad
stream4_reassemble option specified: \"%s\"\n")
    at snort.c:2808
#4  0x807732f in Stream4InitReassembler (args=0x80ba400 "both, ports
all, alerts on") at spp_stream4.c:885
#5  0x8054966 in ParsePreprocessor (rule=0xbfbfd694 "preprocessor
stream4_reassemble: both, ports all, alerts on")
    at rules.c:1327
#6  0x805417b in ParseRule (rule_file=0x282cc800, 
    prule=0xbfbff744 "preprocessor stream4_reassemble: both, ports all,
alerts on", inclevel=0) at rules.c:539
#7  0x8053cd7 in ParseRulesFile (file=0x8097a78
"/usr/local/etc/snort/snort.conf", inclevel=0) at rules.c:198
#8  0x804b38a in main (argc=9, argv=0xbfbffbd8) at snort.c:335
#9  0x804ae85 in _start ()
(gdb) bt
#0  0x282a80b6 in vfprintf () from /usr/lib/libc.so.4
#1  0x282a6ec4 in fprintf () from /usr/lib/libc.so.4
#2  0x282a721a in vfprintf () from /usr/lib/libc.so.4
#3  0x804dbbb in FatalError (format=0x808d560 "ERROR %s(%d) => Bad
stream4_reassemble option specified: \"%s\"\n")
    at snort.c:2808
#4  0x807732f in Stream4InitReassembler (args=0x80ba400 "both, ports
all, alerts on") at spp_stream4.c:885
#5  0x8054966 in ParsePreprocessor (rule=0xbfbfd694 "preprocessor
stream4_reassemble: both, ports all, alerts on")
    at rules.c:1327
#6  0x805417b in ParseRule (rule_file=0x282cc800, 
    prule=0xbfbff744 "preprocessor stream4_reassemble: both, ports all,
alerts on", inclevel=0) at rules.c:539
#7  0x8053cd7 in ParseRulesFile (file=0x8097a78
"/usr/local/etc/snort/snort.conf", inclevel=0) at rules.c:198
#8  0x804b38a in main (argc=9, argv=0xbfbffbd8) at snort.c:335
#9  0x804ae85 in _start ()

___________________________________________

"Great spirits have always encountered violent opposition from mediocre
minds." -- Albert Einstein 

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBO+ab8Oa2P6TrxG1EEQItEgCcCo3I3p+6GsEU35h0X2LL0CnfgLsAmgKu
b+Xd8vX1V7SFkqcE+IJSSdrZ
=0Kjj
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGPexch.htm.asc
Type: application/octet-stream
Size: 1823 bytes
Desc: PGPexch.htm.asc
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011105/aafaf1a9/attachment.obj>


More information about the Snort-users mailing list