[Snort-users] Segfault under 2.4.11-pre1

Jean-Francois Nadeau jna at ...3668...
Tue Oct 2 10:17:02 EDT 2001


My problem is fixed now.....  I was using an old snort.conf file.  I dont
know what snort didnt liked from the old 1.7 config file.

Sorry for this "false positive" ;)

-----Original Message-----
From: roman at ...438... [mailto:roman at ...438...]
Sent: Tuesday, October 02, 2001 7:57 AM
To: jna at ...3668...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Segfault under 2.4.11-pre1


A backtrace from gdb would be really helpful in addition to the strace.

Likewise, try running snort without the -D option to get additional
debugging messages.

Roman

> Hi !
>
> I use SNORT-release-1.8.1 with libpcap 0.6.2 under linux 2.4.8 and
> 2.4.11-pre1 redhat 6.2.
>
> I got a segfault when starting snort with :
>
> /usr/local/bin/snort -c /etc/snort.conf -i eth0 -D -N -s
>
> Here is the last line of my strace :
> ----------------------------
> write(1, "Initializing rule chains...\n", 28Initializing rule chains...
> ) = 28
> stat("/etc/snort.conf", {st_mode=S_IFREG|0644, st_size=18031, ...}) = 0
> open("/etc/snort.conf", O_RDONLY)       = 4
> fstat64(0x4, 0xbffff464)                = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0)
> = 0x40016000
> read(4, "#-------------------------------"..., 4096) = 4096
> read(4, "rguments loads the defaults (tim"..., 4096) = 4096
> read(4, "acing it with \n# a normalized re"..., 4096) = 4096
> open("/var/log/snort/portscan.log", O_RDWR|O_APPEND|O_CREAT, 0666) = 5
> fstat64(0x5, 0xbfffd2f4)                = 0
> old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0)
> = 0x40017000
> fstat64(0x5, 0xbfffd3bc)                = 0
> _llseek(5, 4096, [4096], SEEK_SET)      = 0
> read(5, ":09 172.16.20.16:53 -> 172.16.20"..., 1373) = 1373
> write(1, "Using LOCAL time\n", 17Using LOCAL time
> )      = 17
> --- SIGSEGV (Segmentation fault) ---
> +++ killed by SIGSEGV +++
> ----------------------------
>
> Anoyone got this under 2.4.x kernels ?
>
> Jean-Francois Nadeau
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/





More information about the Snort-users mailing list