[Snort-users] Snort-inline issue

Amit Kumar Gupta amitkumar.gupta at ...7853...
Tue Jan 7 03:45:04 EST 2003


And one more thing, I found that it is mainly failing in the case where the fragment bit is set. (Means Core Dump is coming after those packets for which Frag bit is set).

Sorry to provide the incomplete information in the first instance.

Regards,
AMit


-----Original Message-----
From:	Amit Kumar Gupta
Sent:	Tue 1/7/2003 4:44 PM
To:	snort-users at lists.sourceforge.net
Cc:	
Subject:	[Snort-users] Snort-inline issue

Hi list,

I have compiled snort-inline and was using it.
I gave the following command :-
snort -vde -l /var/log/snort/
It gives the core dump. (consistently in OPenLogFile function),
The backtrace of the core file is attached below. 
However, if i try independently i.e either printing on the screen or writing into a file one at a time then it succeeds.

Any clues, list?

The core backtrace is :-


0x400e1341 in chunk_alloc (ar_ptr=0x4018af00, nb=368) at malloc.c:2781
#1  0x400e113a in __libc_malloc (bytes=364) at malloc.c:2714
#2  0x400d32b1 in _IO_new_fopen (filename=0xbfffea10 "/var/log/snort//10.114.5.10/TCP:58430-6000", 
    mode=0x808680e "a") at iofopen.c:48
#3  0x08064c7b in OpenLogFile (mode=0, p=0xbffff2c0) at spo_log_ascii.c:333
#4  0x0806486c in LogAscii (p=0xbffff2c0, msg=0x0, arg=0x0, event=0x0) at spo_log_ascii.c:122
#5  0x0805a64e in CallLogPlugins (p=0xbffff2c0, message=0x0, args=0x0, event=0x0) at detect.c:232
#6  0x080559a3 in ProcessPacket (user=0x0, pkthdr=0xbffff780, pkt=0x81525f8 "") at snort.c:586
#7  0x08072e5a in pcap_read_packet ()
#8  0x08073bf3 in pcap_loop ()
#9  0x08056d70 in InterfaceThread (arg=0x0) at snort.c:1659
#10 0x080558b6 in SnortMain (argc=4, argv=0xbffff974) at snort.c:531
#11 0x4007e177 in __libc_start_main (main=0x8055300 <main>, argc=4, ubp_av=0xbffff974, 
    init=0x80497d8 <_init>, fini=0x807beb0 <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff96c)
    at ../sysdeps/generic/libc-start.c:129


Regards,
Amit



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld =omething 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users







More information about the Snort-users mailing list