[Snort-users] core dump snort 2.0 freebsd 4.2

Ilya mail at ...3442...
Thu Jul 10 19:48:10 EDT 2003


Ive tried the -g instead of -ggdb and ran it from under gdb, i still get no more
info than i had before:

GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...(no debugging symbols
found)...
(gdb) set args  -c /usr/local/etc/snort.conf.1 -i fxp2
(gdb) run
Starting program: /usr/local/bin/snort -c /usr/local/etc/snort.conf.1 -i fxp2
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface fxp2

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface fxp2
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /usr/local/etc/snort.conf.1

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Conversation Config:
   KeepStats: 0
   Conv Count: 3000
   Timeout   : 60
   Alert Odd?: 0
   Allowed IP Protocols:  All
Portscan2 config:
    log: /var/log/snort/scan.log
    scanners_max: 256
    targets_max: 1024
    target_limit: 5
    port_limit: 20
    timeout: 60
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = dummy
database: password is set
database: database name = dummy
database:          host = dummy.dummy.dummy
database:   sensor name = dummy.dummy.dummy.dummy
database:     sensor id = 1
database: schema version = 106
database: using the "log" facility
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = dummy
database: password is set
database: database name = dummy
database:          host = dummy.dummy.dummy
database:   sensor name = dummydummydummy.dummy.dummy
database:     sensor id = 1
database: schema version = 106
database: using the "alert" facility
1536 Snort rules read...
1536 Option Chains linked into 200 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.0 (Build 72)
By Martin Roesch (roesch at ...1935..., www.snort.org)
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x8066dfc in strlcpy ()
(gdb) bt
(gdb) bt
#0  0x8066dfc in strlcpy ()
#1  0x8067d03 in strlcpy ()
#2  0x80683e3 in strlcpy ()
#3  0x80655e3 in strlcpy ()
#4  0x80652fb in strlcpy ()
#5  0x8064f60 in strlcpy ()
#6  0x8060c6c in strlcpy ()
#7  0x8060935 in strlcpy ()
#8  0x805a81b in sigprocmask ()
#9  0x280dae89 in pcap_read () from /usr/lib/libpcap.so.2
#10 0x280da9db in pcap_loop () from /usr/lib/libpcap.so.2
#11 0x805bbf8 in sigprocmask ()
#12 0x805a6c7 in sigprocmask ()
#13 0x805a0fa in sigprocmask ()
#14 0x804a1ba in sigprocmask ()
(gdb) where
#0  0x8066dfc in strlcpy ()
#1  0x8067d03 in strlcpy ()
#2  0x80683e3 in strlcpy ()
#3  0x80655e3 in strlcpy ()
#4  0x80652fb in strlcpy ()
#5  0x8064f60 in strlcpy ()
#6  0x8060c6c in strlcpy ()
#7  0x8060935 in strlcpy ()
#8  0x805a81b in sigprocmask ()
#9  0x280dae89 in pcap_read () from /usr/lib/libpcap.so.2
#10 0x280da9db in pcap_loop () from /usr/lib/libpcap.so.2
#11 0x805bbf8 in sigprocmask ()
#12 0x805a6c7 in sigprocmask ()
#13 0x805a0fa in sigprocmask ()
#14 0x804a1ba in sigprocmask ()
(gdb) info frame
Stack level 0, frame at 0xbfbff420:
 eip = 0x8066dfc in strlcpy; saved eip 0x8067d03
 called by frame at 0xbfbff470
 Arglist at 0xbfbff420, args:
 Locals at 0xbfbff420, Previous frame's sp is 0x0
 Saved registers:
  ebx at 0xbfbff408, ebp at 0xbfbff420, esi at 0xbfbff40c, eip at 0xbfbff424
(gdb) frame 0xbfbff470
No frame -1077939088
(gdb)
No frame -1077939088


On Tue, Jul 08, 2003 at 04:09:20PM -0400, Chris Green wrote:
> Ilya <mail at ...3442...> writes:
> 
> >  Hi ever since i upgraded to snort 2.0 on freebsd 4.2 box, it always dumps core
> > little while after start. 
> > i build snort with -ggdb, but it didnt add much to bt:
> 
> Try -g and running snort under gdb.
> 
> The following info is also required:
> 
> command line options
> snort.conf options
> 
> Cheers,
> Chris
> -- 
> Chris Green <cmg at ...1935...>
> Let not the sands of time get in your lunch.




More information about the Snort-users mailing list