[Snort-users] Snort 2.1.3rc1 core dump

Gary_Portnoy at ...11307... Gary_Portnoy at ...11307...
Wed May 26 13:53:02 EDT 2004


So if it's not one thing, it's another...

Snort decided to start dumping core on me in totally unpredictible ways. 
It runs for a while, dies, runs for a while dies.  Sometimes it runs for 
15 hours before dying, sometimes I can't even get it to stay up for 2 
minutes.  I have a cron job that checks on the process and restarts it, 
and it usually has to restart it 3-5 times a day.

I am pretty clueless with a debugger, and after taking a look at the FAQ 
and reading some sites decided to give it a try.  Let's just say that the 
results are less than revealing.  So I am hoping that someone here would 
be able to offer some insight.

Here is the output of the debugger:

ids01:/ # gdb snort core
GNU gdb 5.2
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you 
are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "sparc-sun-solaris2.8"...
Core was generated by `/local/sbin/snort -dvezoDi qfe0 -c 
/private/etc/snort/etc/snort.conf -l /v'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /local/lib/libpcre.so.0...done.
Loaded symbols for /local/lib/libpcre.so.0
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Ultra-2/lib/libc_psr.so.1
Reading symbols from /usr/lib/nss_files.so.1...done.
Loaded symbols for /usr/lib/nss_files.so.1
#0  0x0003ab5c in ubi_btInitNode ()
(gdb) where
#0  0x0003ab5c in ubi_btInitNode ()
#1  0x0003ac6c in ubi_btInsert ()
#2  0x0003b9a8 in ubi_sptInsert ()
#3  0x0006f058 in CreateNewSession ()
#4  0x0006cdc4 in ReassembleStream4 ()
#5  0x0003f76c in Preprocess ()
#6  0x00036400 in ProcessPacket ()
#7  0x000a2240 in pcap_read_dlpi ()
#8  0x000a35dc in pcap_loop ()
#9  0x00038378 in InterfaceThread ()
#10 0x000361d0 in SnortMain ()
#11 0x00035790 in main ()
(gdb) ba
#0  0x0003ab5c in ubi_btInitNode ()
#1  0x0003ac6c in ubi_btInsert ()
#2  0x0003b9a8 in ubi_sptInsert ()
#3  0x0006f058 in CreateNewSession ()
#4  0x0006cdc4 in ReassembleStream4 ()
#5  0x0003f76c in Preprocess ()
#6  0x00036400 in ProcessPacket ()
#7  0x000a2240 in pcap_read_dlpi ()
#8  0x000a35dc in pcap_loop ()
#9  0x00038378 in InterfaceThread ()
#10 0x000361d0 in SnortMain ()
#11 0x00035790 in main ()
(gdb)

Huh???

-------------------------------------------
Gary Portnoy






-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
This message is for the named person's use only. This communication is for 
informational purposes only and has been obtained from sources believed to 
be reliable, but it is not necessarily complete and its accuracy cannot be 
guaranteed. It is not intended as an offer or solicitation for the purchase
or sale of any financial instrument or as an official confirmation of any
transaction. Moreover, this material should not be construed to contain any
recommendation regarding, or opinion concerning, any security. It may
contain confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute, 
print, or copy any part of this message if you are not the intended 
recipient.  Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is 
authorized to state them to be the views of any such entity.

ITG Inc. reserves the right to monitor and archive all electronic 
communications through its network. 

ITG Inc. Member NASD, SIPC
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-





More information about the Snort-users mailing list