[Snort-users] flexresp2 is back and needs testing

Pedro Fortuna pedro.fortuna at ...11827...
Wed Sep 8 18:02:13 EDT 2004


Jeff, I did, I used the sp_respond2.diff.gz you sent today directly to
my (other) mail box (pfeito_at_netcabo.pt) and to other 6 or 7 guys.

I'm going to repeat the process as I type this e-mail:

Installation (you can see filesize and confirm that it is version 1.0.1):
-rw-r--r--  1 root root  16414 Sep  9 02:55 sp_respond2.diff.gz

# gzip -d sp_respond2.diff.gz

-rw-r--r--  1 root root  66323 Sep  9 02:55 sp_respond2.diff

# patch –p0 < sp_respond2.diff
patching file configure.in
patching file doc/Makefile.am
patching file doc/README.FLEXRESP2
patching file src/parser.c
patching file src/plugbase.c
patching file src/snort.h
patching file src/detection-plugins/Makefile.am
patching file src/detection-plugins/sp_react.c
patching file src/detection-plugins/sp_react.h
patching file src/detection-plugins/sp_respond.c
patching file src/detection-plugins/sp_respond.h
patching file src/detection-plugins/sp_respond2.c
patching file src/detection-plugins/sp_respond2.h

# aclocal
# autoheader
# automake
# autoconf

# ./configure --with-mysql=/usr/local/mysql --enable-flexresp2
# make
# make install
# /etc/init.d/snort start
# grep "sp_respond" /var/log/messages
Sep  9 03:08:29 paco snort: FATAL ERROR: sp_respond2: Unable to
allocate hash table memory.

And Snort stops running.
I didnt saw this problem on the previous version that you sent me 2 or
3 weeks ago.

Any clues?

Best Regards,
Pedro Fortuna

On Wed, 8 Sep 2004 20:03:46 -0400, Jeff Nathan <jeff at ...950...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Pedro,
> 
> I sent two different patches.  Try the second one I sent (version
> 1.0.1), it had already contained a fix for that bug.
> 
> Thanks.
> 
> - -Jeff
> 
> On Sep 8, 2004, at 7:19 PM, Pedro Fortuna wrote:
> 
> > Hi Jeff,
> >
> > I recompiled snort 2.2.0 again with the new patch and I had no
> > problems. When I start Snort I get this error message in
> > /var/log/messages:
> >
> > Sep  9 01:14:46 fwall snort: FATAL ERROR: sp_respond2: Unable to
> > allocate hash table memory.
> >
> > I dont have a clue what could be, or if its an error that only occurs
> > in my system, with my current configuration. Doesnt seem to be out of
> > mem related since the system reported 20MB free.
> >
> > [root at ...12399... etc]# cat /proc/meminfo
> >         total:    used:    free:  shared: buffers:  cached:
> > Mem:  129114112 107544576 21569536        0  9756672 49917952
> > Swap: 271425536        0 271425536
> > MemTotal:       126088 kB
> > MemFree:         21064 kB
> > MemShared:           0 kB
> > Buffers:          9528 kB
> > Cached:          48748 kB
> > SwapCached:          0 kB
> > Active:          18664 kB
> > Inactive:        73152 kB
> > HighTotal:           0 kB
> > HighFree:            0 kB
> > LowTotal:       126088 kB
> > LowFree:         21064 kB
> > SwapTotal:      265064 kB
> > SwapFree:       265064 kB
> >
> > I'll wait for some feedback from other beta tester's.
> >
> > Best Regards,
> > Pedro Fortuna (AKA pfeito)
> >
> > On Wed, 8 Sep 2004 10:15:55 -0400, Jeff Nathan <jeff at ...950...> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >>
> >> On Sep 5, 2004, at 5:14 PM, Pedro Fortuna wrote:
> >>
> >>> Hi Jeff,
> >>>
> >>>  Did you had the time to work on it yet? My presentation must be
> >>> finished by 8th, so it would be great if a fixed version of flexresp2
> >>> would come out till then... if not, life goes on :)
> >>> Thanks,
> >>> -pfeito
> >>
> >> Yes, I finished a testable version.  It's in your inbox.  As for the
> >> rest of the snortees, anyone wishing to test this before it's imported
> >> into the tree should email me directly or find me on the freenode IRC
> >> channel.
> >>
> >> - -Jeff
> >>
> >> - --
> >> The most technical single-track security conference in the West.
> >> Vancouver B.C., Canada   April, 2004   http://cansecwest.com
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.2.4 (Darwin)
> >>
> >> iD8DBQFBPxQhEqr8+Gkj0/0RAs2sAJwOapqK+mpDRrtUp3Dk+D3UUOH6SwCfRtOu
> >> EnaK+AURB1G9DWMKPsSxUd4=
> >> =wtWj
> >> -----END PGP SIGNATURE-----
> >>
> >>
> >>
> 
> - --
> Packets gone wild.
> http://nemesis.sourceforge.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
> 
> iD8DBQFBP53mEqr8+Gkj0/0RAgiWAJ4tFo2cbH2Dp6CYXcDSJmYoD5cfEgCeOl7I
> wJWt4cl0xz6ftARmN33wdVA=
> =SdZr
> -----END PGP SIGNATURE-----
> 
>




More information about the Snort-users mailing list