[Snort-users] [rhelv5-list] snort 2.9.0 Centos 5.5

vincent at ...15035... vincent at ...15035...
Fri Nov 5 05:05:56 EDT 2010


Hi Russ,

Here's what I got:

[root at ...15044... x86_64]# gdb /usr/sbin/snort
GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/snort...Reading symbols from /usr/lib/debug/usr/sbin/snort-mysql.debug...
done.
(gdb) set args -i eth0
(gdb) r
Starting program: /usr/sbin/snort -i eth0

         --== Initializing Snort ==--
Initializing Output Plugins!
pcap DAQ configured to passive.
Acquiring network traffic from "eth0".

Program received signal SIGSEGV, Segmentation fault.
0x00000000004a072c in pcap_daq_start ()
(gdb) bt
#0  0x00000000004a072c in pcap_daq_start ()
#1  0x0000000000438974 in DAQ_Start () at ../../src/sfdaq.c:414
#2  0x0000000000424f2a in SnortMain (argc=3, argv=0x7fffffffe6d8) at 
../../src/snort.c:712
#3  0x000000323301d994 in __libc_start_main () from /lib64/libc.so.6
#4  0x00000000004046a9 in _start ()

Also, the last few lines of 'strace /usr/sbin/snort -i eth0' result in:

open("/proc/net/dev", O_RDONLY)         = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aeb64ab0000
read(3, "Inter-|   Receive               "..., 4096) = 571
close(3)                                = 0
munmap(0x2aeb64ab0000, 4096)            = 0
socket(PF_PACKET, SOCK_RAW, 768)        = 3
ioctl(3, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
ioctl(3, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=00:0c:29:8a:b8:dd}) = 0
ioctl(3, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=2}) = 0
bind(3, {sa_family=AF_PACKET, proto=0x03, if2, pkttype=PACKET_HOST, addr(0)={0, }, 20) = 0
getsockopt(3, SOL_SOCKET, SO_ERROR, [3676992137137750016], [4]) = 0
setsockopt(3, SOL_PACKET, PACKET_ADD_MEMBERSHIP, "\2\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
setsockopt(3, SOL_PACKET, 0x8 /* PACKET_??? */, [1], 4) = 0
setsockopt(3, SOL_PACKET, PACKET_RX_RING, "\0\20\0\0\234\2\0\0\6\0\0008\5\0\0", 16) = 0
mmap(NULL, 2736128, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2aeb64ab0000
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
ioctl(4, SIOCGIFADDR, {ifr_name="eth0", ifr_addr={AF_INET, 
inet_addr("192.168.128.157")}}) = 0
ioctl(4, SIOCGIFNETMASK, {ifr_name="eth0", ifr_netmask={AF_INET, 
inet_addr("255.255.255.0")}}) = 0
close(4)                                = 0
open("/proc/net/dev", O_RDONLY)         = 4
fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aeb64d4c000
read(4, "Inter-|   Receive               "..., 4096) = 571
close(4)                                = 0
munmap(0x2aeb64d4c000, 4096)            = 0
getsockopt(3, SOL_PACKET, PACKET_STATISTICS, "\16\0\0\0\0\0\0\0", [8]) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++


Since I got a proper backtrace, I'd be willing to help debug this 
further...

Where do you want me to send the core file?

Vincent

On Thu, 4 Nov 2010, Russ Combs wrote:

> Can you send a backtrace and a core file for the segfault?
>  
> Thanks
> Russ


More information about the Snort-users mailing list