[Snort-users] [rhelv5-list] snort 2.9.0 Centos 5.5

vincent at ...15035... vincent at ...15035...
Mon Nov 8 05:54:49 EST 2010


Hi everyone,

Another quick followup: snort-2.9.0.1 works fine with libpcap-1.1.1 on 
RHEL5.5 if compiled with --disable-remote. I wonder if that libpcap 
feature is important to snort.. If not, then I'll just disable it for 
now..

Vincent

On Fri, 5 Nov 2010, vincent at ...15035... wrote:

>
> Hi Russ,
>
> Here's what I got:
>
> [root at ...15044... x86_64]# gdb /usr/sbin/snort
> GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-23.el5_5.2)
> Copyright (C) 2009 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/sbin/snort...Reading symbols from 
> /usr/lib/debug/usr/sbin/snort-mysql.debug...
> done.
> (gdb) set args -i eth0
> (gdb) r
> Starting program: /usr/sbin/snort -i eth0
>
>        --== Initializing Snort ==--
> Initializing Output Plugins!
> pcap DAQ configured to passive.
> Acquiring network traffic from "eth0".
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000004a072c in pcap_daq_start ()
> (gdb) bt
> #0  0x00000000004a072c in pcap_daq_start ()
> #1  0x0000000000438974 in DAQ_Start () at ../../src/sfdaq.c:414
> #2  0x0000000000424f2a in SnortMain (argc=3, argv=0x7fffffffe6d8) at 
> ../../src/snort.c:712
> #3  0x000000323301d994 in __libc_start_main () from /lib64/libc.so.6
> #4  0x00000000004046a9 in _start ()
>
> Also, the last few lines of 'strace /usr/sbin/snort -i eth0' result in:
>
> open("/proc/net/dev", O_RDONLY)         = 3
> fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x2aeb64ab0000
> read(3, "Inter-|   Receive               "..., 4096) = 571
> close(3)                                = 0
> munmap(0x2aeb64ab0000, 4096)            = 0
> socket(PF_PACKET, SOCK_RAW, 768)        = 3
> ioctl(3, SIOCGIFINDEX, {ifr_name="lo", ifr_index=1}) = 0
> ioctl(3, SIOCGIFHWADDR, {ifr_name="eth0", ifr_hwaddr=00:0c:29:8a:b8:dd}) = 0
> ioctl(3, SIOCGIFINDEX, {ifr_name="eth0", ifr_index=2}) = 0
> bind(3, {sa_family=AF_PACKET, proto=0x03, if2, pkttype=PACKET_HOST, 
> addr(0)={0, }, 20) = 0
> getsockopt(3, SOL_SOCKET, SO_ERROR, [3676992137137750016], [4]) = 0
> setsockopt(3, SOL_PACKET, PACKET_ADD_MEMBERSHIP, 
> "\2\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0", 16) = 0
> setsockopt(3, SOL_PACKET, 0x8 /* PACKET_??? */, [1], 4) = 0
> setsockopt(3, SOL_PACKET, PACKET_RX_RING, 
> "\0\20\0\0\234\2\0\0\6\0\0008\5\0\0", 16) = 0
> mmap(NULL, 2736128, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2aeb64ab0000
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4
> ioctl(4, SIOCGIFADDR, {ifr_name="eth0", ifr_addr={AF_INET, 
> inet_addr("192.168.128.157")}}) = 0
> ioctl(4, SIOCGIFNETMASK, {ifr_name="eth0", ifr_netmask={AF_INET, 
> inet_addr("255.255.255.0")}}) = 0
> close(4)                                = 0
> open("/proc/net/dev", O_RDONLY)         = 4
> fstat(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0x2aeb64d4c000
> read(4, "Inter-|   Receive               "..., 4096) = 571
> close(4)                                = 0
> munmap(0x2aeb64d4c000, 4096)            = 0
> getsockopt(3, SOL_PACKET, PACKET_STATISTICS, "\16\0\0\0\0\0\0\0", [8]) = 0
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> +++ killed by SIGSEGV +++
>
>




More information about the Snort-users mailing list