Home page logo

snort logo Snort mailing list archives

Re: [rhelv5-list] snort 2.9.0 Centos 5.5
From: vincent () cojot name
Date: Thu, 4 Nov 2010 23:23:34 +0100 (CET)

Hi Ovidiu,

There were some other reports on snort-users that 2.9.0.x was segfaulting 
on rhel5.5. Like you already did, I found out that the segfault was 
related to libpcap1. I also noticed the following:

# snort -i eth0
# snort --daq pcap -i eth0
(segaults immediately after 'Initializing daemon mode')

# snort --daq afpacket -i eth0
(works fine but then it doesn't use pcap).

I do not know yet if we're running into this issue because of 
libpcap-1.1.1 or because of my own libpcap1 packaging. I would have to dig 
into the daq library and how it calls libpcap for that.

I'm CC'ing the snort-users list on this since it appears at least someone 
there (Jason Wallace) knows more about this issue. Jason said that getting 
rid of lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so in 
your snort.conf might fix that issue.



On Thu, 4 Nov 2010, Stanila Ovidiu wrote:

Hi Vincent,

  After allot of try and error tests I discovered that libpcap 1.1.1 was the 
culprit for the Segmentation fault error,  I managed after some anguishing 
compilations (i'm really new to the rpmbuild process, only 2 days ago ) to 
build a libpcap 1.0.0 rpm with the specs file from your build.
Thank you for all your help.


On 11/04/2010 07:58 PM, Stanila Ovidiu wrote:
Hello Vincent,

       Thanks allot for your help. I managed to pass that error and 
everything  builds just fine, but when i try to run snort i get segfault :
kernel: device eth0 entered promiscuous mode
Nov  4 10:50:30  kernel: snort[8650]: segfault at 0000000000000010 rip 
00000000004a072c rsp 00007fff7d712070 error 4
Nov  4 10:50:30  kernel: device eth0 left promiscuous mode
      I compiled manually these versions and all works just well, I don't 
know what the problem is. I'm at this since the morning and couldn't get 
some good rpm's. Can you tell me how did you make the libpcap 1.1.1 rpm?
      I will be glad if you can guide through some checks to see what is 
the problems.


On 11/04/2010 06:27 PM, vincent () cojot name wrote:

Hi Stanila,

I'm currently pushing rpms built with --enable-zlib on that 
website. I don't know if that will have any side-effects but I guess it 
won't hurt.

You got the daq_ipq.* errors because daq didn't build the daq_ipq* modules 
on your system (maybe due to a missing library). At any case, I've changed 
the spec file to be more 'flexible', which should help it build on your 
system (see daq-0.3-3.el5.src.rpm).

The updated list of RPMS is as follows:


I hope this helps,


On Thu, 4 Nov 2010, Stanila Ovidiu wrote:

Hi everybody,

     I installed Vincent's 
on my Centos 5.5 system and after the installation when i ran snort -c 
/etc/snort/snort.conf -T i got this error:

ERROR: /etc/snort/snort.conf(194) => Invalid keyword 'compress_depth' for 
'global' configuration.
Fatal Error, Quitting..

I read on snort forum that this error appears because snort isn't 
compiled with --enable-zlib option. So i installed the src rpm to try and 
compile again snort, but when running rpmbuild i got this error:

checking for daq_load_modules in -ldaq_static... no
  ERROR!  daq_static library not found, go get it from

I tried compiling daq separately, from src rpm provided by vincent,  but 
there i got this error:
RPM build errors:
   File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.la
   File not found: /tmp/daqrpm-0.3/usr/lib64/daq/daq_ipq.so

Could somebody help me, I'm all out of ideas.
I'm kind of new on compiling packages, so any help will be great.

Thank you for your time.

rhelv5-list mailing list
rhelv5-list () redhat com

rhelv5-list mailing list
rhelv5-list () redhat com

Vincent S. Cojot, Computer Engineering. STEP project. _.,-*~'`^`'~*-,._.,-*~
Ecole Polytechnique de Montreal, Comite Micro-Informatique. _.,-*~'`^`'~*-,.
Linux Xview/OpenLook resources page _.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'
http://step.polymtl.ca/~coyote  _.,-*~'`^`'~*-,._ coyote () NOSPAM4cojot name

They cannot scare me with their empty spaces
Between stars - on stars where no human race is
I have it in me so much nearer home
To scare myself with my own desert places.       - Robert Frost

The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]