Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 1.8p1 core dump in daemon mode

From: Patrick Hawley <phawley () ociweb com>
Date: Thu, 19 Jul 2001 15:41:09 -0500 (CDT)
On Thu, 19 Jul 2001, Martin Roesch wrote:

I'm running snort-1.8p1 (which seems to respond to snort -V in the same
manner as snort-1.8-RELEASE: Version 1.8-RELEASE (Build 43)), built from
source on RH7.0 (2.2.19-7.0.1), in daemon mode from the command line, and
it generally runs for a few hours, then dumps core at some point (if I
knew when this was occuring - what was causing it - I wouldn't be wasting
your time with this email! ;).

You should download the latest CVS code and try it, I've been working on
the stream4 code a bit to improve its stability.  One thing that'd be
nice would be if you could run a backtrace ('bt') in gdb so that I can
see the function call sequence more that led up to the crash more
clearly.


Well, CVS code ran longer for me than 1.8p1, but did dump after 1.5 hrs.

...back trace info follows...as usual, please let me know what else I
may provide, and as always, thanks in advance! ;)

Patrick

#0  Rotate (p=0x809c74c) at ubi_SplayTree.c:212
#1  0x8072449 in Splay (SplayWithMe=0x809c74c) at ubi_SplayTree.c:252
#2  0x80724d5 in ubi_sptRemove (RootPtr=0x809c74c, DeadNode=0x809c74c)
    at ubi_SplayTree.c:346
#3  0x80753a0 in DeleteSession (ssn=0x809c74c, time=995574774)
    at spp_stream4.c:2194
#4  0x807575d in PruneSessionCache (thetime=995574774, mustdie=0)
    at spp_stream4.c:2375
#5  0x80740b3 in ReassembleStream4 (p=0xbffff450) at spp_stream4.c:1237
#6  0x8055c06 in Preprocess (p=0xbffff450) at rules.c:3427
#7  0x804b4fb in ProcessPacket (user=0x0, pkthdr=0xbffff910, pkt=0x80d287a
"")
    at snort.c:512
#8  0x8077c12 in pcap_read ()
#9  0x80785cf in pcap_loop ()
#10 0x804c8a0 in InterfaceThread (arg=0x0) at snort.c:1441
#11 0x804b3cb in main (argc=9, argv=0xbffffaf4) at snort.c:445
#12 0x40153b5c in __libc_start_main (main=0x804ad6c <main>, argc=9,
    ubp_av=0xbffffaf4, init=0x804a240 <_init>, fini=0x808205c <_fini>,
    rtld_fini=0x4000d634 <_dl_fini>, stack_end=0xbffffaec)
    at ../sysdeps/generic/libc-start.c:129


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: