Snort mailing list archives
preprocessor stream4_reassemble: both
From: Vjay LaRosa <vjayl () emc com>
Date: Mon, 04 Feb 2002 11:29:22 -0500
Hello,
I posted a while back with this same problem, I was curious if any one
else is having the
same trouble.
Versions with the problem.
Snort Version 1.9-dev (Build 91)
Snort Version 1.8.4-beta1 (Build 91)
When I run snort with the "preprocessor stream4_reassemble: both" line
in my snort.conf
I get a core dump after a few minutes of snort processing traffic. I
have been trying to figure
out what is wrong. I have attached some GDB output to this E-mail, but I
don't know what
to do? I have no debugging knowledge of C programming so any help would
be appreciated.
Thanks!
vjl
srems# gdb /opt/snort-test/bin/snort /opt/snort-
test/core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General
Public License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show
warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
warning: exec file is newer than core file.
Core was generated by `/opt/snort-test/bin/snort -i
qfe6 -c /opt/snort-test/conf
/snort.conf -l /opt/sn'.
Program terminated with signal 10, Bus Error.
#0 0x21d70 in DecodePPPoEPkt (p=0x6,
pkthdr=0xffbef800, pkt=0xb7d5a "")
at decode.c:1010
1010 ppppoe_tag = (PPPoE_Tag *)((char *)
(ppppoe_tag+1)+ntohs(tag.leng
th));
(gdb) where
#0 0x21d70 in DecodePPPoEPkt (p=0x6,
pkthdr=0xffbef800, pkt=0xb7d5a "")
at decode.c:1010
#1 0x2224c in DecodeIP (pkt=0x537c48 "",
len=2828993560, p=0xa0b48c00)
at decode.c:1271
#2 0x36a80 in PreprocUrlDecode (p=0x0) at
spp_http_decode.c:336
#3 0x34648 in ParseTCPFlags (rule=0x0, otn=0x0) at
sp_tcp_flag_check.c:162
#4 0x24138 in mSplit (str=0x0, sep=0x0, max_strs=0,
toks=0x0, meta=0 '\000')
at mstring.c:111
#5 0x1eb60 in PrintIpOptions (fp=0xffbef800, p=0x0)
at log.c:2079
#6 0x376dc in CreateNodeList (servers=0x1805c "\027")
at spp_http_decode.c:565
#7 0x38310 in ExpireConnections (scanList=0x0,
watchPeriod={tv_sec = 86148,
tv_usec = 0}, currentTime={tv_sec = 2147433618,
tv_usec = 16777216})
at spp_portscan.c:501
#8 0x201f0 in DecodeEthPkt (p=0x3c59c4b3, pkthdr=0x0,
pkt=0x0) at decode.c:98
#9 0x1e9fc in PrintIpOptions (fp=0x0, p=0x0) at
log.c:2050
(gdb) bt
#0 0x21d70 in DecodePPPoEPkt (p=0x6,
pkthdr=0xffbef800, pkt=0xb7d5a "")
at decode.c:1010
#1 0x2224c in DecodeIP (pkt=0x537c48 "",
len=2828993560, p=0xa0b48c00)
at decode.c:1271
#2 0x36a80 in PreprocUrlDecode (p=0x0) at
spp_http_decode.c:336
#3 0x34648 in ParseTCPFlags (rule=0x0, otn=0x0) at
sp_tcp_flag_check.c:162
#4 0x24138 in mSplit (str=0x0, sep=0x0, max_strs=0,
toks=0x0, meta=0 '\000')
at mstring.c:111
#5 0x1eb60 in PrintIpOptions (fp=0xffbef800, p=0x0)
at log.c:2079
#6 0x376dc in CreateNodeList (servers=0x1805c "\027")
at spp_http_decode.c:565
#7 0x38310 in ExpireConnections (scanList=0x0,
watchPeriod={tv_sec = 86148,
tv_usec = 0}, currentTime={tv_sec = 2147433618,
tv_usec = 16777216})
at spp_portscan.c:501
#8 0x201f0 in DecodeEthPkt (p=0x3c59c4b3, pkthdr=0x0,
pkt=0x0) at decode.c:98
#9 0x1e9fc in PrintIpOptions (fp=0x0, p=0x0) at
log.c:2050
--
V.Jay LaRosa EMC Corporation
Systems Administrator 171 South Street
(508)435-1000 ext 14957 Hopkinton, MA 01748
(508)497-8082 fax www.emc.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- preprocessor stream4_reassemble: both Vjay LaRosa (Feb 04)