Snort mailing list archives
Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624
From: <Joshua.Kinard () us-cert gov>
Date: Fri, 7 Oct 2011 19:46:13 -0500
-----Original Message----- From: Russ Combs [mailto:rcombs () sourcefire com] Sent: Friday, October 07, 2011 8:29 AM Subject: Re: [Snort-devel] [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624
On Fri, Oct 7, 2011 at 7:20 AM, Russ Combs <rcombs () sourcefire com>
wrote:
Hey Joshua, Thanks for reporting this problem. I am unable to reproduce it
with my Ubuntu gcc 4.4.3.
No segfault with Fedora gcc 4.5.1 either.
Can you also send your ./configure and command lines?
I'm configuring via snort.conf and running with snort -c test.conf -r
2009-04-21-07-47-35.dmp -A cmg. Hi Russ, Minus --prefix and some of the --with-* overrides (because I am building this as an unprivileged user and have compiled the needed libraries in my home folder), this is my configure line: ./configure --enable-ipv6 --enable-zlib --enable-gre --enable-mpls --enable-decoder-preprocessor-rules --enable-pthread --enable-debug-msgs --enable-debug --enable-react --enable-flexresp3 --enable-normalizer --enable-perfprofiling My command line is this: snort -c local.rules -k none -A console --pcap-dir <dir>/ -q On a whim, I just tested using -r <pcap>, and that does not trigger the SIGSEGV. It does happen if you use --pcap-dir and have the referenced PCAP file in the target directory PLUS this SCTP sample from WireShark's Sample Captures: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&targe t=sctp-addip.cap Also, using --enable-sourcefire causes this SIGSEGV to disappear. What is that configure flag doing, exactly? Thanks!, --J ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Joshua.Kinard (Oct 06)
- Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs (Oct 07)
- Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs (Oct 07)
- Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Joshua.Kinard (Oct 07)
- Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs (Oct 08)
- Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs (Oct 07)
- Re: [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624 Russ Combs (Oct 07)