Hosting Provided By

[Snort-devel] Segfault on fun funy rule

From: Jason Monroe \ <monroe(at)nas.nasa.gov>
Date: Wed Feb 25 2004 - 23:25:50 EST

Hello Everybody,

Downloaded 2.1.1 built it against Fedora Core 1 pcre 4.4
libpcap-0.7.2-7.1

[root@Fedora1 root]# gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/specs Configured with: ../configure --prefix=/usr --mandir=/usr/share/man

--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit
--host=i386-redhat-linux

Thread model: posix
gcc version 3.3.2 20031022 (Red Hat Linux 3.3.2-1)

Have rule in local.rules that causes breakage

alert tcp any any -> any any (msg:"Telnet login as root";content:"root";nocase;flow:to_server:established;)

I mistakenly typed a ":" instead of "," between the flow statement

When I correct the rule snort is able to init correctly :)
(the glass is half full)

[root@Fedora1 root]# /opt/snort/bin/snort -T -v -c /etc/snort/snort.conf .... sparing details

Do you need help?

telnet_decode arguments:

Ports to decode telnet on: 21 23 25 119 Segmentation fault

I looked at the FAQ said DO GDB so here it is [root@Fedora1 root]# gdb snort
GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".

(gdb) run snort -T -v -c /etc/snort/snort.conf
Starting program: /opt/snort/bin/snort snort -T -v -c /etc/snort/snort.conf
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:

syntax error
PCAP command: snort
Fatal Error, Quitting..

Program exited with code 01.
(gdb) where

No stack.
(gdb) bt

No stack.

SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Wed Feb 25 23:30:22 2004

This message: [ Message body ]
Next message: Erek Adams: "[Snort-devel] Re: [Snort-users] Segfault on fun funy rule"
Previous message: Kumar, Manoj: "RE: [Snort-devel] SNORT has memory leak on Linux Red hat 9"
Next in thread: Erek Adams: "[Snort-devel] Re: [Snort-users] Segfault on fun funy rule"
Reply: Erek Adams: "[Snort-devel] Re: [Snort-users] Segfault on fun funy rule"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT

Do you need more help?