Erich.Meierinformatik.uni-erlangen.de

• Next message: Martin Roesch: "Re: [snort] 1.6-beta11 available [CVS & WWW]"
• Previous message: Martin Roesch: "Re: [snort] Rapidnet sig error?"
• In reply to: Scott A . McIntyre: "[snort] Sig11 on B11."
• Next in thread: Martin Roesch: "Re: [snort] Sig11 on B11."
• Reply: Erich Meier: "Re: [snort] Sig11 on B11."
• Reply: Martin Roesch: "Re: [snort] Sig11 on B11."
• Reply: CyberPsychotic: "Re: [snort] Sig11 on B11."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 07, 2000 at 02:46:39PM -0500, Scott A . McIntyre wrote:
> Beta 11 dies pretty quickly for me:
>
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/libexec/ld.so...done.
> Reading symbols from /usr/lib/libpcap.so.0.0...done.
> Reading symbols from /usr/lib/libc.so.12.40...done.
> #0 0x0 in ?? ()
> (gdb) where
> #0 0x0 in ?? ()
> #1 0xa910 in EvalHeader (rtn_idx=0x34b00, p=0xefbfd2e4) at rules.c:2593
> #2 0xa8b5 in EvalPacket (List=0x170a0, mode=2, p=0xefbfd2e4) at
> rules.c:2513
> #3 0xa841 in Detect (p=0xefbfd2e4) at rules.c:2443
> #4 0xa77c in Preprocess (p=0xefbfd2e4) at rules.c:2348
> #5 0x1cf2 in ProcessPacket (user=0x0, pkthdr=0x31ee4, pkt=0x31ef6 "")
> at snort.c:334
> #6 0x40037d91 in pcap_read ()
> #7 0x4003828f in pcap_dispatch ()
> #8 0x400382c7 in pcap_loop ()

I saw exactly the same core dump on Solaris 2.6 when using the rapidnet
ruleset. The problem went away mysteriously and I couldn't reproduce it.

Erich

• Next message: Martin Roesch: "Re: [snort] 1.6-beta11 available [CVS & WWW]"
• Previous message: Martin Roesch: "Re: [snort] Rapidnet sig error?"
• In reply to: Scott A . McIntyre: "[snort] Sig11 on B11."
• Next in thread: Martin Roesch: "Re: [snort] Sig11 on B11."
• Reply: Erich Meier: "Re: [snort] Sig11 on B11."
• Reply: Martin Roesch: "Re: [snort] Sig11 on B11."
• Reply: CyberPsychotic: "Re: [snort] Sig11 on B11."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]