Snort mailing list archives
Segfault on fun funy rule
From: "Jason Monroe \"JC\"" <monroe () nas nasa gov>
Date: Wed, 25 Feb 2004 20:25:50 -0800
Hello Everybody, Downloaded 2.1.1 built it against Fedora Core 1 pcre 4.4 libpcap-0.7.2-7.1 [root@Fedora1 root]# gcc -v Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/specs Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-checking --with-system-zlib --enable-__cxa_atexit --host=i386-redhat-linux Thread model: posix gcc version 3.3.2 20031022 (Red Hat Linux 3.3.2-1) Have rule in local.rules that causes breakage alert tcp any any -> any any (msg:"Telnet login as root";content:"root";nocase;flow:to_server:established;) I mistakenly typed a ":" instead of "," between the flow statement When I correct the rule snort is able to init correctly :) (the glass is half full) [root@Fedora1 root]# /opt/snort/bin/snort -T -v -c /etc/snort/snort.conf .... sparing details telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Segmentation fault I looked at the FAQ said DO GDB so here it is [root@Fedora1 root]# gdb snort GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh) Copyright 2003 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run snort -T -v -c /etc/snort/snort.conf Starting program: /opt/snort/bin/snort snort -T -v -c /etc/snort/snort.conf Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: snort Fatal Error, Quitting.. Program exited with code 01. (gdb) where No stack. (gdb) bt No stack. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Segfault on fun funy rule Jason Monroe "JC" (Feb 25)
- Re: Segfault on fun funy rule Erek Adams (Feb 25)
- Re: Segfault on fun funy rule Jason Monroe "JC" (Feb 26)
- Re: Segfault on fun funy rule Erek Adams (Feb 25)