Re: memory corruption in 2.8.6

["Safwat Fahmy" <safwat.fahmy () safemedia com>]

Russ

Where the backtrace file will be generated??

Thanks

 

 

 

From: Russ Combs [mailto:rcombs () sourcefire com] 
Sent: Wednesday, April 28, 2010 1:34 PM
To: Safwat Fahmy
Cc: jesler () sourcefire com; Snort-users () lists sourceforge net
Subject: Re: [Snort-users] memory corruption in 2.8.6

 

I'm unable to reproduce it.  Can reconfigure with --enable-corefiles and
send a backtrace please?

On Wed, Apr 28, 2010 at 1:27 PM, Safwat Fahmy <safwat.fahmy () safemedia com>
wrote:

Thank you Russ

 

Yes we are working with libnet 1.0.2a

 

Just a reminder 2.8.6 work perfectly in a sniffer mode. The problem occurs
only in inline mode running in the background. If I use the -Qvc the sig
error will not happen

Thanks

Safwat

 

From: Russ Combs [mailto:rcombs () sourcefire com] 
Sent: Wednesday, April 28, 2010 1:22 PM
To: Safwat Fahmy
Cc: jesler () sourcefire com; Snort-users () lists sourceforge net
Subject: Re: [Snort-users] memory corruption in 2.8.6

 

Might this be a libnet issue?  Are you sure you are linking with the correct
version for your platform?

On Wed, Apr 28, 2010 at 12:46 PM, Safwat Fahmy <safwat.fahmy () safemedia com>
wrote:

Running snort 2.8.6 with the flowing command line:

 

/snort286inline/bin/snort -QDc /mnt/smlog/snort286inline/etc/snort.conf -l
/mnt/smlog/logs br0

 

Result in the following error:

 

initializing Inline mode

building cached socket reset packets

** glibc detected *** /mnt/smlog/snort286inline/bin/snort: malloc(): memory
corruption: 0x000000000143ece0 ***

====== Backtrace: =========

 

 

This is the config options:

re --enable-build-dynamic-examples --enable-ipv6 --enable-gre
--enable-timestats --enable-perfprofiling --enable-inline
--enable-sourcefire --enable-aruba --enable-react --enable-flexresp2
--with-libpcap-libraries=/usr/lib64 --with-libpcre-libraries=/usr/lib64
--with-libipq-includes=/usr/include --with-libipq-libraries=/usr/lib
--with-libnet-includes=/usr/include --with-libnet-libraries=/usr/lib64
--with-dnet-libraries=/usr/lib64 --with-mysql=/usr/share/mysql
--with-mysql-includes=/usr/include/mysql
--with-mysql-libraries=/usr/lib64/Mysql

 

ip_queue and iptables_ filter were modprobe + iptables  -I FORWARD -j QUEUE

 

Can you help with this

 

Many thanks

Safwat

 

 


----------------------------------------------------------------------------
--

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

 

 

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users