mutiger_jh at yahoo
Nov 3, 2009, 12:04 PM
Post #1 of 1
(596 views)
Permalink
|
|
Snort 2.8.5.1 segfaults against pfring
|
|
Thank you for all of your hard work.
I am running RedHat EL 5 (64-bit) with the 2.6.18-164.2.1.el5 kernel. I get the pf_ring (Subversion version from 11/2/09) kernel module compiled and loaded. I also compile libpcap and libpfring fine. I can run the example programs, pcount and pfcount fine. I can also compile tcpdump against this libpcap and run it fine.
I can compile snort v 2.8.5.1 with the following command fine,
./configure --with-libpcap-includes=/usr/local/include/ --with-libpcap-libraries=/usr/local/lib64 --with-libpfring-includes=/usr/local/include/ --with-libpfring-libraries=/usr/local/lib64/ --prefix=/usr/local CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib64 -lpfring -lpcap"; make
Ldd show the following:
ldd src/snort
libpfring.so => /usr/local/lib64/libpfring.so (0x00002adf585e0000)
libpcre.so.0 => /lib64/libpcre.so.0 (0x0000003028200000)
libpcap.so.1.0.0 => /usr/local/lib64/libpcap.so.1.0.0 (0x00002adf587e3000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003029200000)
libm.so.6 => /lib64/libm.so.6 (0x0000003027e00000)
libdl.so.2 => /lib64/libdl.so.2 (0x0000003026e00000)
libc.so.6 => /lib64/libc.so.6 (0x0000003026a00000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003027200000)
/lib64/ld-linux-x86-64.so.2 (0x0000003026600000)
When I run snort, I get a Segmentation fault as follows...
src/snort -v -i eth1
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
Segmentation fault
Some of the STRACE output is as follows:
write(2, " --== Initializing Snort "..., 37 --== Initializing Snort ==--
) = 37
write(2, "Initializing Output Plugins!\n", 29Initializing Output Plugins!
) = 29
brk(0x4a9b000) = 0x4a9b000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba249e13000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba249f14000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a015000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a116000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a217000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a318000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a419000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a51a000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a61b000
brk(0x4ac3000) = 0x4ac3000
brk(0x4ae7000) = 0x4ae7000
mmap(NULL, 528384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a71c000
mmap(NULL, 1052672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ba24a79d000
socket(PF_NETLINK, SOCK_RAW, 0) = 3
bind(3, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0
getsockname(3, {sa_family=AF_NETLINK, pid=22196, groups=00000000}, [2783429525554331660]) = 0
sendto(3, "\24\0\0\0\22\0\1\3)\214\360J\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\370\0\0\0\20\0\2\0)\214\360J\264V\0\0\0\0\4\3\1\0\0\0I\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 2012
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0)\214\360J\264V\0\0\0\0\0\0\1\0\0\0I\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
sendto(3, "\24\0\0\0\26\0\1\3*\214\360J\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"<\0\0\0\24\0\2\0*\214\360J\264V\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 128
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"@\0\0\0\24\0\2\0*\214\360J\264V\0\0\n\200\200\376\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 192
recvmsg(3, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0*\214\360J\264V\0\0\0\0\0\0\1\0\0\0\24\0\1\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20
close(3) = 0
socket(0x1b /* PF_??? */, SOCK_RAW, 768) = 3
setsockopt(3, SOL_IP, 0x6b /* IP_??? */, [68], 4) = 0
bind(3, {sa_family=0x1b /* AF_??? */, sa_data="lo\0\0\0\0\222(a&0\0\0\0"}, 16) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2ba24a89e000
munmap(0x2ba24a89e000, 4096) = 0
mmap(NULL, 749568, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2ba24a89e000
munmap(0x2ba24a89e000, 749568) = 0
close(3) = 0
socket(0x1b /* PF_??? */, SOCK_RAW, 768) = 3
setsockopt(3, SOL_IP, 0x6b /* IP_??? */, [68], 4) = 0
bind(3, {sa_family=0x1b /* AF_??? */, sa_data="eth0\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2ba24a89e000
munmap(0x2ba24a89e000, 4096) = 0
mmap(NULL, 749568, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2ba24a89e000
munmap(0x2ba24a89e000, 749568) = 0
close(3) = 0
socket(0x1b /* PF_??? */, SOCK_RAW, 768) = 3
setsockopt(3, SOL_IP, 0x6b /* IP_??? */, [68], 4) = 0
bind(3, {sa_family=0x1b /* AF_??? */, sa_data="eth1\0\0\0\0\0\0\0\0\0\0"}, 16) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2ba24a89e000
munmap(0x2ba24a89e000, 4096) = 0
mmap(NULL, 749568, PROT_READ|PROT_WRITE, MAP_SHARED, 3, 0) = 0x2ba24a89e000
munmap(0x2ba24a89e000, 749568) = 0
close(3) = 0
socket(0x1b /* PF_??? */, SOCK_RAW, 768) = 3
setsockopt(3, SOL_IP, 0x6b /* IP_??? */, [68], 4) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Any help is appreciated.
-Jeff
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
|
