Hi,
I have been having issues with the snort OpenBSD ports package.
I am running the following system:
OpenBSD 5.5 GENERIC.MP#0 amd64
I have installed the snort from the port package. Few seconds after it
starts analyzing packets snort quits due to a segmentation fault.
I have been debugging the execution using gdb after the SIGSEV I printed
the full backtrace here is the output:
Program received signal SIGSEGV, Segmentation fault.
0x00001081b531b2ac in ?? () from /usr/local/bin/snort
(gdb) bt full
#0 0x00001081b531b2ac in ?? () from /usr/local/bin/snort
No symbol table info available.
#1 0x00001081b533a6da in ?? () from /usr/local/bin/snort
No symbol table info available.
#2 0x00001081b533c6d2 in ?? () from /usr/local/bin/snort
No symbol table info available.
#3 0x00001083d6e6f520 in pcap_process_loop () from
/usr/local/lib/daq/daq_pcap.so
No symbol table info available.
#4 0x00001083b6513526 in pcap_read (p=0x1083c24d3000, cnt=-119,
callback=0x1083d6e6f4b0 <pcap_process_loop>, user=0x1083c17d5000
"�\003\177�\203\020")
at /usr/src/lib/libpcap/pcap-bpf.c:188
caplen = 1349791859
hdrlen = Variable "hdrlen" is not available.
It looks like there is some issue while parsing the packet in the libpcap.
Has anyone run into this issue?
Thanks in advance.
Here is the snort -V output:
,,_ -*> Snort! <*-
o" )~ Version 2.9.6.0 GRE (Build 47)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
Copyright (C) 2014 Cisco and/or its affiliates. All rights
reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using OpenBSD libpcap
Using PCRE version: 8.33 2013-05-28
Using ZLIB version: 1.2.3
--
André Pinheiro
