[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-devel
Subject: Re: [Snort-devel] spp_frag2.c increments pc.frags, so does snort.c
From: Phil Wood <cpw () lanl ! gov>
Date: 2001-07-31 20:05:56
[Download RAW message or body]
Fyodor,
Earlier I posted the following:
================================================================
*** snort/spp_stream4.c Tue Jul 24 08:50:21 2001
--- snort+/spp_stream4.c Tue Jul 31 13:27:54 2001
***************
*** 1258,1261 ****
--- 1258,1262 ----
DebugMessage(DEBUG_STREAM, "Dumping session\n");
DeleteSession(ssn, p->pkth->ts.tv_sec);
+ p->ssnptr = 0;
}
================================================================
which will eliminate one of the seg faults I've been seeing. Maybe you want
to risk it? %^)
I moved on to the next seg fault which occurs in spp_frag2 stuff.
** Notice the value of RootPtr in the call to ubi_btInsert.
gdb) bt
#0 ubi_btInsert (RootPtr=0x48, NewNode=0x8abea68, ItemPtr=0x8abea68,
OldNode=0xbffff1bc) at ubi_BinTree.c:637
#1 0x8077825 in ubi_sptInsert (RootPtr=0x48, NewNode=0x8abea68,
ItemPtr=0x8abea68, OldNode=0x0) at ubi_SplayTree.c:317
#2 0x807c08e in InsertFrag (p=0xbffff29c, ft=0x8abea20) at spp_frag2.c:534
#3 0x807be82 in Frag2Defrag (p=0xbffff29c) at spp_frag2.c:430
#4 0x8058416 in Preprocess (p=0xbffff29c) at rules.c:3427
#5 0x804c790 in ProcessPacket (user=0x0, pkthdr=0xbffff788, pkt=0x40346042 "")
at snort.c:519
#6 0x807ce7c in packet_ring_recv ()
#7 0x807d1b4 in pcap_read ()
#8 0x807df53 in pcap_loop ()
#9 0x804deef in InterfaceThread (arg=0x0) at snort.c:1450
#10 0x804c674 in main (argc=20, argv=0xbffff97c) at snort.c:452
(gdb) up
#1 0x8077825 in ubi_sptInsert (RootPtr=0x48, NewNode=0x8abea68,
ItemPtr=0x8abea68, OldNode=0x0) at ubi_SplayTree.c:317
317 if( ubi_btInsert( RootPtr, NewNode, ItemPtr, OldNode ) )
(gdb) up
#2 0x807c08e in InsertFrag (p=0xbffff29c, ft=0x8abea20) at spp_frag2.c:534
534 if(ubi_sptInsert(ft->fraglistPtr, (ubi_btNodePtr)newfrag,
** Notice that The FragRootPtr structure is empty at this time.
(gdb) print *FragRootPtr
$8 = {root = 0x0, cmp = 0x807b83c <Frag2CompareFunc>, count = 0,
flags = 0 '\000'}
If you look at the NewFragTracker and InsertFrag routines you
will find a couple of "sucks" LogMessages. There is no cleanup
done at this point. Things just kind of fall through.
I think this might have something to do with the seg faults,
but have no way to prove it. So far they only happen when a
system ends up transfering large amounts of data using packets sizes
that get fragmented. It has been happening for some time. But, by
the time I got around to analyzing this particular seg fault, the
user went fishing. I've got a lot of core dump files.
Thanks,
--
Phil Wood, cpw@lanl.gov
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/snort-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic