Menu
▾
▴
Re: [Snort-inline-users] Freebsd and IPFW and IP header checksums
|
From: Will M. <wil...@gm...> - 2005-01-17 16:42:10
|
Yeah, its just a source forge cvs server so.... http://sourceforge.net/cvs/?group_id=78497 cvs -d:pserver:ano...@cv...:/cvsroot/snort-inline login cvs -z3 -d:pserver:ano...@cv...:/cvsroot/snort-inline co -P modulename On Mon, 17 Jan 2005 09:15:41 -0700 (MST), Nick Rogness <ni...@ro...> wrote: > On Mon, 17 Jan 2005, Will Metcalf wrote: > > > I'll update CVS later today. Resets are always sent to the source of > > the attack. > > What is the cvs server? Is it an annon server or ? > > > > > > Regards, > > > > Will > > > > > > On Sun, 16 Jan 2005 21:32:54 -0700 (MST), Nick Rogness <ni...@ro...> wrote: > >> On Thu, 30 Dec 2004, Christopher Black wrote: > >> > >>> Well, I've included patches I've generated so far. The snort.h patch is > >>> required to compile, decode.c is required for it to not drop every > >>> packet, and inline.c adds a (commented out) ugly fix for the segfault, > >>> and two debug statements demonstrating the problem. All patches were > >>> created outside the top-level snort_inline-2.2.0a directory. > >>> > >>> A rule triggering a "reject" will segfault the program. I have traced > >>> it to inline.c, roughly line 398 (400 after my patch). Printing the > >>> value once returns the same value as printing it anywhere prior in the > >>> execution chain. Printing it again returns 0 and a segfault. My C > >>> skills aren't up to par I guess, because I'm stumped here. > >>> > >>> [root@mobilebeast1 blackchr]# gdb /usr/local/bin/snort_inline > >>> snort_inline.core > >>> GNU gdb 6.1.1 [FreeBSD] > >>> Copyright 2004 Free Software Foundation, Inc. > >>> GDB is free software, covered by the GNU General Public License, and you > >>> are > >>> welcome to change it and/or distribute copies of it under certain > >>> conditions. > >>> Type "show copying" to see the conditions. > >>> There is absolutely no warranty for GDB. Type "show warranty" for > >>> details. > >>> This GDB was configured as "i386-marcel-freebsd"... > >>> Core was generated by `snort_inline'. > >>> Program terminated with signal 11, Segmentation fault. > >>> Reading symbols from /usr/local/lib/libpcre.so.0...done. > >>> Loaded symbols for /usr/local/lib/libpcre.so.0 > >>> Reading symbols from /usr/lib/libpcap.so.3...done. > >>> Loaded symbols for /usr/lib/libpcap.so.3 > >>> Reading symbols from /lib/libm.so.3...done. > >>> Loaded symbols for /lib/libm.so.3 > >>> Reading symbols from /lib/libc.so.5...done. > >>> Loaded symbols for /lib/libc.so.5 > >>> Reading symbols from /libexec/ld-elf.so.1...done. > >>> Loaded symbols for /libexec/ld-elf.so.1 > >>> #0 0x0806224d in HandlePacket () at inline.c:400 > >>> 400 iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; > >>> (gdb) > >>> > >>> Is there any more info I can provide? > >>> > >> > >> I found the bug in the code. Is there a cvs tree I can checkout > >> so I can send diffs against your current snapshot? > >> > >> Also, has anyone checked to see if the TCP reset (RejectSocket) > >> code actually sends TCP resets? Which direction and to whom are > >> they suppose to be sent? > >> > >> > >> Nick Rogness <ni...@ro...> > >> - > >> How many people here have telekenetic powers? Raise my hand. > >> -Emo Philips > >> > >> ------------------------------------------------------- > >> The SF.Net email is sponsored by: Beat the post-holiday blues > >> Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > >> It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt > >> _______________________________________________ > >> Snort-inline-users mailing list > >> Sno...@li... > >> https://lists.sourceforge.net/lists/listinfo/snort-inline-users > >> > > > > Nick Rogness <ni...@ro...> > - > How many people here have telekenetic powers? Raise my hand. > -Emo Philips > > |
