Menu
▾
▴
Re: [Snort-inline-users] Freebsd and IPFW and IP header checksums
|
From: Nick R. <ni...@ro...> - 2005-01-30 03:41:09
|
On Thu, 30 Dec 2004, Christopher Black wrote: > Well, I've included patches I've generated so far. The snort.h patch is > required to compile, decode.c is required for it to not drop every > packet, and inline.c adds a (commented out) ugly fix for the segfault, > and two debug statements demonstrating the problem. All patches were > created outside the top-level snort_inline-2.2.0a directory. > > A rule triggering a "reject" will segfault the program. I have traced > it to inline.c, roughly line 398 (400 after my patch). Printing the > value once returns the same value as printing it anywhere prior in the > execution chain. Printing it again returns 0 and a segfault. My C > skills aren't up to par I guess, because I'm stumped here. > > [root@mobilebeast1 blackchr]# gdb /usr/local/bin/snort_inline > snort_inline.core > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you > are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for > details. > This GDB was configured as "i386-marcel-freebsd"... > Core was generated by `snort_inline'. > Program terminated with signal 11, Segmentation fault. > Reading symbols from /usr/local/lib/libpcre.so.0...done. > Loaded symbols for /usr/local/lib/libpcre.so.0 > Reading symbols from /usr/lib/libpcap.so.3...done. > Loaded symbols for /usr/lib/libpcap.so.3 > Reading symbols from /lib/libm.so.3...done. > Loaded symbols for /lib/libm.so.3 > Reading symbols from /lib/libc.so.5...done. > Loaded symbols for /lib/libc.so.5 > Reading symbols from /libexec/ld-elf.so.1...done. > Loaded symbols for /libexec/ld-elf.so.1 > #0 0x0806224d in HandlePacket () at inline.c:400 > 400 iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; > (gdb) > > Is there any more info I can provide? > I have included all of the patches that are need to run snort_inline on FreeBSD 4.X and 5.X. The patches are against snort_inline-2.2.0a.tar.gz file, from outside the top level. It turned out that all of the bugs were do to misplaced #ifdef's. Also, I have written someone online documentation for FreeBSD and snort_inline. It can be found at: http://freebsd.rogness.net/snort_inline/ I will be submitting a FreeBSD port for snort_inline to the FreeBSD ports tree this week. Nick Rogness <ni...@ro...> - How many people here have telekenetic powers? Raise my hand. -Emo Philips |
