Bro 57 segfaults
Vern Paxson
vern at icir.org
Tue Dec 16 09:12:12 PST 2003
> I just build and deployed bro-0.8a57 and the thing segfaults after about
> 5-100 minutes of running. I tried '-t file', but then it segfaults
> immediately.
>
> Platform is RedHat 9; default build of bro with ssl. Deployed on a fairly
> loaded 10MB/s link.
>
> Anybody else seeing this?
I don't run in that environment, but Robin does (or in something similar),
and I don't believe he's encountered any problems recently.
In general, when reporting a Bro crash, it helps a lot to show a traceback
(not -t output, which is generally much to voluminous to aid in debugging
crashes). Better (much) still is a tcpdump trace that reprodouces the
problem, if you're able to give me a copy of such.
Note, I recently ran across a problem running Bro's signature engine
against UDP or ICMP traffic. By default, each new UDP/ICMP flow sticks
around forever, so this rapidly consumes a huge amount of memory. You
can eliminate the problem via "@load reduce-memory".
Vern
More information about the Bro
mailing list