Serious problem running bro-pub-0.8a48 on OpenBSD 3.3

Moss de Kahn moskahn at hotmail.com
Mon Nov 10 09:24:03 PST 2003 

Hi All,

I keep getting segmentation faults while I attempt to run Bro 0.8a48 on 
OpenBSD3.3.
I've gone back and tried some older versions and the last version I can run 
without
seg faults is 0.8a32. None of the versions after that one seem to work for 
me. Has
anyone faced this problem before??

-  I am running this on a P3-600 MHz, 200 MB memory system. Is that too 
slow?

- The size of the 'bro.core' file upon the seg-fault is of the order of 500 
MB.
Isn't that weird? The response time of my system also increases drastically
when I start Bro (other than version 0.8a32 - where it remains very normal).

----------------------------------------------------------------------------------------------------------
bash-2.05b# ./bro -i fxp0 -t trace.txt -w dump.txt -S mt
Execution tracing ON.
Segmentation fault (core dumped)
-------------trace.txt is appended at the end of this 
mail--------------------
bash-2.05b# ls -la bro.core
-rw-------  1 root  wheel  536426260 Nov 10 12:08 bro.core
-----------------------------------------------------------------------------------------------------------

- I tried without the '-S' option but that didn't help either.

- attaching a gdb snapshot below. Each time I've seen some or the other 
function
related to 'md5' here. The bro src. file 'md5.c' hasn't changed in a while. 
What's
causing this?
--------------------------------------------------------------------------------------------------------------
bash-2.05b# gdb -c bro.core -s bro
GNU gdb 4.16.1
Copyright 1996 Free Software Foundation, Inc.
This GDB was configured as "i386-unknown-openbsd3.3"...
Core was generated by `bro'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/lib/libcrypto.so.9.0...done.
Reading symbols from /usr/lib/libssl.so.7.0...done.
Reading symbols from /usr/lib/libtermcap.so.9.0...done.
Reading symbols from /usr/lib/libpcap.so.2.0...done.
Reading symbols from /usr/lib/libpthread.so.1.0...done.
Reading symbols from /usr/lib/libstdc++.so.31.0...done.
Reading symbols from /usr/lib/libm.so.1.0...done.
Reading symbols from /usr/lib/libc.so.29.0...done.
#0  0x13e2a1 in md5_process ()
(gdb) bt
#0  0x13e2a1 in md5_process ()
Cannot access memory at address 0x13e298.
(gdb) i r
eax            0xcf3fe178       -817897096
ecx            0x0      0
edx            0x8      8
ebx            0xcf3fe160       -817897120
esp            0xcf3fe000       0xcf3fe000
ebp            0xcf3fe0ac       0xcf3fe0ac
esi            0x38     56
edi            0x0      0
eip            0x13e2a1 0x13e2a1
eflags         0x10286  66182
cs             0x1f     31
ss             0x27     39
ds             0x27     39
es             0x27     39
fs             0x27     39
gs             0x27     39
(gdb) q
----------------------------------------------------------------------------------------------------------

- Could it be a problem with the glibc on my system (it's a standard 
install). ?

Whats so different after version 0.8a32 so as to cause this?
Any help is greatly appreciated.

thanks,
-MdK

-------trace.txt----------
0.000000 <no location>:0        function called: open_log_file(tag = 'log')
0.000000 <no location>:0                function called: log_file_name(tag = 
'log')
0.000000 policy/bro.init:195                    Builtin Function called: 
getenv(var = '
BRO_ID')
0.000000 policy/bro.init:195                    Function return:
0.000000 policy/bro.init:196                    Builtin Function called: 
fmt(va_args =
'%s.%s', vararg0 = 'log', vararg1 = 'log')
0.000000 policy/bro.init:196                    Function return: log.log
0.000000 policy/bro.init:196            Function return: log.log
0.000000 policy/bro.init:201            Builtin Function called: open(f = 
'log.log')
0.000000 policy/bro.init:201            Function return: <no value 
description>
0.000000 policy/bro.init:201    Function return: <no value description>
0.000000 <no location>:0        function called: open_log_file(tag = 
'alert')
0.000000 <no location>:0                function called: log_file_name(tag = 
'alert')
0.000000 policy/bro.init:195                    Builtin Function called: 
getenv(var = '
BRO_ID')
0.000000 policy/bro.init:195                    Function return:
0.000000 policy/bro.init:196                    Builtin Function called: 
fmt(va_args =
'%s.%s', vararg0 = 'alert', vararg1 = 'log')
0.000000 policy/bro.init:196                    Function return: alert.log
0.000000 policy/bro.init:196            Function return: alert.log
0.000000 policy/bro.init:201            Builtin Function called: open(f = 
'alert.log')
0.000000 policy/bro.init:201            Function return: <no value 
description>
0.000000 policy/bro.init:201    Function return: <no value description>
-----end of trace-------

_________________________________________________________________
Is your computer infected with a virus?  Find out with a FREE computer virus 
scan from McAfee.  Take the FreeScan now! 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

More information about the Bro mailing list