[Bro] segmentation fault on first packet
Terry Barker
Terry.Barker at sas.com
Tue Jun 30 09:49:54 PDT 2009
I'm having trouble running bro 1.4 that I recently installed on a solaris computer (uname -a
gives: SunOS fsm04 5.9 Generic_118558-39 sun4u sparc SUNW,Sun-Fire-V890). I've installed and
run bro on linux boxes several times over the last couple of years and know the basics.
The program core dumps on the first packet of several pcap files I’ve tried. For example,
I tried bro on a pcap file used in a recent bro workshop tutorial called trace1.tcpdump, and I've
attached the first 20 packets (in test.tcpdump) just to be sure we're on the same page. If I run
bro -r test.tcpdump
I get a segmentation fault on the first packet. This is the output from gdb ......
________________________________________________________
warning: Temporarily disabling breakpoints for unloaded shared library "/usr/lib/ld.so.1"
Program received signal SIGSEGV, Segmentation fault.
ConnCompressor::PktHdrToPendingConn (this=0x494c9c, time=964800422.39454699, key=0x491788, ip=0x0,
tp=0x397cf4, c=0x494c9c) at ConnCompressor.cc:617
617 c->time = time;
(gdb) where
#0 ConnCompressor::PktHdrToPendingConn (this=0x494c9c, time=964800422.39454699, key=0x491788,
ip=0x0, tp=0x397cf4, c=0x494c9c) at ConnCompressor.cc:617
#1 0x000cd410 in ConnCompressor::FirstFromOrig (this=0x396e18, t=964800422.39454699,
key=0x491788, ip=0xffbfe1c0, tp=0x397cf4) at ConnCompressor.cc:276
#2 0x000cdc7c in ConnCompressor::NextPacket (this=0x396e18, t=964800422.39454699, key=0x491788,
ip=0xffbfe1c0, hdr=0x397760, pkt=0x397cd2 "") at ConnCompressor.cc:234
#3 0x001b6cb8 in NetSessions::DoNextPacket (this=0x3984f0, t=964800422.39454699, hdr=0x397760,
ip_hdr=0xffbfe1c0, pkt=0x397cd2 "", hdr_size=14) at Sessions.cc:611
#4 0x001b73e8 in NetSessions::NextPacket (this=0x3984f0, t=964800422.39454699, hdr=0x397760,
pkt=0x397cd2 "", hdr_size=14, pkt_elem=0x0) at Sessions.cc:305
#5 0x00176bf0 in net_packet_dispatch (t=964800422.39454699, hdr=0x397760, pkt=0x397cd2 "",
hdr_size=14, src_ps=0x397728, pkt_elem=0x0) at Net.cc:434
#6 0x00176e54 in net_packet_arrival (t=964800422.39454699, hdr=0x397760, pkt=0x397cd2 "",
hdr_size=14, src_ps=0x397728) at Net.cc:496
#7 0x001863a4 in PktSrc::Process (this=0x397728) at PktSrc.cc:199
#8 0x00177380 in net_run () at Net.cc:526
#9 0x0009c230 in main (argc=3550208, argv=0x362c00) at main.cc:977
________________________________________________________
If I run bro with -t
bro -t -r test.tcpdump
this is the result:
________________________________________________________
Execution tracing ON.
./test.tcpdump, line 1: error: unrecognized character - ¡
./test.tcpdump, line 1: error: unrecognized character - ²
./test.tcpdump, line 1: error: unrecognized character - Ã
./test.tcpdump, line 1: error: unrecognized character - Ô
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character - Ð
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - ¯
./test.tcpdump, line 1: error: unrecognized character - ¦
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character - ÿ
./test.tcpdump, line 1: error: unrecognized character - í
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - @
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - @
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character - €
./test.tcpdump, line 1: error: unrecognized character - Â
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character -
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character - �
./test.tcpdump, line 1: error: unrecognized character - Õ
./test.tcpdump, line 1: error: parse error, at or near "JA"
________________________________________________________
followed by the seg fault.
Any advice would be appreciated.
Terry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.tcpdump
Type: application/octet-stream
Size: 1574 bytes
Desc: test.tcpdump
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090630/fd86f803/attachment.obj
More information about the Bro
mailing list