[Zeek] Segmentation Fault on Zeek 3.0.0

Jon Siwek jsiwek at corelight.com
Tue Oct 1 19:23:42 PDT 2019 

Yes, I'll be at ZeekWeek and happy to take a look then.  Else if you
had any minimal reproducer and/or stack trace you can actually share,
feel free to send that along in the meantime.

- Jon

On Tue, Oct 1, 2019 at 4:20 PM TQ <nothinrandom at gmail.com> wrote:
>
> Hey Jon,
>
> Unfortunately, I'm not at liberty to share right now.  However, my colleague Blake Johnson and I might give a talk at Zeek Week next week (https://twitter.com/voteblake/status/1178787539999526912?s=20).  Will you be there?  I'd love to catch up with you and show you in person instead.  It's probably some silly issue/misconfiguration on my end.
>
> Thanks,
>
> On Mon, Sep 30, 2019 at 9:37 AM Jon Siwek <jsiwek at corelight.com> wrote:
>>
>> Can you provide more information on how to reproduce the issue (exact
>> scripts/plugins/pcaps that crash every time) ?  There's still a bug in
>> Zeek to fix here, but just adding `-t` and trying a few things hasn't
>> triggered it for me.
>>
>> - Jon
>>
>> On Fri, Sep 27, 2019 at 7:57 PM TQ <nothinrandom at gmail.com> wrote:
>> >
>> > Hey Jon,
>> >
>> > Thanks for guidance on this!  You are absolutely right.  If I remove "-t ~/Desktop/logs/output.log", then that segmentation fault goes away.  I have not a clue why as it works fine for 2.6.2.  I thought something was wrong with the actual code.  Again, thanks for helping out with this!
>> >
>> > Thanks,
>> >
>> > On Fri, Sep 27, 2019 at 5:16 PM Jon Siwek <jsiwek at corelight.com> wrote:
>> >>
>> >> On Fri, Sep 27, 2019 at 9:47 AM TQ <nothinrandom at gmail.com> wrote:
>> >>
>> >> > cd ~/Desktop/logs/ && sudo rm -f *.log && zeek -C -t ~/Desktop/logs/output.log -r ~/Desktop/pcap/ testPlugin1_pcap_1.pcapng
>> >>
>> >> The `-t` option isn't commonly used and could see it accidentally
>> >> breaking without anyone noticing.  It does still seem to work for me,
>> >> but you might try removing it to see if it makes a difference.
>> >>
>> >> But the best thing would be if you can provide the full directions to
>> >> be able to reproduce the segfault -- e.g. the plugin/script code along
>> >> with pcap and command-line you're using.
>> >>
>> >> If you can't share those, then next best thing would be if you can run
>> >> in a debugger (gdb, lldb) and share a stack trace of the segfault.
>> >>
>> >> - Jon

More information about the Zeek mailing list