segmentation fault on first packet

Terry_Barker · June 30, 2009, 4:49pm

I'm having trouble running bro 1.4 that I recently installed on a solaris computer (uname -a
gives: SunOS fsm04 5.9 Generic_118558-39 sun4u sparc SUNW,Sun-Fire-V890). I've installed and
run bro on linux boxes several times over the last couple of years and know the basics.
The program core dumps on the first packet of several pcap files I’ve tried. For example,
I tried bro on a pcap file used in a recent bro workshop tutorial called trace1.tcpdump, and I've
attached the first 20 packets (in test.tcpdump) just to be sure we're on the same page. If I run

bro -r test.tcpdump

I get a segmentation fault on the first packet. This is the output from gdb ......

test.tcpdump (1.54 KB)

Vern · June 30, 2009, 4:57pm

I suspect this is due to an alignment issue with the connection compressor's
tricks with pointers, but I'll let Robin comment on that.

One immediate comment:

bro -t -r test.tcpdump

-t takes an argument, so this is creating an execution trace file called
"-r" and then reading test.tcpdump as a Bro script, hence all of the
"unrecognized character" complaints.

Vern

robin · June 30, 2009, 8:39pm

I suspect so too. Terry, can you try running with an additional
"use_connection_compressor=F" on the command line and see if that
avoids the crash?

Robin

Topic		Replies	Views
Segmentation fault at Off-line test Zeek	1	80	May 6, 2022
dump files, loopback Zeek	1	82	May 6, 2022
Segmentation fault at Off-line test Zeek	2	65	May 6, 2022
Segmentation fault at Off-line test Zeek	1	68	May 6, 2022
bad_tcp_checksum Zeek	5	132	May 6, 2022

segmentation fault on first packet

Related Topics