Hi,
I was about to try Snort out, but my test was spoilt by a Core dump. Below's some data
recollected with gdb:
#0 0x80731af in find_levels_r (b=0x0) at ./optimize.c:213
(gdb) bt
#0 0x80731af in find_levels_r (b=0x0) at ./optimize.c:213
#1 0x80731da in find_levels_r (b=0x809b1ec) at ./optimize.c:221
#2 0x80731ce in find_levels_r (b=0x8099e24) at ./optimize.c:220
#3 0x80731ce in find_levels_r (b=0x8099f08) at ./optimize.c:220
#4 0x8073242 in find_levels (root=0x8099f08) at ./optimize.c:242
#5 0x8074a13 in opt_loop (root=0x8099f08, do_stmts=0) at ./optimize.c:1586
#6 0x8074a7d in bpf_optimize (rootp=0x8090ba0) at ./optimize.c:1611
#7 0x806f70b in pcap_compile (p=0x8095650, program=0xbffff554,
buf=0x8095398 "host localhost", optimize=1, mask=255) at ./gencode.c:315
#8 0x804c85f in OpenPcap (intf=0x8095388 "lo", num=0) at snort.c:1434
#9 0x804c541 in InitializeInterfaces () at snort.c:1247
#10 0x804af80 in main (argc=9, argv=0xbffff7ac) at snort.c:209
#11 0x40178cf1 in __libc_start_main () from /lib/libc.so.6
#12 0xbffff93e in ?? ()
#13 0x692d0074 in ?? ()
(gdb) list
208 find_levels_r(b)
209 struct block *b;
210 {
211 int level;
212
213 if (isMarked(b))
214 return;
215
216 Mark(b);
217 b->link = 0;
(gdb) up
#2 0x80731ce in find_levels_r (b=0x8099e24) at ./optimize.c:220
220 find_levels_r(JT(b));
(gdb) print *b
$5 = {id = 1, stmts = 0x8099ef4, s = {code = 21, jt = 0x0, jf = 0x0,
k = 2130706433}, mark = 3, longjt = 0, longjf = 0, level = 0, offset = 0,
sense = 0, et = {id = 1, code = 0, edom = 0x809b6f8, succ = 0x809b1ec,
pred = 0x8099e24, next = 0x0}, ef = {id = 15, code = 0, edom = 0x809b6fc,
succ = 0x8099d40, pred = 0x8099e24, next = 0x0}, head = 0x8099f08,
link = 0x0, dom = 0x809b684, closure = 0x809b6bc, in_edges = 0x0, def = 0,
kill = 0, in_use = 0, out_use = 0, oval = 0, val = {0 <repeats 18 times>}}
The invocation command was 'snort -i lo -A full -l foo host localhost'.
Greetings,
--
Javier Kohen <[EMAIL PROTECTED]>
ICQ: blashyrkh #2361802
http://www.jkohen.com.ar/
PGP signature
