[Oisf-devel] Segfault on Suricata 1.2dev, PF_RING 5.2.1. and listening on a bonded interface
David.R.Wharton at regions.com
David.R.Wharton at regions.com
Fri Jan 13 15:51:57 UTC 2012
Good question. They are VLAN tagged so they have an extra four bytes.
-David
From: Victor Julien <victor at inliniac.net>
To: oisf-devel at openinfosecfoundation.org
Date: 01/13/2012 09:43 AM
Subject: Re: [Oisf-devel] Segfault on Suricata 1.2dev, PF_RING
5.2.1. and listening on a bonded interface
Sent by: oisf-devel-bounces at openinfosecfoundation.org
On 01/13/2012 04:37 PM, David.R.Wharton at regions.com wrote:
> DecodeEthernet (tv=0xbfa89c0, dtv=0xda8fe48, p=0x8f27070, pkt=0x1a00ffff
> <Address 0x1a00ffff out of bounds>, len=64, pq=0xd533dd0) at
> decode-ethernet.c:56
> 56 switch (ntohs(p->ethh->eth_type)) {
> (gdb) backtrace
> #0 DecodeEthernet (tv=0xbfa89c0, dtv=0xda8fe48, p=0x8f27070,
> pkt=0x1a00ffff <Address 0x1a00ffff out of bounds>, len=64, pq=0xd533dd0)
> at decode-ethernet.c:56
> #1 0x0805ded8 in DecodePfring (tv=0xbfa89c0, p=0x8f27070,
> data=0xda8fe48, pq=0xd533dd0, postpq=0x0) at source-pfring.c:482
If you monitor the link with wireshark/tshark what is the link type? Do
the packets come in as straight ethernet packets or are they wrapped in
something else?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Oisf-devel mailing list
Oisf-devel at openinfosecfoundation.org
http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120113/f0d05a09/attachment-0002.html>
More information about the Oisf-devel
mailing list