[Oisf-users] segfault with latest suricata version (rev 988c92f) 1.3x

Peter Manev petermanev at gmail.com
Tue Jun 19 08:57:43 UTC 2012 

Stefan thank you for your help.
Would you please post a bug for this
https://redmine.openinfosecfoundation.org/projects/suricata/issues

with a good explanation.

thank you


On Tue, Jun 19, 2012 at 10:55 AM, Stefan Sabolowitsch <
Stefan.Sabolowitsch at felten-group.com> wrote:

>  Hi Peter,
>  It's definitely this commit "bd3a655aeb8975ae8c51a02213d40bf21047f5e9" with
> pcap changes.
> With this pcap changes i get directly a segfault.
> I have tested all commits from beta2 to this problem commit.
>
>  Stefan
>
>  Am 19.06.2012 um 09:48 schrieb Peter Manev:
>
> here is some good info for the git commands:
> http://www.siteground.com/tutorials/git/commands.htm
>
> but you would need "git log" and "git checkout" mostly , after you have
> done the
> "git clone git://phalanx.openinfosecfoundation.org/oisf.git"
>
> This could be long and tenacious, but thank you very much for your
> efforts!!
>
>
> On Tue, Jun 19, 2012 at 9:42 AM, Stefan Sabolowitsch <
> Stefan.Sabolowitsch at felten-group.com> wrote:
>
>> no Peter...
>> but i can test the individual branches, master, updates.
>> May we find the errors faster.
>> How i do that with git?
>>
>>
>>
>>  Am 19.06.2012 um 09:33 schrieb Peter Manev:
>>
>> are you using Napatech or Myricom?
>>
>> On Tue, Jun 19, 2012 at 9:24 AM, Stefan Sabolowitsch <
>> Stefan.Sabolowitsch at felten-group.com> wrote:
>>
>>>  Hi Peter,
>>>  I had no problem before version beta2, this machine run more with 3
>>> months without any problem.
>>> I think the problems have started from the 11.06.12
>>>
>>>  Maybe this is the problem:
>>> suricata-1.3beta2-11-g988c92f
>>>
>>> - Log -----------------------------------------------------------------
>>> commit bd3a655aeb8975ae8c51a02213d40bf21047f5e9
>>> Author: Victor Julien <victor at inliniac.net>
>>> Date:   Sun May 20 12:12:42 2012 +0200
>>>
>>>     Add pcap workers mode.
>>>
>>>     Some cards like Napatech or Myricom support libpcap wrappers that allow for
>>>     multiple streams, queues, ringbuffers. The workers mode can be of use in
>>>     those cases.
>>>
>>> -----------------------------------------------------------------------
>>>
>>> Summary of changes:
>>>  src/runmode-pcap.c |   81 ++++++++++++++++++++++++++++++++++++++++++++++++----
>>>  src/source-pcap.h  |    2 +
>>>  2 files changed, 77 insertions(+), 6 deletions(-)
>>>
>>>
>>>  thx
>>> Stefan
>>>
>>>  Am 19.06.2012 um 09:09 schrieb Peter Manev:
>>>
>>> Hi Stefan,
>>>
>>> so this problem is only on beta1? , you never have had that problem with
>>> beta2? correct?
>>>
>>> thanks
>>>
>>> On Tue, Jun 19, 2012 at 9:06 AM, Stefan Sabolowitsch <
>>> Stefan.Sabolowitsch at felten-group.com> wrote:
>>>
>>>> Hi all,
>>>> any news here ? you need any information or help from my (debug etc.)  ?
>>>> Actually i run without any problem on beta2.
>>>>
>>>>  thx
>>>> Stefan
>>>>
>>>>  Am 16.06.2012 um 18:21 schrieb Eric Leblond:
>>>>
>>>> Oups. I forgot one step. After getting gdb shell. Use the run command
>>>> (without any arguments)
>>>>
>>>> BR.
>>>>
>>>> Stefan Sabolowitsch <Stefan.Sabolowitsch at felten-group.com> a écrit :
>>>>
>>>>  Hmmm, sorry Eric but I need a little more help.****
>>>>
>>>> ** **
>>>>
>>>> When I take this here:****
>>>>
>>>> ** **
>>>>
>>>> [root at ipd1 bin]# gdb --args ./suricata --user sguil --group sguil -c
>>>> /etc/nsm/Serrig-intern/suricata.yaml -F /etc/nsm/Serrig-intern/bpf.filt -i
>>>> br0 -l /nsm/sensor_data/Serrig-intern****
>>>>
>>>> GNU gdb (GDB) Red Hat Enterprise Linux (7.2-50.el6)****
>>>>
>>>> Copyright (C) 2010 Free Software Foundation, Inc.****
>>>>
>>>> License GPLv3+: GNU GPL version 3 or later <
>>>> http://gnu.org/licenses/gpl.html>****
>>>>
>>>> This is free software: you are free to change and redistribute it.****
>>>>
>>>> There is NO WARRANTY, to the extent permitted by law.  Type "show
>>>> copying"****
>>>>
>>>> and "show warranty" for details.****
>>>>
>>>> This GDB was configured as "x86_64-redhat-linux-gnu".****
>>>>
>>>> For bug reporting instructions, please see:****
>>>>
>>>> <http://www.gnu.org/software/gdb/bugs/>...****
>>>>
>>>> Reading symbols from /usr/local/bin/suricata...done.****
>>>>
>>>> (gdb)****
>>>>
>>>> ** **
>>>>
>>>> But nothing chrashes****
>>>>
>>>> ** **
>>>>
>>>> When i take this cmdline without “gdb –args”, suricata crashes directly.
>>>> ****
>>>>
>>>> What do I wrong here with gdb ?? ****
>>>>
>>>> ** **
>>>>
>>>> *Von:* Eric Leblond [mailto:eric at regit.org]
>>>> *Gesendet:* Samstag, 16. Juni 2012 17:42
>>>> *An:* Stefan Sabolowitsch
>>>> *Cc:* Peter Manev; oisf
>>>> *Betreff:* Re: [Oisf-users] segfault with latest suricata version (rev
>>>> 988c92f) 1.3x****
>>>>
>>>> ** **
>>>>
>>>> hello
>>>>
>>>> Can you run it in gdb qnd send us a backtrace.
>>>> You can do it by running
>>>> gdb --args mysuricatacmdline
>>>> Then when it crashes do
>>>> bt
>>>> And send us the result.
>>>>
>>>> BR
>>>>
>>>> Stefan Sabolowitsch <Stefan.Sabolowitsch at felten-group.com> a écrit :***
>>>> *
>>>>
>>>> Hi Peter, thanks for your fast answer.****
>>>>
>>>> I use the “-i” parameter for the interface, look here:****
>>>>
>>>> Executing: suricata --user sguil --group sguil -c
>>>> /etc/nsm/Serrig-intern/suricata.yaml -F /etc/nsm/Serrig-intern/bpf.filt -i
>>>> br0 -l /nsm/sensor_data/Serrig-intern****
>>>>
>>>> Executing: suricata --user sguil --group sguil -c
>>>> /etc/nsm/Serrig-DMZ/suricata.yaml -F /etc/nsm/Serrig-DMZ/bpf.filt -i br1 -l
>>>> /nsm/sensor_data/Serrig-DMZ****
>>>>
>>>>  ****
>>>>
>>>> And i compile with this parameter (Centos 6.0 64bit)****
>>>>
>>>> ./autogen.sh****
>>>>
>>>> ./configure --enable-pcre-jit****
>>>>
>>>>  ****
>>>>
>>>> Version 1.3beta worked for two months without any problem, also version
>>>> beta2. But then the problems started.****
>>>>
>>>>  ****
>>>>
>>>> My last test…****
>>>>
>>>> Jun 16 17:14:46 ipd1 kernel: device br0 entered promiscuous mode****
>>>>
>>>> Jun 16 17:14:46 ipd1 sancp: started normally****
>>>>
>>>> Jun 16 17:14:53 ipd1 sancp: Retrieved last connection ID:
>>>> 5754608452622280998 8 0****
>>>>
>>>> Jun 16 17:14:53 ipd1 kernel: device br1 entered promiscuous mode****
>>>>
>>>> Jun 16 17:14:53 ipd1 sancp: started normally****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr034[14337]: segfault at 21 ip
>>>> 0000000000000021 sp 00007fb5e75fcce8 error 14****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr038[14341]: segfault at 21 ip
>>>> 0000000000000021 sp 00007fb5e4df8ce8 error 14 in suricata[400000+179000]
>>>> ****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr027[14330]: segfault at 21 ip
>>>> 0000000000000021 sp 00007fb6275fcce8 error 14****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr025[14328]: segfault at 21 ip
>>>> 0000000000000021 sp 00007fb62cdf8ce8 error 14****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr029[14332]: segfault at 21 ip
>>>> 0000000000000021 sp 00007fb6261face8 error 14****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr031[14334]: segfault at 21 ip
>>>> 0000000000000021 sp 00007fb61d71ece8 error 14 in suricata[400000+179000]
>>>> ****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: RxPcapbr010[14313]: segfault at 21 ip
>>>> 0000000000000021 sp 00007fb63e8dfce8 error 14 in suricata[400000+179000]
>>>> ****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>
>>>> Jun 16 17:14:59 ipd1 kernel: in suricata[400000+179000]****
>>>>
>>>>  ****
>>>>
>>>>  ****
>>>>
>>>>  ****
>>>>
>>>> *Von:* Peter Manev [mailto:petermanev at gmail.com]
>>>> *Gesendet:* Samstag, 16. Juni 2012 15:46
>>>> *An:* Stefan Sabolowitsch
>>>> *Cc:* oisf-users at openinfosecfoundation.org
>>>> *Betreff:* Re: [Oisf-users] segfault with latest suricata version (rev
>>>> 988c92f) 1.3x****
>>>>
>>>>  ****
>>>>
>>>> Hi Stefan,
>>>> Have you specified " interface br0" in the yaml conf file:****
>>>>
>>>> pcap:
>>>>   *- interface: br0*
>>>>     #buffer-size: 32768
>>>>     #bpf-filter: "tcp and port 25"
>>>>     # Choose checksum verification mode for the interface. At the moment
>>>>     # of the capture, some packets may be with an invalid checksum due
>>>> to
>>>>     # offloading to the network card of the checksum com****
>>>>
>>>>
>>>> How did you compile Suricata?
>>>>
>>>> Thanks****
>>>>
>>>> On Sat, Jun 16, 2012 at 2:13 PM, Stefan Sabolowitsch <
>>>> Stefan.Sabolowitsch at felten-group.com> wrote:****
>>>>
>>>> Hi all,****
>>>>
>>>> i have with the latest suricata Version (rev 988c92f) a segfault, never
>>>> seen before “beta2”. ****
>>>>
>>>>  ****
>>>>
>>>> Any help ?****
>>>>
>>>>  ****
>>>>
>>>> Thx****
>>>>
>>>> Stefan****
>>>>
>>>>  ****
>>>>
>>>> -#-#-#- snipp #-#-#-#-#****
>>>>
>>>> Jun 16 13:55:49 ipd1 kernel: device br0 left promiscuous mode****
>>>>
>>>> Jun 16 13:55:49 ipd1 kernel: device br1 left promiscuous mode****
>>>>
>>>> Jun 16 13:55:49 ipd1 sancp: Exiting****
>>>>
>>>> Jun 16 13:55:50 ipd1 sancp: Exiting****
>>>>
>>>> Jun 16 13:56:41 ipd1 sancp: Retrieved last connection ID:
>>>> 5754602263574629554 8 0****
>>>>
>>>> Jun 16 13:56:41 ipd1 kernel: device br0 entered promiscuous mode****
>>>>
>>>> Jun 16 13:56:41 ipd1 sancp: started normally****
>>>>
>>>> Jun 16 13:56:53 ipd1 kernel: RxPcapbr010[10498]: segfault at 21 ip
>>>> 0000000000000021 sp 00007ff755148ce8 error 14****
>>>>
>>>> Jun 16 13:56:53 ipd1 kernel: RxPcapbr05[10493]: segfault at 21 ip
>>>> 0000000000000021 sp 00007ff75a23bce8 error 14 in suricata[400000+179000]
>>>> ****
>>>>
>>>> Jun 16 13:56:53 ipd1 kernel: in suricata[400000+179000]****
>>>>
>>>> Jun 16 13:56:53 ipd1 kernel: RxPcapbr06[10494]: segfault at 21 ip
>>>> 0000000000000021 sp 00007ff75983ace8 error 14 in suricata[400000+179000]
>>>> ****
>>>>
>>>> Jun 16 13:56:58 ipd1 sancp: Retrieved last connection ID:
>>>> 5754602263574929436 8 0****
>>>>
>>>> Jun 16 13:56:58 ipd1 kernel: device br1 entered promiscuous mode****
>>>>
>>>> Jun 16 13:56:58 ipd1 sancp: started normally****
>>>>
>>>> -#-#-#-#-snapp-+-+-+-+-+-****
>>>>
>>>>  ****
>>>>
>>>> And I found this in the logfile:****
>>>>
>>>>  ****
>>>>
>>>> [10493] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10493] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10489] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10489] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10492] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10491] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10494] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10491] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10494] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10490] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10492] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10495] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10495] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10490] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10496] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10496] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10498] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10498] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10501] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10501] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10499] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10499] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10500] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10500] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10497] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10502] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10497] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10502] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10503] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10503] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10505] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10505] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10504] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10504] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10507] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10507] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10506] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10506] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10509] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10509] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10508] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10508] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10510] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10510] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10511] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10511] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10512] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10512] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10513] 16/6/2012 -- 13:56:52 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10513] 16/6/2012 -- 13:56:52 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10514] 16/6/2012 -- 13:56:53 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10514] 16/6/2012 -- 13:56:53 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10515] 16/6/2012 -- 13:56:53 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10516] 16/6/2012 -- 13:56:53 - (source-pcap.c:353) <Info>
>>>> (ReceivePcapThreadInit) -- using interface br0****
>>>>
>>>> [10515] 16/6/2012 -- 13:56:53 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10516] 16/6/2012 -- 13:56:53 - (source-pcap.c:358) <Info>
>>>> (ReceivePcapThreadInit) -- Running in 'auto' checksum mode. Detection of
>>>> interface state will require 1000 packets.****
>>>>
>>>> [10517] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>> find Live device****
>>>>
>>>> [10518] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>> find Live device****
>>>>
>>>> [10520] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>> find Live device****
>>>>
>>>> [10519] 16/6/2012 -- 13:56:53 - (source-pcap.c:348) <Error>
>>>> (ReceivePcapThreadInit) -- [ERRCODE: SC_ERR_INVALID_VALUE(129)] - Unable to
>>>> find Live device****
>>>>
>>>>  ****
>>>>
>>>>  ****
>>>>
>>>>
>>>> _______________________________________________
>>>> Oisf-users mailing list
>>>> Oisf-users at openinfosecfoundation.org
>>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users****
>>>>
>>>>
>>>>
>>>>
>>>> -- ****
>>>>
>>>> Regards,****
>>>>
>>>> Peter Manev****
>>>>
>>>>  ****
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Regards,
>>> Peter Manev
>>>
>>>
>>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>>
>>
>>
>
>
> --
> Regards,
> Peter Manev
>
>
>


-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120619/67031e13/attachment-0002.html>

More information about the Oisf-users mailing list