Closed nailyk-fr closed 7 years ago
Hey nailyk,
Could you configure the app using the latest source code with the following command: ./configure CFLAGS="-ggdb3 -O0" CXXFLAGS="-ggdb3 -O0" LDFLAGS="-ggdb3" then make and before running portspoof enable dumps with this command ulimit -c unlimited.
It should then generate coredumps. Please send me all of them and I will try to fix this issue :)
Thanks for your quick answer. Sorry, I probably did something wrong as there is now way to get portspoof running anymore:
portspoof@hostname:~$ time ./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
-> Using user defined configuration file ./root/etc/portspoof.conf
-> Using user defined signature file ./root/etc/portspoof_signatures
Erreur de segmentation (core dumped)
real 0m0.287s
user 0m0.268s
sys 0m0.012s
portspoof@hostname:~$ time ./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
-> Using user defined configuration file ./root/etc/portspoof.conf
-> Using user defined signature file ./root/etc/portspoof_signatures
Erreur de segmentation (core dumped)
real 0m0.329s
user 0m0.304s
sys 0m0.024s
Running from bash provide the same result.
How I rebuild:
git fetch origin
git checkout master
make clean
./configure --prefix=/home/portspoof/root CFLAGS="-ggdb3 -O0" CXXFLAGS="-ggdb3 -O0" LDFLAGS="-ggdb3"
make
sudo make install
(I bet on specific ip packets for those crash. While writing this answer portspoof keep crashing (see screenshot) so I should be under a specific scan/attack. I tried to tcpdump: I hope the culprit is in the capture. No trace of both ip into portspoof.log.)
Edit: Sorry @drk1wi I was not informed it will create ./core. Here they are (sorry github still refuse my zips. portspoof binary included). Sounds like each time it is related to Revregexp.cpp and/or lines into signatures. I will try to find another signature file to experiment with.
Thanks nailyk, I am working on this.
Hi, Any news? Do you need more core dumps? What could I try to help you? If you can give me an entry point into the code I should be able to add some printf to identify the problem. Thanks in advance.
Hey,
I have fixed the issue. Tomorrow I will upload the new version. Thanks for your help.
Piotr
Just rebuilt. Thanks for the fix.
I still have a lot of
Send to socket failed: Connection reset by peer
but this make it rock-solid:
portspo+ 18682 0.4 1.2 768520 19300 pts/3 Sl+ mars10 208:20 ./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
Thanks for the fix :)
Portspoof (builded after this commit) randomly crash very often. I start it with this command line from non root user:
./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
I know an issue without log is a pain but it crashing two or tree times a day with no output :s
Is it possible to enable some debug to provide logs? Where can I enable them?
My old version (1.3 - 26/06/2014) had less crash (one or two times a week) and sometimes output with 'Send to socket failed: Connection reset by peer' Don't know if it help.
Not related to the issue: Thanks for provide this awesome tool! Great work! I hope support will be back :)