k0a1a commented 10 years ago

after installing pom-ng according to the how-to http://wiki.packet-o-matic.org/pom-ng/getting_started#packets_are_read_from_an_input and running "input start input1" in the console, pom-ng quits with a segfault.

running on current debian testing i686.

here is the output:

root@www:~# pom-ng -d9 main: Starting pom-ng ... ptype: Ptype of type string not found, trying to load module mod: Module ptype_string loaded, registering components ... ptype: Registering ptype string analyzer: Registered payload type javascript : class application, extension .js analyzer: Registered payload type json : class application, extension .json analyzer: Registered payload type msword : class document, extension .doc analyzer: Registered payload type binary : class other, extension .bin analyzer: Registered payload type pdf : class document, extension .pdf analyzer: Registered payload type excel : class document, extension .xls analyzer: Registered payload type powerpoint : class document, extension .ppt analyzer: Registered payload type rar : class application, extension .rar analyzer: Registered payload type swf : class application, extension .swf analyzer: Registered payload type form-urlencoded : class other, extension .txt analyzer: Registered payload type jpeg : class image, extension .jpg analyzer: Registered payload type gif : class image, extension .gif analyzer: Registered payload type png : class image, extension .png analyzer: Registered payload type flv : class video, extension .flv analyzer: Registered payload type webm : class video, extension .webm analyzer: Registered payload type m2ts : class video, extension .m2ts analyzer: Registered payload type rfc822 : class document, extension .txt analyzer: Registered payload type text : class document, extension .txt analyzer: Registered payload type multipart : class other, extension .multipart analyzer: Mime type application/javascript registered as javascript analyzer: Mime type application/json registered as json analyzer: Mime type application/msword registered as msword analyzer: Mime type application/octet-stream registered as binary analyzer: Mime type application/octetstream registered as binary analyzer: Mime type application/pdf registered as pdf analyzer: Mime type application/vnd.ms-excel registered as excel analyzer: Mime type application/vnd.ms-powerpoint registered as powerpoint analyzer: Mime type application/x-javascript registered as javascript analyzer: Mime type application/x-json registered as json analyzer: Mime type application/x-rar-compressed registered as rar analyzer: Mime type application/x-shockwave-flash registered as swf analyzer: Mime type application/x-www-form-urlencoded registered as form-urlencoded analyzer: Mime type image/jpeg registered as jpeg analyzer: Mime type image/jpg registered as jpeg analyzer: Mime type image/gif registered as gif analyzer: Mime type image/png registered as png analyzer: Mime type video/x-flv registered as flv analyzer: Mime type video/webm registered as webm analyzer: Mime type video/MP2T registered as m2ts analyzer: Mime type message/rfc822 registered as rfc822 analyzer: Mime type text/plain registered as text analyzer: Mime type multipart/mixed registered as multipart analyzer: Mime type multipart/alternative registered as multipart analyzer: Mime type multipart/digest registered as multipart analyzer: Mime type multipart/parallel registered as multipart mod: Module ptype_uint8 loaded, registering components ... ptype: Registering ptype uint8 mod: Module ptype_uint32 loaded, registering components ... ptype: Registering ptype uint32 mod: Module proto_ppp_pap loaded, registering components ... event: Event ppp_pap_request registered event: Event ppp_pap_ack_nack registered proto: Proto ppp_pap registered mod: Module ptype_bool loaded, registering components ... ptype: Registering ptype bool mod: Module analyzer_ppp_pap loaded, registering components ... event: Event ppp_pap_auth registered analyzer: Analyzer ppp_pap registered mod: Module ptype_ipv6 loaded, registering components ... ptype: Registering ptype ipv6 mod: Module proto_ipv6 loaded, registering components ... proto: Proto ipv6 registered mod: Module ptype_mac loaded, registering components ... ptype: Registering ptype mac mod: Module proto_ethernet loaded, registering components ... ptype: Ptype uint16 not found proto: Proto ethernet registered mod: Module proto_docsis loaded, registering components ... proto: Proto docsis_mgmt registered proto: Proto docsis registered mod: Module ptype_ipv4 loaded, registering components ... ptype: Registering ptype ipv4 mod: Module proto_ipv4 loaded, registering components ... proto: Proto ipv4 registered mod: Module ptype_uint16 loaded, registering components ... ptype: Registering ptype uint16 mod: Module output_pcap loaded, registering components ... output: Registering output pcap_file mod: Module ptype_bytes loaded, registering components ... ptype: Registering ptype bytes mod: Module proto_ppp_chap loaded, registering components ... event: Event ppp_chap_challenge_response registered event: Event ppp_chap_success_failure registered proto: Proto ppp_chap registered mod: Module analyzer_ppp_chap loaded, registering components ... event: Event ppp_chap_mschapv2_auth registered event: Event ppp_chap_md5_auth registered analyzer: Analyzer ppp_chap registered mod: Module analyzer_tftp loaded, registering components ... event: Event tftp_file registered analyzer: Analyzer tftp registered mod: Module decoder_gzip loaded, registering components ... decoder: Registering decoder gzip decoder: Registering decoder deflate mod: Module proto_smtp loaded, registering components ... event: Event smtp_cmd registered event: Event smtp_reply registered proto: Proto smtp registered mod: Module analyzer_smtp loaded, registering components ... event: Event smtp_msg registered event: Event smtp_auth registered analyzer: Analyzer smtp registered mod: Module decoder_percent loaded, registering components ... decoder: Registering decoder percent mod: Module ptype_timestamp loaded, registering components ... ptype: Registering ptype timestamp mod: Module analyzer_docsis loaded, registering components ... event: Event docsis_cm_new registered event: Event docsis_cm_reg_status registered analyzer: Analyzer docsis registered mod: Module analyzer_multipart loaded, registering components ... analyzer: Analyzer multipart registered mod: Module analyzer_gif loaded, registering components ... analyzer: Analyzer gif registered mod: Module proto_tcp loaded, registering components ... proto: Proto tcp registered mod: Module proto_dns loaded, registering components ... proto: Proto dns registered mod: Module analyzer_png loaded, registering components ... analyzer: Analyzer png registered mod: Module output_tap loaded, registering components ... output: Registering output tap mod: Module proto_80211 loaded, registering components ... proto: Proto 80211 registered mod: Module proto_mpeg loaded, registering components ... proto: Proto mpeg_dvb_mpe registered proto: Proto mpeg_sect registered proto: Proto mpeg_ts registered mod: Module proto_ppi loaded, registering components ... proto: Proto ppi registered mod: Module proto_radiotap loaded, registering components ... proto: Proto radiotap registered mod: Module input_pcap loaded, registering components ... input: Registering input pcap_interface input: Registering input pcap_file input: Registering input pcap_dir mod: Module analyzer_jpeg loaded, registering components ... analyzer: Analyzer jpeg registered mod: Module proto_ppp loaded, registering components ... proto: Proto ppp registered mod: Module ptype_uint64 loaded, registering components ... ptype: Registering ptype uint64 mod: Module proto_pppoe loaded, registering components ... proto: Proto pppoe registered mod: Module proto_gre loaded, registering components ... proto: Proto gre registered mod: Module output_file loaded, registering components ... output: Registering output file mod: Module proto_vlan loaded, registering components ... proto: Proto vlan registered mod: Module proto_udp loaded, registering components ... proto: Proto udp registered mod: Module proto_eap loaded, registering components ... event: Event eap_identity registered event: Event eap_md5_challenge registered event: Event eap_success_failure registered proto: Proto eap registered mod: Module analyzer_eap loaded, registering components ... event: Event eap_md5_auth registered analyzer: Analyzer eap registered mod: Module proto_tftp loaded, registering components ... proto: Proto tftp registered mod: Module decoder_quoted_printable loaded, registering components ... decoder: Registering decoder quoted-printable mod: Module proto_icmp6 loaded, registering components ... proto: Proto icmp6 registered mod: Module datastore_sqlite loaded, registering components ... datastore: Registering datastore sqlite mod: Module proto_http loaded, registering components ... event: Event http_query registered event: Event http_response registered proto: Proto http registered mod: Module analyzer_rfc822 loaded, registering components ... analyzer: Analyzer rfc822 registered mod: Module input_kismet loaded, registering components ... input: Registering input kismet_drone mod: Module proto_arp loaded, registering components ... proto: Proto arp registered mod: Module proto_8021x loaded, registering components ... proto: Proto 8021x registered mod: Module analyzer_http loaded, registering components ... event: Event http_request registered analyzer: Analyzer http registered mod: Module proto_icmp loaded, registering components ... proto: Proto icmp registered mod: Module analyzer_arp loaded, registering components ... event: Event arp_new_sta registered event: Event arp_sta_changed registered analyzer: Analyzer arp registered mod: Module input_dvb loaded, registering components ... input: Registering input dvb_device input: Registering input dvb_c input: Registering input dvb_s mod: Module decoder_base64 loaded, registering components ... decoder: Registering decoder base64 mod: Module analyzer_dns loaded, registering components ... event: Event dns_record registered analyzer: Analyzer dns registered mod: Module output_log loaded, registering components ... output: Registering output log_txt output: Registering output log_xml core: Starting 1 processing thread(s) datastore_sqlite: New connection to database ~/.pom-ng/sys_datastore.db datastore_sqlite: READ QUERY : SELECT pkid, name, description FROM datasets datastore_sqlite: WRITE QUERY : INSERT INTO datasets ( name, description ) VALUES ( ?, ? ) datastore_sqlite: DELETE QUERY : DELETE FROM datasets datastore_sqlite: READ QUERY : SELECT pkid, dataset_id, name, type, field_id FROM dataset_schema datastore_sqlite: WRITE QUERY : INSERT INTO dataset_schema ( dataset_id, name, type, field_id ) VALUES ( ?, ?, ?, ? ) datastore_sqlite: DELETE QUERY : DELETE FROM dataset_schema datastore_sqlite: READ QUERY : SELECT pkid, name, timestamp FROM config_list datastore_sqlite: WRITE QUERY : INSERT INTO config_list ( name, timestamp ) VALUES ( ?, ? ) datastore_sqlite: DELETE QUERY : DELETE FROM config_list datastore: Datastore sqlite opened addon: Could not open addon directory /usr/share/pom-ng/addons/ for browsing : No such file or directory addon: You might want to install addons. main: pom-ng started ! You can now connect using pom-ng-console. datastore_sqlite: New connection to database ~/.pom-ng/sys_datastore.db core: Core state changed to 1 input: Input input1 started Segmentation fault

pom> input start input1 Error while polling pom-ng : [Errno 111] Connection refused

root@www:~# dmesg | tail -n1 [1386986.267502] pom-ng[23774]: segfault at 0 ip b76c4267 sp b5655fd0 error 4 in libpom-ng.so.0.0.0[b76b8000+29000]

cheers, d

gmsoft-tuxicoman commented 10 years ago

Hi,

Thanks for reporting this issue. I'm unable to reproduce this. From what I can see, you are running this on your web server. There is probably a specific HTTP query that causes this.

I have written a quick troubleshooting guide here : http://wiki.packet-o-matic.org/pom-ng/troubleshooting

Can you please run pom-ng in gdb and provide me the full output ? What exact version are you using ?

This should definitely help identify the source of the problem.

Alternatively, if you can provide a pcap file that contains the traffic that makes pom-ng crash. it would make things even easier.

Thanks, Guy

k0a1a commented 10 years ago

Hi, thanks for fast response! I'm looking forward to working with pom-ng, shall I manage to get rid of the segfault. (and it just happens that the hostname of my laptop is 'www' - it isn't a production server ,)

I'm running version v0.0.14, and I'm getting this segfault regardless what inputs, outputs or templates i use. neither any specific type of traffic is relevant (i believe) - pom-ng crashes before any packets are captured. the output files (logs or dumps) is neither ever created.

following is gdb log:

No default breakpoint address now. Starting program: /usr/bin/pom-ng warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". [New Thread 0xb6f31b40 (LWP 31327)] [New Thread 0xb6730b40 (LWP 31328)] [New Thread 0xb5f2fb40 (LWP 31329)] [New Thread 0xb53ffb40 (LWP 31330)] [New Thread 0xb4bfeb40 (LWP 31331)] [New Thread 0xb401db40 (LWP 32082)]

Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5f2fb40 (LWP 31329)] ptype_alloc_from_type (type=0x0) at ptype.c:175 175 if (type->info->alloc) { Tracepoint 1 at 0xb7f9d267: file ptype.c, line 175.

Just out of curiosity, what system and Linux version are you developing and running pom-ng on? For the sake of an experiment I'm setting up a clean Debian 7.1 64bit system to see if that will resolve my issues.

Cheers, D

k0a1a commented 10 years ago

root@www:~# gdb pom-ng GNU gdb (GDB) 7.6 (Debian 7.6-5) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/bin/pom-ng...done. (gdb) set logging on Copying output to gdb.txt. (gdb) run -d 5 Starting program: /usr/bin/pom-ng -d 5 warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". main: Starting pom-ng ... ptype: Ptype of type string not found, trying to load module mod: Module ptype_string loaded, registering components ... ptype: Registering ptype string analyzer: Registered payload type javascript : class application, extension .js analyzer: Registered payload type json : class application, extension .json analyzer: Registered payload type msword : class document, extension .doc analyzer: Registered payload type binary : class other, extension .bin analyzer: Registered payload type pdf : class document, extension .pdf analyzer: Registered payload type excel : class document, extension .xls analyzer: Registered payload type powerpoint : class document, extension .ppt analyzer: Registered payload type rar : class application, extension .rar analyzer: Registered payload type swf : class application, extension .swf analyzer: Registered payload type form-urlencoded : class other, extension .txt analyzer: Registered payload type jpeg : class image, extension .jpg analyzer: Registered payload type gif : class image, extension .gif analyzer: Registered payload type png : class image, extension .png analyzer: Registered payload type flv : class video, extension .flv analyzer: Registered payload type webm : class video, extension .webm analyzer: Registered payload type m2ts : class video, extension .m2ts analyzer: Registered payload type rfc822 : class document, extension .txt analyzer: Registered payload type text : class document, extension .txt analyzer: Registered payload type multipart : class other, extension .multipart analyzer: Mime type application/javascript registered as javascript analyzer: Mime type application/json registered as json analyzer: Mime type application/msword registered as msword analyzer: Mime type application/octet-stream registered as binary analyzer: Mime type application/octetstream registered as binary analyzer: Mime type application/pdf registered as pdf analyzer: Mime type application/vnd.ms-excel registered as excel analyzer: Mime type application/vnd.ms-powerpoint registered as powerpoint analyzer: Mime type application/x-javascript registered as javascript analyzer: Mime type application/x-json registered as json analyzer: Mime type application/x-rar-compressed registered as rar analyzer: Mime type application/x-shockwave-flash registered as swf analyzer: Mime type application/x-www-form-urlencoded registered as form-urlencoded analyzer: Mime type image/jpeg registered as jpeg analyzer: Mime type image/jpg registered as jpeg analyzer: Mime type image/gif registered as gif analyzer: Mime type image/png registered as png analyzer: Mime type video/x-flv registered as flv analyzer: Mime type video/webm registered as webm analyzer: Mime type video/MP2T registered as m2ts analyzer: Mime type message/rfc822 registered as rfc822 analyzer: Mime type text/plain registered as text analyzer: Mime type multipart/mixed registered as multipart analyzer: Mime type multipart/alternative registered as multipart analyzer: Mime type multipart/digest registered as multipart analyzer: Mime type multipart/parallel registered as multipart mod: Module ptype_uint8 loaded, registering components ... ptype: Registering ptype uint8 mod: Module ptype_uint32 loaded, registering components ... ptype: Registering ptype uint32 mod: Module proto_ppp_pap loaded, registering components ... event: Event ppp_pap_request registered event: Event ppp_pap_ack_nack registered proto: Proto ppp_pap registered mod: Module ptype_bool loaded, registering components ... ptype: Registering ptype bool mod: Module analyzer_ppp_pap loaded, registering components ... event: Event ppp_pap_auth registered analyzer: Analyzer ppp_pap registered mod: Module ptype_ipv6 loaded, registering components ... ptype: Registering ptype ipv6 mod: Module proto_ipv6 loaded, registering components ... proto: Proto ipv6 registered mod: Module ptype_mac loaded, registering components ... ptype: Registering ptype mac mod: Module proto_ethernet loaded, registering components ... ptype: Ptype uint16 not found proto: Proto ethernet registered mod: Module proto_docsis loaded, registering components ... proto: Proto docsis_mgmt registered proto: Proto docsis registered mod: Module ptype_ipv4 loaded, registering components ... ptype: Registering ptype ipv4 mod: Module proto_ipv4 loaded, registering components ... proto: Proto ipv4 registered mod: Module ptype_uint16 loaded, registering components ... ptype: Registering ptype uint16 mod: Module output_pcap loaded, registering components ... output: Registering output pcap_file mod: Module ptype_bytes loaded, registering components ... ptype: Registering ptype bytes mod: Module proto_ppp_chap loaded, registering components ... event: Event ppp_chap_challenge_response registered event: Event ppp_chap_success_failure registered proto: Proto ppp_chap registered mod: Module analyzer_ppp_chap loaded, registering components ... event: Event ppp_chap_mschapv2_auth registered event: Event ppp_chap_md5_auth registered analyzer: Analyzer ppp_chap registered mod: Module analyzer_tftp loaded, registering components ... event: Event tftp_file registered analyzer: Analyzer tftp registered mod: Module decoder_gzip loaded, registering components ... decoder: Registering decoder gzip decoder: Registering decoder deflate mod: Module proto_smtp loaded, registering components ... event: Event smtp_cmd registered event: Event smtp_reply registered proto: Proto smtp registered mod: Module analyzer_smtp loaded, registering components ... event: Event smtp_msg registered event: Event smtp_auth registered analyzer: Analyzer smtp registered mod: Module decoder_percent loaded, registering components ... decoder: Registering decoder percent mod: Module ptype_timestamp loaded, registering components ... ptype: Registering ptype timestamp mod: Module analyzer_docsis loaded, registering components ... event: Event docsis_cm_new registered event: Event docsis_cm_reg_status registered analyzer: Analyzer docsis registered mod: Module analyzer_multipart loaded, registering components ... analyzer: Analyzer multipart registered mod: Module analyzer_gif loaded, registering components ... analyzer: Analyzer gif registered mod: Module proto_tcp loaded, registering components ... proto: Proto tcp registered mod: Module proto_dns loaded, registering components ... proto: Proto dns registered mod: Module analyzer_png loaded, registering components ... analyzer: Analyzer png registered mod: Module output_tap loaded, registering components ... output: Registering output tap mod: Module proto_80211 loaded, registering components ... proto: Proto 80211 registered mod: Module proto_mpeg loaded, registering components ... proto: Proto mpeg_dvb_mpe registered proto: Proto mpeg_sect registered proto: Proto mpeg_ts registered mod: Module proto_ppi loaded, registering components ... proto: Proto ppi registered mod: Module proto_radiotap loaded, registering components ... proto: Proto radiotap registered mod: Module input_pcap loaded, registering components ... input: Registering input pcap_interface input: Registering input pcap_file input: Registering input pcap_dir mod: Module analyzer_jpeg loaded, registering components ... analyzer: Analyzer jpeg registered mod: Module proto_ppp loaded, registering components ... proto: Proto ppp registered mod: Module ptype_uint64 loaded, registering components ... ptype: Registering ptype uint64 mod: Module proto_pppoe loaded, registering components ... proto: Proto pppoe registered mod: Module proto_gre loaded, registering components ... proto: Proto gre registered mod: Module output_file loaded, registering components ... output: Registering output file mod: Module proto_vlan loaded, registering components ... proto: Proto vlan registered mod: Module proto_udp loaded, registering components ... proto: Proto udp registered mod: Module proto_eap loaded, registering components ... event: Event eap_identity registered event: Event eap_md5_challenge registered event: Event eap_success_failure registered proto: Proto eap registered mod: Module analyzer_eap loaded, registering components ... event: Event eap_md5_auth registered analyzer: Analyzer eap registered mod: Module proto_tftp loaded, registering components ... proto: Proto tftp registered mod: Module decoder_quoted_printable loaded, registering components ... decoder: Registering decoder quoted-printable mod: Module proto_icmp6 loaded, registering components ... proto: Proto icmp6 registered mod: Module datastore_sqlite loaded, registering components ... datastore: Registering datastore sqlite mod: Module proto_http loaded, registering components ... event: Event http_query registered event: Event http_response registered proto: Proto http registered mod: Module analyzer_rfc822 loaded, registering components ... analyzer: Analyzer rfc822 registered mod: Module input_kismet loaded, registering components ... input: Registering input kismet_drone mod: Module proto_arp loaded, registering components ... proto: Proto arp registered mod: Module proto_8021x loaded, registering components ... proto: Proto 8021x registered mod: Module analyzer_http loaded, registering components ... event: Event http_request registered analyzer: Analyzer http registered mod: Module proto_icmp loaded, registering components ... proto: Proto icmp registered mod: Module analyzer_arp loaded, registering components ... event: Event arp_new_sta registered event: Event arp_sta_changed registered analyzer: Analyzer arp registered mod: Module input_dvb loaded, registering components ... input: Registering input dvb_device input: Registering input dvb_c input: Registering input dvb_s mod: Module decoder_base64 loaded, registering components ... decoder: Registering decoder base64 mod: Module analyzer_dns loaded, registering components ... event: Event dns_record registered analyzer: Analyzer dns registered mod: Module output_log loaded, registering components ... output: Registering output log_txt output: Registering output log_xml [New Thread 0xb6f31b40 (LWP 7551)] [New Thread 0xb6730b40 (LWP 7552)] core: Starting 1 processing thread(s) [New Thread 0xb5f2fb40 (LWP 7553)] datastore_sqlite: New connection to database ~/.pom-ng/sys_datastore.db datastore_sqlite: READ QUERY : SELECT pkid, name, description FROM datasets datastore_sqlite: WRITE QUERY : INSERT INTO datasets ( name, description ) VALUES ( ?, ? ) datastore_sqlite: DELETE QUERY : DELETE FROM datasets datastore_sqlite: READ QUERY : SELECT pkid, dataset_id, name, type, field_id FROM dataset_schema datastore_sqlite: WRITE QUERY : INSERT INTO dataset_schema ( dataset_id, name, type, field_id ) VALUES ( ?, ?, ?, ? ) datastore_sqlite: DELETE QUERY : DELETE FROM dataset_schema datastore_sqlite: READ QUERY : SELECT pkid, name, timestamp FROM config_list datastore_sqlite: WRITE QUERY : INSERT INTO config_list ( name, timestamp ) VALUES ( ?, ? ) datastore_sqlite: DELETE QUERY : DELETE FROM config_list datastore: Datastore sqlite opened addon: Could not open addon directory /usr/share/pom-ng/addons/ for browsing : No such file or directory addon: You might want to install addons. main: pom-ng started ! You can now connect using pom-ng-console. [New Thread 0xb53ffb40 (LWP 7648)] datastore_sqlite: New connection to database ~/.pom-ng/sys_datastore.db [New Thread 0xb4bfeb40 (LWP 7672)] [New Thread 0xb401db40 (LWP 8168)] core: Core state changed to 1 input: Input input1 started

Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5f2fb40 (LWP 7553)] ptype_alloc_from_type (type=0x0) at ptype.c:175 175 if (type->info->alloc) { (gdb) bt full

0 ptype_alloc_from_type (type=0x0) at ptype.c:175

    res = 0xb5600508

1 0xb7f9f233 in packet_info_pool_get (p=0x807d3a0) at packet.c:222

    fields = 0xb7fbcb60 <fields.4967>
    i = 2
    info = 0xb56004e0
    pool = <optimized out>

2 0xb7f9a6d8 in core_process_packet_stack (stack=stack@entry=0xb5f2f080,

stack_index=stack_index@entry=1, p=p@entry=0xb550a198) at core.c:563
    s = 0xb5f2f098
    s_next = <optimized out>
    i = 1
    res = <optimized out>

3 0xb7f9a94b in core_process_packet (p=p@entry=0xb550a198) at core.c:612

    s = {{proto = 0x0, pload = 0x0, plen = 0, direction = 0, pkt_info = 0x0, ce = 0x0}, {
        proto = 0x807d3a0, pload = 0xb551b612, plen = 73, direction = 0, pkt_info = 0x0, 
        ce = 0x0}, {proto = 0x0, pload = 0x0, plen = 0, direction = 0, pkt_info = 0x0, 
        ce = 0x0} <repeats 16 times>}
    res = <optimized out>
    dump_pkt = <optimized out>

4 0xb7f9b35e in core_processing_thread_func (priv=0x8080310) at core.c:447

    tmp = <optimized out>
    pkt = 0xb550a198

5 core_processing_thread_func (priv=0x8080310) at core.c:363

    tpriv = 0x8080310

6 0xb7d1acf1 in start_thread (arg=0xb5f2fb40) at pthread_create.c:311

    **res = <optimized out>
    pd = 0xb5f2fb40
    now = <optimized out>
    unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1210925056, 0, 4001536, -1242369112, 
            1441114932, 324622128}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, 
        data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
    not_first_call = 0
    pagesize_m1 = <optimized out>
    sp = <optimized out>
    freesize = <optimized out>
    __PRETTY_FUNCTION** = "start_thread"

7 0xb7c53fee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

No locals. (gdb) quit A debugging session is active.

Inferior 1 [process 7547] will be killed.

Quit anyway? (y or n) y

gmsoft-tuxicoman commented 10 years ago

I'm developing mostly on Gentoo x86_64 but I've been testing as well on x86, hppa and arm.

From your backtrace it seems than one protocol is not declared correctly. If that is the case, I should be reproducing this issue. In frame 1, i =2, this is the protocol just above link layer which would be either ipv4 or ipv6 in most scenario.

Could you please reproduce once more and issue the following commands : f 1 print *p->info print p->info->pkt_fields[i]

Thanks

k0a1a commented 10 years ago

here it is:

Starting program: /usr/bin/pom-ng -d 5 warning: Could not load shared library symbols for linux-gate.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". [New Thread 0xb6f31b40 (LWP 7551)] [New Thread 0xb6730b40 (LWP 7552)] [New Thread 0xb5f2fb40 (LWP 7553)] [New Thread 0xb53ffb40 (LWP 7648)] [New Thread 0xb4bfeb40 (LWP 7672)] [New Thread 0xb401db40 (LWP 8168)]

Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5f2fb40 (LWP 7553)] ptype_alloc_from_type (type=0x0) at ptype.c:175 175 if (type->info->alloc) {

0 ptype_alloc_from_type (type=0x0) at ptype.c:175

    res = 0xb5600508

1 0xb7f9f233 in packet_info_pool_get (p=0x807d3a0) at packet.c:222

    fields = 0xb7fbcb60 <fields.4967>
    i = 2
    info = 0xb56004e0
    pool = <optimized out>

2 0xb7f9a6d8 in core_process_packet_stack (stack=stack@entry=0xb5f2f080,

stack_index=stack_index@entry=1, p=p@entry=0xb550a198) at core.c:563
    s = 0xb5f2f098
    s_next = <optimized out>
    i = 1
    res = <optimized out>

3 0xb7f9a94b in core_process_packet (p=p@entry=0xb550a198) at core.c:612

    s = {{proto = 0x0, pload = 0x0, plen = 0, direction = 0, pkt_info = 0x0, ce = 0x0}, {
        proto = 0x807d3a0, pload = 0xb551b612, plen = 73, direction = 0, pkt_info = 0x0, 
        ce = 0x0}, {proto = 0x0, pload = 0x0, plen = 0, direction = 0, pkt_info = 0x0, 
        ce = 0x0} <repeats 16 times>}
    res = <optimized out>
    dump_pkt = <optimized out>

4 0xb7f9b35e in core_processing_thread_func (priv=0x8080310) at core.c:447

    tmp = <optimized out>
    pkt = 0xb550a198

5 core_processing_thread_func (priv=0x8080310) at core.c:363

    tpriv = 0x8080310

6 0xb7d1acf1 in start_thread (arg=0xb5f2fb40) at pthread_create.c:311

    **res = <optimized out>
    pd = 0xb5f2fb40
    now = <optimized out>
    unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1210925056, 0, 4001536, -1242369112, 
            1441114932, 324622128}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, 
        data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
    not_first_call = 0
    pagesize_m1 = <optimized out>
    sp = <optimized out>
    freesize = <optimized out>
    __PRETTY_FUNCTION** = "start_thread"

7 0xb7c53fee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

No locals. A debugging session is active.

    Inferior 1 [process 7547] will be killed.

Quit anyway? (y or n) Starting program: /usr/bin/pom-ng -d 5

cheers, D

gmsoft-tuxicoman commented 10 years ago

Danja,

Did you paste the correct output ?

I cannot see the output of the commands I gave you : f 1 print *p->info print p->info->pkt_fields[i]

No need to provide the backtrace anymore.

Regards, Guy

k0a1a commented 10 years ago

i thought i did. anyways, here it is again:

main: pom-ng started ! You can now connect using pom-ng-console. [New Thread 0xb53ffb40 (LWP 1726)] datastore_sqlite: New connection to database ~/.pom-ng/sys_datastore.db [New Thread 0xb4bfeb40 (LWP 1727)] output: Output file started [New Thread 0xb401db40 (LWP 2041)] core: Core state changed to 1 input: Input input1 started

Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5f2fb40 (LWP 1725)] ptype_alloc_from_type (type=0x0) at ptype.c:175 175 if (type->info->alloc) { (gdb) f 1

1 0xb7f9f233 in packet_info_pool_get (p=0x807d3a0) at packet.c:222

222 info->fields_value[i] = ptype_alloc_from_type(fields[i].value_type); (gdb) print *p->info $1 = {api_ver = 1, name = 0xb7fbb858 "ethernet", mod = 0x807d218, pkt_fields = 0xb7fbcb60 , ct_info = 0x0, events = 0x0, number_class = 0xb7fbb858 "ethernet", init = 0x0, process = 0xb7fbb730 , post_process = 0x0, cleanup = 0x0} (gdb) print p->info->pkt_fields[i] $2 = {name = 0xb7fbb89c "type", value_type = 0x0, description = 0xb7fbb893 "Ethernet type"}

gmsoft-tuxicoman commented 10 years ago

Thanks !

The dependency on the correct ptype was missing in proto_ethernet. I've just pushed a fix. Please let me know if it solves your problem or not.

Regards, Guy

k0a1a commented 10 years ago

Guy thanks, it works now! Input started correctly and http.log output file is created. Exciting ;)

cheers, Danja

gmsoft-tuxicoman commented 10 years ago

Excellent !

Enjoy :)

k0a1a commented 10 years ago

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

thanks a lot for the fix! and by the way - are you, by chance, coming to 30c3 in Hamburg?

best, Danja

On 19/12/13 03:18 PM, Guy Martin wrote:

Excellent !

Enjoy :)

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlKzAjgACgkQXgCQwf4/Mo9IWQCfd0FagaS1HbKfJdhkda6J52Mm DQUAoINLPAa5etZoWUxDd7SQOzXeqwxz =/pgu -----END PGP SIGNATURE-----

gmsoft-tuxicoman commented 10 years ago

Well thanks for reporing the bug ! :)

I might come but not sure yet. If I do, I'll send you a mail.

gmsoft-tuxicoman / pom-ng

segfault in libpom-ng.so.0.0.0 #3

0 ptype_alloc_from_type (type=0x0) at ptype.c:175

1 0xb7f9f233 in packet_info_pool_get (p=0x807d3a0) at packet.c:222

2 0xb7f9a6d8 in core_process_packet_stack (stack=stack@entry=0xb5f2f080,

3 0xb7f9a94b in core_process_packet (p=p@entry=0xb550a198) at core.c:612

4 0xb7f9b35e in core_processing_thread_func (priv=0x8080310) at core.c:447

5 core_processing_thread_func (priv=0x8080310) at core.c:363

6 0xb7d1acf1 in start_thread (arg=0xb5f2fb40) at pthread_create.c:311

7 0xb7c53fee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

0 ptype_alloc_from_type (type=0x0) at ptype.c:175

1 0xb7f9f233 in packet_info_pool_get (p=0x807d3a0) at packet.c:222

2 0xb7f9a6d8 in core_process_packet_stack (stack=stack@entry=0xb5f2f080,

3 0xb7f9a94b in core_process_packet (p=p@entry=0xb550a198) at core.c:612

4 0xb7f9b35e in core_processing_thread_func (priv=0x8080310) at core.c:447

5 core_processing_thread_func (priv=0x8080310) at core.c:363

6 0xb7d1acf1 in start_thread (arg=0xb5f2fb40) at pthread_create.c:311

7 0xb7c53fee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:131

1 0xb7f9f233 in packet_info_pool_get (p=0x807d3a0) at packet.c:222