Random crashes
nailyk-fr opened this issue · comments
Portspoof (builded after this commit) randomly crash very often. I start it with this command line from non root user:
./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
I know an issue without log is a pain but it crashing two or tree times a day with no output :s
Is it possible to enable some debug to provide logs? Where can I enable them?
My old version (1.3 - 26/06/2014) had less crash (one or two times a week) and sometimes output with 'Send to socket failed: Connection reset by peer' Don't know if it help.
gcc (Debian 4.9.2-10) 4.9.2
debian 8.6
iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 123456 -j RETURN
iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 1:65535 -j REDIRECT --to-ports 4444
Not related to the issue: Thanks for provide this awesome tool! Great work! I hope support will be back :)
Hey nailyk,
Could you configure the app using the latest source code with the following command:
./configure CFLAGS="-ggdb3 -O0" CXXFLAGS="-ggdb3 -O0" LDFLAGS="-ggdb3"
then make and before running portspoof enable dumps with this command ulimit -c unlimited.
It should then generate coredumps. Please send me all of them and I will try to fix this issue :)
Thanks for your quick answer.
Sorry, I probably did something wrong as there is now way to get portspoof running anymore:
portspoof@hostname:~$ time ./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
-> Using user defined configuration file ./root/etc/portspoof.conf
-> Using user defined signature file ./root/etc/portspoof_signatures
Erreur de segmentation (core dumped)
real 0m0.287s
user 0m0.268s
sys 0m0.012s
portspoof@hostname:~$ time ./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
-> Using user defined configuration file ./root/etc/portspoof.conf
-> Using user defined signature file ./root/etc/portspoof_signatures
Erreur de segmentation (core dumped)
real 0m0.329s
user 0m0.304s
sys 0m0.024s
Running from bash provide the same result.
How I rebuild:
git fetch origin
git checkout master
make clean
./configure --prefix=/home/portspoof/root CFLAGS="-ggdb3 -O0" CXXFLAGS="-ggdb3 -O0" LDFLAGS="-ggdb3"
make
sudo make install
(I bet on specific ip packets for those crash. While writing this answer portspoof keep crashing (see screenshot) so I should be under a specific scan/attack. I tried to tcpdump: I hope the culprit is in the capture. No trace of both ip into portspoof.log.)
Edit: Sorry @drk1wi I was not informed it will create ./core.
Here they are (sorry github still refuse my zips. portspoof binary included).
Sounds like each time it is related to Revregexp.cpp and/or lines into signatures.
I will try to find another signature file to experiment with.
Thanks nailyk, I am working on this.
Hi,
Any news?
Do you need more core dumps? What could I try to help you?
If you can give me an entry point into the code I should be able to add some printf to identify the problem.
Thanks in advance.
Hey,
I have fixed the issue. Tomorrow I will upload the new version.
Thanks for your help.
Piotr
Just rebuilt.
Thanks for the fix.
I still have a lot of
Send to socket failed: Connection reset by peer
but this make it rock-solid:
portspo+ 18682 0.4 1.2 768520 19300 pts/3 Sl+ mars10 208:20 ./root/bin/portspoof -c ./root/etc/portspoof.conf -s ./root/etc/portspoof_signatures
Thanks for the fix :)