[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[firestorm053-nids] 100% cpu report on freebsd48
- To: firestorm@xxxxxxxxxxxxxxxx
- Subject: [firestorm053-nids] 100% cpu report on freebsd48
- From: rmkml <rmkml@xxxxxxxxxx>
- Date: Sun, 22 Jun 2003 11:29:12 +0200
- Delivered-to: mailing list firestorm@scaramanga.co.uk
- Mailing-list: contact firestorm-help@scaramanga.co.uk; run by ezmlm
- Sender: test@xxxxxxxxxx
Hi,
this morning,
firestorm-nids v053
have 100%cpu !
look top :
%top -s 1
PID USERNAME PRI NICE SIZE RES STATE TIME WCPU CPU COMMAND
319 xxxxxxx 60 0 18660K 16976K RUN 442:50 99% 99%
firestorm-nids
...
(firestorm run on non root user)
%kill -ABRT 319
(gdb)
#0 tcp_fast_options (t=0x80624e8, tsval=0x28139ad4) at tcpstream.c:345
345 if ( *tmp == TCPOPT_EOL || *tmp == TCPOPT_NOP )
{
(gdb) bt full
#0 tcp_fast_options (t=0x80624e8, tsval=0x28139ad4) at tcpstream.c:345
t = (struct pkt_tcphdr *) 0x80624fd
tsval = (u_int32_t *) 0x80624fd
tmp = 0x80624fd "<"
end = 0x8062508 "£Öô>"
#1 0x28133860 in tcpstream_tcpseg (p=0x8059004, i=1) at tcpstream.c:751
s = (struct tcp_session *) 0x8181294
snd = (struct tcp_stream *) 0x81812e8
rcv = (struct tcp_stream *) 0x81812b8
tcph = (struct pkt_tcphdr *) 0x80624e8
iph = (struct pkt_iphdr *) 0x81812b8
to_server = 0
#2 0x28134214 in tcpstream_process (pkt=0x8059004, i=1) at
tcpstream.c:1145
iph = (struct pkt_iphdr *) 0x80624d4
l = (struct layer *) 0x8059034
s = (struct tcp_session *) 0x815ed5c
#3 0x281364d0 in tcp_decode (p=0x8059004) at tcp.c:198
l = (struct layer *) 0x8059034
#4 0x28137041 in ipv4_decode (p=0x8059004) at ip.c:190
p = (struct packet *) 0x8059004
pc = (struct proto_child *) 0x28139a3c
my_layer = 1
l = (struct layer *) 0x8059024
ks = 0
#5 0x2814ce8b in ether_decode (p=0x8059004) at ether.c:218
p = (struct packet *) 0x8059004
pc = (struct proto_child *) 0x28139a3c
l = (struct layer *) 0x8059014
#6 0x28129e42 in lpf_callback (user=0x8059000 "", header=0x80624b4,
data=0x80624c6 "\002") at pcap.c:185
user = (u_char *) 0x8059000 ""
header = (struct pcap_pkthdr *) 0x80624fd
data = (
u_char *) 0x28139a3c
"¨\223\023(@\226\023(H\223\023(T\223\023(\230\220\023(\204\233\023(0\223\023(\210\233\023(\214\233\023(\220\233\023(
\237\023(
\223\023(\224\233\023(4\223\023(à\235\023(°\223\023(\024\227\023($\223\023((\223\023("
#7 0x2811ce89 in pcap_read () from /usr/lib/libpcap.so.2
No symbol table info available.
#8 0x2811c97f in pcap_dispatch () from /usr/lib/libpcap.so.2
No symbol table info available.
#9 0x28129e80 in fpcap_go (priv=0x8059000, c=0x8053dbc) at pcap.c:193
priv = (void *) 0x8059000
c = (struct capture *) 0x8053dbc
#10 0x804cbe0 in capture_go () at capture.c:121
tv = {tv_sec = 0, tv_usec = 233229}
tv2 = {tv_sec = -1077937024, tv_usec = 134527641}
end = {tv_sec = -1077937048, tv_usec = -1077936936}
#11 0x804baae in main (argc=1, argv=0xbfbffcd0) at sensor.c:176
argc = -1077937040
argv = (char **) 0x0
sig = {__sigaction_u = {__sa_handler = 0x1, __sa_sigaction =
0x1}, sa_flags = 64, sa_mask = {__bits = {0, 0, 0, 0}}}
#12 0x80490f2 in _start ()
No symbol table info available.
(gdb)
I have file core for more infos ...
and tcpdump file,
and syslog file ... (but not strange event in this)
and firestorm log file ... (but not strange event in this)
Regard.