export LUA_PATH=/usr/local/snort/include/snort/lua/?.lua\;\;
export SNORT_LUA_PATH=/usr/local/snort/etc/snort/

#setenv LUA_PATH "/usr/local/snort/include/snort/lua/?.lua\;\;"
#setenv SNORT_LUA_PATH /usr/local/snort/etc/snort
#env |grep LUA
SNORT_LUA_PATH=/usr/local/snort/etc/snort
LUA_PATH=/usr/local/snort/include/snort/lua/?.lua\;\;

# /usr/local/snort/bin/snort -c /usr/local/snort/etc/snort/snort.lua -i bridge0
o")~   Snort++ 3.0.0-248
--------------------------------------------------
Loading /usr/local/snort/etc/snort/snort.lua:
FATAL: can't init /usr/local/snort/etc/snort/snort.lua: /usr/local/snort/etc/snort/snort.lua:39: module 'snort_config' not found:
        no field package.preload['snort_config']
        no file '/usr/local/snort/include/snort/lua/snort_config.lua\'
        no file '\'
        no file './snort_config.so'
        no file '/usr/local/lib/lua/5.1/snort_config.so'
        no file '/usr/local/lib/lua/5.1/loadall.so'
Fatal Error, Quitting..

Making install in lua
make[2]: Entering directory `/home/user/snort_src/snort-3.0.0-a4/src/lua'
make[3]: Entering directory `/home/user/snort_src/snort-3.0.0-a4/src/lua'
make[3]: Nothing to be done for `install-exec-am'.
 /bin/mkdir -p '/opt/snort/include/snort/lua'
 /usr/bin/install -c -m 644 lua.h lua_ref.h lua_iface.h lua_table.h lua_arg.h lua_stack.h lua_util.h '/opt/snort/include/snort/lua'
make[3]: Leaving directory `/home/user/snort_src/snort-3.0.0-a4/src/lua'
make[2]: Leaving directory `/home/user/snort_src/snort-3.0.0-a4/src/lua'
Making install in ips_options
make[2]: Entering directory `/home/user/snort_src/snort-3.0.0-a4/src/ips_options'
make[3]: Entering directory `/home/user/snort_src/snort-3.0.0-a4/src/ips_options'
  CXX      ips_luajit.o
ips_luajit.cc:28:38: fatal error: managers/lua_plugin_defs.h: No such file or directory
 #include "managers/lua_plugin_defs.h"
                                      ^
compilation terminated.
make[3]: *** [ips_luajit.o] Error 1
make[3]: Leaving directory `/home/user/snort_src/snort-3.0.0-a4/src/ips_options'
make[2]: *** [install-recursive] Error 1
make[2]: Leaving directory `/home/user/snort_src/snort-3.0.0-a4/src/ips_options'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/user/snort_src/snort-3.0.0-a4/src'
make: *** [install-recursive] Error 1

#!/bin/sh
        # $FreeBSD$

        # PROVIDE: snort
        # REQUIRE: DAEMON
        # BEFORE: LOGIN
        # KEYWORD: shutdown

        . /etc/rc.subr

        name="snort"
        rcvar=snort_enable
        extra_commands=reload

        command="/usr/local/snort/bin/snort"

        load_rc_config $name

        [ -z "$snort_enable" ]    && snort_enable="NO"
        [ -z "$snort_conf" ]      && snort_conf="/usr/local/snort/etc/snort/snort.lua"
        [ -z "$snort_flags" ]     && snort_flags="-D -q"

        [ -n "$snort_interface" ] && snort_flags="$snort_flags -i $snort_interface" \
                                  && pidfile="/var/run/snort_${snort_interface}.pid"
        [ -n "$snort_conf" ]      && snort_flags="$snort_flags -c $snort_conf"
        [ -n "$snort_expression" ] && snort_flags="$snort_flags $snort_expression"

        if [ -n "$snort_rules" ]; then
          _1=$1
          if [ $# -gt 1 ]; then shift; snort_rules=$*; fi
          snort_conf=""
          snort_flags=""
          rc=0
          for i in ${snort_rules}; do
                eval _conf=\$snort_${i}_conf
                eval _flags=\$snort_${i}_flags
                [ -z "$_flags" ] && _flags="-D -q"
                eval _intf=\$snort_${i}_interface
                eval _expr=\$snort_${i}_expression
                if [ -n "$_intf" ] ;then
                    _conf="$_conf -i $_intf"
                   eval pidfile="/var/run/snort_$_intf.pid"
                fi
                command_args="$_flags -c $_conf $_expr"
                run_rc_command "$_1"
                if [ $? -ne 0 ]; then rc=1; fi
                unset _pidcmd _rc_restart_done
           done
           exit $rc
        else
           run_rc_command "$1"
        fi

# /usr/local/etc/rc.d/snort start
/usr/local/etc/rc.d/snort: DEBUG: pid file (/var/run/snort_bridge0.pid): not readable.
/usr/local/etc/rc.d/snort: DEBUG: checkyesno: snort_enable is set to YES.
Starting snort.
/usr/local/etc/rc.d/snort: DEBUG: run_rc_command: doit:  limits -C daemon /usr/local/snort/bin/snort -D -q -i bridge0 -c /usr/local/snort/etc/snort/snort.lua 

# ps -aux | grep snort
root       1475  2.0  5.5 451120 105580  -  Rs   17:42    13:31.28 /usr/local/snort/bin/snort -D -q -i bridge0 -c /usr/local/snort/etc/snort/snort.lua  
root       3407  0.0  0.0    408    324  1  R+   08:44     0:00.00 grep snort  

# /usr/local/etc/rc.d/snort status
/usr/local/etc/rc.d/snort: DEBUG: pid file (/var/run/snort_bridge0.pid): not readable.
/usr/local/etc/rc.d/snort: DEBUG: checkyesno: snort_enable is set to YES.
snort is not running.

[New Thread 0x7ffff2802700 (LWP 14180)]
-- [3] ./pcaps/fuzz-2010-06-26-12232.pcap
++ [3] ./pcaps/fuzz-2010-06-27-1544.pcap
[Thread 0x7ffff2001700 (LWP 14178) exited]
[New Thread 0x7ffff2001700 (LWP 14181)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff3003700 (LWP 14176)]
0x000000000075e8a8 in DCE2_CoSetRopts (sd=0x38760b78, cot=0x38760bd8, co_hdr=0x3db1a010, p=0x7fffede20c40) at /root/sources/snort3/src/service_inspectors/dce_rpc/dce_co.cc:298
298	    endianness->hdr_byte_order = DceRpcCoByteOrder(co_hdr);
#0  0x000000000075e8a8 in DCE2_CoSetRopts (sd=0x38760b78, cot=0x38760bd8, co_hdr=0x3db1a010, p=0x7fffede20c40) at /root/sources/snort3/src/service_inspectors/dce_rpc/dce_co.cc:298
#1  0x0000000000760720 in DCE2_CoRequest (sd=0x38760b78, cot=0x38760bd8, co_hdr=0x3db1a010, frag_ptr=0x3db1a028 "\001", frag_len=132) at /root/sources/snort3/src/service_inspectors/dce_rpc/dce_co.cc:1529
#2  0x0000000000760e24 in DCE2_CoDecode (sd=0x38760b78, cot=0x38760bd8, frag_ptr=0x3db1a020 "\204", frag_len=140) at /root/sources/snort3/src/service_inspectors/dce_rpc/dce_co.cc:1816
#3  0x000000000076199e in DCE2_CoProcess (sd=0x38760b78, cot=0x38760bd8, data_ptr=0x3db1a0ac "\005", data_len=156) at /root/sources/snort3/src/service_inspectors/dce_rpc/dce_co.cc:2301
#4  0x0000000000775124 in Dce2Tcp::eval (this=0x5cf66d0, p=0x7fffede20b50) at /root/sources/snort3/src/service_inspectors/dce_rpc/dce_tcp.cc:170
#5  0x00000000005d9e4a in snort::InspectorManager::full_inspection (p=0x7fffede20b50) at /root/sources/snort3/src/managers/inspector_manager.cc:944
#6  0x00000000005da08a in snort::InspectorManager::execute (p=0x7fffede20b50) at /root/sources/snort3/src/managers/inspector_manager.cc:1006
#7  0x000000000052f497 in snort::DetectionEngine::inspect (p=0x7fffede20b50) at /root/sources/snort3/src/detection/detection_engine.cc:403
#8  0x00000000005c75b2 in snort::Snort::inspect (p=0x7fffede20b50) at /root/sources/snort3/src/main/snort.cc:868
#9  0x00000000006594cd in TcpReassembler::_flush_to_seq (this=0x135c458 <TcpReassemblerFactory::create(StreamPolicy)::bsd>, trs=..., bytes=312, p=0x7fffede20c40, pkt_flags=128) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:563
#10 0x00000000006597f4 in TcpReassembler::flush_to_seq (this=0x135c458 <TcpReassemblerFactory::create(StreamPolicy)::bsd>, trs=..., bytes=312, p=0x7fffede20c40, pkt_flags=128) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:623
#11 0x0000000000659d13 in TcpReassembler::flush_stream (this=0x135c458 <TcpReassemblerFactory::create(StreamPolicy)::bsd>, trs=..., p=0x7fffede20c40, dir=128, final_flush=true) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:742
#12 0x0000000000659d92 in TcpReassembler::final_flush (this=0x135c458 <TcpReassemblerFactory::create(StreamPolicy)::bsd>, trs=..., p=0x7fffede20c40, dir=128) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:754
#13 0x000000000065a08d in TcpReassembler::flush_queued_segments (this=0x135c458 <TcpReassemblerFactory::create(StreamPolicy)::bsd>, trs=..., flow=0x256c33b8, clear=true, p=0x7fffede20c40) at /root/sources/snort3/src/stream/tcp/tcp_reassembler.cc:808
#14 0x000000000065fc95 in TcpReassemblerPolicy::flush_queued_segments (this=0x7fffec7745d8, flow=0x256c33b8, clear=true, p=0x0) at /root/sources/snort3/src/stream/tcp/tcp_reassemblers.h:56
#15 0x000000000065cedc in TcpSession::clear_session (this=0x7fffec774310, free_flow_data=true, flush_segments=true, restart=false, p=0x0) at /root/sources/snort3/src/stream/tcp/tcp_session.cc:157
#16 0x000000000064f3fc in TcpStreamSession::cleanup (this=0x7fffec774310, p=0x0) at /root/sources/snort3/src/stream/libtcp/tcp_stream_session.cc:414
#17 0x000000000055ca07 in snort::Flow::reset (this=0x256c33b8, do_cleanup=true) at /root/sources/snort3/src/flow/flow.cc:138
#18 0x000000000055dd68 in FlowCache::release (this=0x38b37e90, flow=0x256c33b8, reason=IDLE, do_cleanup=true) at /root/sources/snort3/src/flow/flow_cache.cc:152
#19 0x000000000055e2ba in FlowCache::timeout (this=0x38b37e90, num_flows=1, thetime=1268520507) at /root/sources/snort3/src/flow/flow_cache.cc:318
#20 0x000000000055e9b7 in FlowControl::timeout_flows (this=0x7fffeed6d690, cur_time=1268520507) at /root/sources/snort3/src/flow/flow_control.cc:148
#21 0x0000000000643b1e in snort::Stream::timeout_flows (cur_time=1268520507) at /root/sources/snort3/src/stream/stream.cc:367
#22 0x00000000005c7b05 in snort::Snort::packet_callback (pkthdr=0x7ffff2fcc5e0, pkt=0x3dee3800 "\377\377\377\377\377\377") at /root/sources/snort3/src/main/snort.cc:1015
#23 0x000000000079f231 in pcap_process_loop (user=user@entry=0x7fffec1bb4a0 "", pkth=pkth@entry=0x7ffff2fcc690, data=0x3dee3800 "\377\377\377\377\377\377") at daq_pcap.c:376
#24 0x00007ffff759b0d1 in pcap_offline_read (p=0x3c6962c0, cnt=-1, callback=0x79f1a0 <pcap_process_loop>, user=0x7fffec1bb4a0 "") at ./savefile.c:506
#25 0x000000000079f35b in pcap_daq_acquire (handle=0x7fffec1bb4a0, cnt=0, callback=<optimized out>, metaback=<optimized out>, user=<optimized out>) at daq_pcap.c:394
#26 0x00000000005fdcd9 in snort::SFDAQInstance::acquire (this=0x969d2a0, max=0, callback=0x5c791c <snort::Snort::packet_callback(void*, _daq_pkthdr const*, unsigned char const*)>) at /root/sources/snort3/src/packet_io/sfdaq.cc:570
#27 0x00000000005b157a in Analyzer::analyze (this=0x5e62370) at /root/sources/snort3/src/main/analyzer.cc:161
#28 0x00000000005b136e in Analyzer::operator() (this=0x5e62370, ps=0xcf02610, run_num=413) at /root/sources/snort3/src/main/analyzer.cc:99
#29 0x000000000052954e in std::__invoke<Analyzer<Swapper*, unsigned short> > (__f=...) at /usr/include/c++/4.8.2/functional:234
#30 0x00000000005294ed in std::reference_wrapper<Analyzer>::operator()<Swapper*, unsigned short>(Swapper*&&, unsigned short&&) const (this=0x35287670) at /usr/include/c++/4.8.2/functional:467
#31 0x0000000000529451 in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) (this=0x35287660) at /usr/include/c++/4.8.2/functional:1732
#32 0x0000000000529309 in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::operator()() (this=0x35287660) at /usr/include/c++/4.8.2/functional:1720
#33 0x00000000005292a2 in std::thread::_Impl<std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)> >::_M_run() (this=0x35287648) at /usr/include/c++/4.8.2/thread:115
#34 0x00007ffff528b070 in ?? () from /lib64/libstdc++.so.6
#35 0x00007ffff6b42e25 in start_thread () from /lib64/libpthread.so.0
#36 0x00007ffff49efbad in clone () from /lib64/libc.so.6

alert tcp any any -> any 8080 ( msg:"test rule a"; flow:to_server,established; content:"attack",fast_pattern,nocase; sid:10000001; rev:1; )
alert tcp any any -> any 8080 ( msg:"test rule b"; flow:to_server,established; http_uri; content:"attack",fast_pattern,nocase; sid:10000002; rev:1; )

curl http://192.168.1.134:8080/attack

04/12-05:56:46.760940 [**] [1:10000001:1] "test rule a" [**] [Priority: 0] {TCP} 192.168.1.192:37664 -> 192.168.1.134:8080

-------------------------------------------------------
snort version 3.0.0

Install options:
    prefix:     /usr/local
    includes:   /usr/local/include/snort
    plugins:    /usr/local/lib64/snort

Compiler options:
    CC:             /usr/bin/cc
    CXX:            /usr/bin/c++
    CFLAGS:            -fvisibility=hidden   -DNDEBUG -g -ggdb   
    CXXFLAGS:          -fvisibility=hidden   -DNDEBUG -g -ggdb   
    EXE_LDFLAGS:        
    MODULE_LDFLAGS:     

Feature options:
    Flatbuffers:    ON
    Hyperscan:      ON
    ICONV:          ON
    LZMA:           ON
    RPC DB:         TIRPC
    SafeC:          ON
    TCMalloc:       OFF
    UUID:           ON
-------------------------------------------------------

--------------------------------------------------
module profile (all, depth 255, sorted by total_time)
#                      module layer    checks   time(us)  avg/check  %/caller  %/total
=                      ====== =====    ======   ========  =========  ========  =======
 1                       nbar     1  20038569 1547848619         77     77.67    77.67
 2                     detect     1  21513061  254274062         11     12.76    12.76
  1                      mpse     2  20553195  226242569         11     88.98    11.35
  2            rebuilt_packet     2   1480345   85018190         57     33.44     4.27
  3                 rule_eval     2    388994    1262055          3      0.50     0.06
   1           rule_tree_eval     3    388994    1225399          3     97.10     0.06
   2                 rtn_eval     3     12705       1854          0      0.15     0.00
 3                 stream_tcp     1  13772418  114960452          8      5.77     5.77
 4                     decode     1  21889147   30689750          1      1.54     1.54
 5                      appid     1  20064613   21948186          1      1.10     1.10
 6                     stream     1  20064613   15639294          0      0.78     0.78
 7                 stream_udp     1   6161209   12539375          2      0.63     0.63
 8                     wizard     1   6325084   11723558          1      0.59     0.59
 9               http_inspect     1   2234098   11257254          5      0.56     0.56
 10                 port_scan     1  20685033   11256212          0      0.56     0.56
 11                    eventq     1  25145567    4940710          0      0.25     0.25
 12                normalizer     1  20064545    4611448          0      0.23     0.23
 13              perf_monitor     1  22184860    4253430          0      0.21     0.21
 14                    binder     1    355148    1852117          5      0.09     0.09
 15              dce_smb_main     1    163030     967648          5      0.05     0.05
  1           dce_smb_session     2    162520      12376          0      1.28     0.00
   1      dce_smb_new_session     3      2040       2604          1     21.04     0.00
  2            dce_smb_detect     2    162520       7480          0      0.77     0.00
  3           dce_smb_request     2      8670       1697          0      0.18     0.00
  4         dce_smb_negotiate     2      1564        721          0      0.07     0.00
  5               dce_smb_fid     2      3706        327          0      0.03     0.00
  6               dce_smb_tid     2      1428        105          0      0.01     0.00
  7               dce_smb_uid     2       884         71          0      0.01     0.00
 16              dce_tcp_main     1     66224     600452          9      0.03     0.03
  1           dce_tcp_session     2     66156       6937          0      1.16     0.00
   1      dce_tcp_new_session     3      3170       2279          0     32.85     0.00
  2            dce_tcp_detect     2     66156       3508          0      0.58     0.00
  3        dce_tcp_co_context     2     64150       3453          0      0.58     0.00
 17                       sip     1     57293     573831         10      0.03     0.03
 18              back_orifice     1   5324197     379004          0      0.02     0.02
 19                   content     1    529632     310350          0      0.02     0.02
 20                       ssl     1    553109     251325          0      0.01     0.01
 21                       dns     1    146496     112625          0      0.01     0.01
 22                      pcre     1     59024      45529          0      0.00     0.00
 23                      flow     1    346714      30177          0      0.00     0.00
 24            http_stat_code     1     87050      14291          0      0.00     0.00
 25                 stream_ip     1      4726      12555          2      0.00     0.00
  1                      frag     2       136       2438         17     19.43     0.00
   1              frag_insert     3        68         87          1      3.58     0.00
 26                    telnet     1     83946       9263          0      0.00     0.00
 27                 arp_spoof     1     19482       8643          0      0.00     0.00
 28              http_raw_uri     1     22260       5711          0      0.00     0.00
 29                 bufferlen     1     22260       3972          0      0.00     0.00
 30                       pop     1       374       1681          4      0.00     0.00
 31                     dsize     1      9648       1474          0      0.00     0.00
 32                 file_data     1     16152       1460          0      0.00     0.00
 33                  http_uri     1      6403       1269          0      0.00     0.00
 34                  pkt_data     1      7097        699          0      0.00     0.00
 35               http_method     1      1112        369          0      0.00     0.00
 36                 byte_test     1      1020        362          0      0.00     0.00
 37                  flowbits     1      1360        283          0      0.00     0.00
 38                 byte_jump     1       578        155          0      0.00     0.00
 39              byte_extract     1       204         54          0      0.00     0.00
 40               http_header     1       170         53          0      0.00     0.00
 41          http_client_body     1        34          9          0      0.00     0.00
--                      total    --  21889079 1992818706         91        --       --
--------------------------------------------------
memory profile (all, depth 255, sorted by total_used)
#                  module layer allocs   used (kb) avg/allocation  %/caller  %/total
=                  ====== ===== ======   ========= ==============  ========  =======
 1           http_inspect     16197471 11717343.71         1936.0     68.98    68.98
 2             stream_tcp     112117487  4108767.90          347.2     24.19    24.19
 3                  appid     13892547   491214.19          129.2      2.89     2.89
 4                 wizard     110421254   286126.56           28.1      1.68     1.68
 5                 stream     1 652615   202417.21          317.6      1.19     1.19
 6                 detect     1 249046    65067.07          267.5      0.38     0.38
  1        rebuilt_packet     2  95590     7278.59           78.0     11.19     0.04
 7              port_scan     1 225924    51185.91          232.0      0.30     0.30
 8                   nbar     1 327130    20445.62           64.0      0.12     0.12
 9           dce_smb_main     1 325448    15263.34           48.0      0.09     0.09
  1       dce_smb_request     2    204       17.00           85.3      0.11     0.00
  2           dce_smb_uid     2     68        4.78           72.0      0.03     0.00
 10                   sip     1 243354    12588.12           53.0      0.07     0.07
 11          dce_tcp_main     1 158584     7560.55           48.8      0.04     0.04
 12                binder     1 111662     5288.56           48.5      0.03     0.03
 13                   pop     1    340     2303.23         6936.8      0.01     0.01
 14                   ssl     1  26249     1640.56           64.0      0.01     0.01
 15                  pcre     1  59024     1383.38           24.0      0.01     0.01
 16              flowbits     1    340       11.29           34.0      0.00     0.00
--                  total    --35019566 16987457.23          496.7        --       --
--------------------------------------------------

latency =
{
    packet = { max_time = 10500 },
    rule = { max_time = 20000 },
}

-- use these to capture perf data for analysis and tuning
--profiler = { }
-- perf_monitor = { modules = {}, base = true,cpu = true,flow = true, flow_ip = true, packets = 10000, seconds = 60,summary =true, output = console }

file_id =
{
    enable_type = true,
    enable_signature = true,
    file_rules = file_magic,
    enable_capture = true,
    type_depth = 104857600,
    signature_depth = 104857600,
    capture_max_size = 104857600,
    trace_type = true,
    trace_signature = true,
    file_policy =
    {
        -- http://10.50.8.202/pkgs/virus/avast_free_antivirus_setup_online.exe
        { when = {sha256 = "7ea883d91f36d26166751e05d734571a561312fbd078068787ad3efac2bcb0e6"}, use = {verdict = 'reset' } },
        -- http://10.50.8.202/pkgs/virus/EICAR.COM
        { when = {sha256 = "131f95c51cc819465fa1797f6ccacf9d494aaaff46fa3eac73ae63ffbdfd8267"}, use = {verdict = 'reset' } }
    },
}

    file_id = {
        enable_type = true,
        enable_signature = true,
        file_rules = file_magic,
        enable_capture = true,
        type_depth = 104857600,
        signature_depth = 104857600,
        capture_max_size = 104857600,
        trace_type = true,
        trace_signature = true,
        file_policy =
        {
            { when = {sha256 = "7ea883d91f36d26166751e05d734571a561312fbd078068787ad3efac2bcb0e6"}, use = {verdict = 'reset'  } }
        }
    }

--2016-10-27 17:04:06--  http://10.50.8.202/pkgs/UTM/virus/avast_free_antivirus_setup_online.exe
Connecting to 10.50.8.202:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5006864 (4.8M) [application/octet-stream]
Saving to: “avast_free_antivirus_setup_online.exe”

99% [==================================================================================================================================================================================================> ] 5,006,096   2.30M/s   in 2.1s

2016-10-27 17:04:08 (2.30 MB/s) - Read error at byte 5006096/5006864 (Connection timed out). Retrying.

--2016-10-27 17:04:09--  (try: 2)  http://10.50.8.202/pkgs/UTM/virus/avast_free_antivirus_setup_online.exe
Connecting to 10.50.8.202:80... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 5006864 (4.8M), 768 remaining [application/octet-stream]
Saving to: “avast_free_antivirus_setup_online.exe”

100%[+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++>] 5,006,864   --.-K/s   in 0s

2016-10-27 17:04:09 (106 MB/s) - “avast_free_antivirus_setup_online.exe” saved [5006864/5006864]

- git clone 

- cd snort3

- autoreconf -isvf

- ./configure

- make 

make[3]: Entering directory `/home/sashank/snort3/src/packet_io'
  CXX      active.o
  CXX      sfdaq.o
sfdaq.cc: In member function ‘int SFDAQInstance::add_expected(const Packet*, const SfIp*, uint16_t, const SfIp*, uint16_t, IpProtocol, unsigned int, unsigned int)’:
sfdaq.cc:551:5: error: ‘DAQ_Data_Channel_Params_t’ was not declared in this scope
     DAQ_Data_Channel_Params_t daq_params;
     ^
sfdaq.cc:554:12: error: ‘DAQ_DP_key_t’ has no member named ‘src_af’
     dp_key.src_af = cliIP->get_family();
            ^
sfdaq.cc:561:12: error: ‘DAQ_DP_key_t’ has no member named ‘dst_af’
     dp_key.dst_af = srvIP->get_family();
            ^
sfdaq.cc:586:13: error: ‘daq_params’ was not declared in this scope
     memset(&daq_params, 0, sizeof(daq_params));
             ^
make[3]: *** [sfdaq.o] Error 1
make[3]: Leaving directory `/home/sashank/snort3/src/packet_io'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/sashank/snort3/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/sashank/snort3'
make: *** [all] Error 2

[Thread 0x7ffff2001700 (LWP 16068) exited]
-- [2] ./pcaps/fuzz-2014-04-11-8332.pcap
++ [2] ./pcaps/fuzz-2014-04-20-7766.pcap
[New Thread 0x7ffff2001700 (LWP 16076)]
ERROR: Unable to find a Codec with data link type 113

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff3003700 (LWP 16075)]
0x000000000055ba7a in snort::vlan::VlanTagHdr::vid (this=0x0) at /root/sources/snort3/src/protocols/vlan.h:41
41	    { return ntohs(vth_pri_cfi_vlan) & 0x0FFF; }
#0  0x000000000055ba7a in snort::vlan::VlanTagHdr::vid (this=0x0) at /root/sources/snort3/src/protocols/vlan.h:41
#1  0x000000000055ea67 in FlowControl::set_key (this=0x7fffef2950f0, key=0x7ffff2fcc3c0, p=0x7fffef5281f0) at /root/sources/snort3/src/flow/flow_control.cc:177
#2  0x000000000055f418 in FlowControl::process (this=0x7fffef2950f0, type=TCP, p=0x7fffef5281f0) at /root/sources/snort3/src/flow/flow_control.cc:365
#3  0x0000000000645b51 in StreamBase::eval (this=0x205c910, p=0x7fffef5281f0) at /root/sources/snort3/src/stream/base/stream_base.cc:244
#4  0x00000000005d9c8f in execute (p=0x7fffef5281f0, prep=0x5e4b570, num=1) at /root/sources/snort3/src/managers/inspector_manager.cc:912
#5  0x00000000005d9ea0 in snort::InspectorManager::execute (p=0x7fffef5281f0) at /root/sources/snort3/src/managers/inspector_manager.cc:963
#6  0x000000000052f497 in snort::DetectionEngine::inspect (p=0x7fffef5281f0) at /root/sources/snort3/src/detection/detection_engine.cc:403
#7  0x00000000005c76d9 in snort::Snort::process_packet (p=0x7fffef5281f0, pkthdr=0x7ffff2fcc5e0, pkt=0x2a05e01c "", is_frag=false) at /root/sources/snort3/src/main/snort.cc:892
#8  0x00000000005c7a3e in snort::Snort::packet_callback (pkthdr=0x7ffff2fcc5e0, pkt=0x2a05e01c "") at /root/sources/snort3/src/main/snort.cc:996
#9  0x000000000079f231 in pcap_process_loop (user=user@entry=0x1e4be00 "", pkth=pkth@entry=0x7ffff2fcc690, data=0x2a05e01c "") at daq_pcap.c:376
#10 0x00007ffff759b0d1 in pcap_offline_read (p=0x2a1a62c0, cnt=-1, callback=0x79f1a0 <pcap_process_loop>, user=0x1e4be00 "") at ./savefile.c:506
#11 0x000000000079f35b in pcap_daq_acquire (handle=0x1e4be00, cnt=0, callback=<optimized out>, metaback=<optimized out>, user=<optimized out>) at daq_pcap.c:394
#12 0x00000000005fdcd9 in snort::SFDAQInstance::acquire (this=0x2a16ca30, max=0, callback=0x5c791c <snort::Snort::packet_callback(void*, _daq_pkthdr const*, unsigned char const*)>) at /root/sources/snort3/src/packet_io/sfdaq.cc:570
#13 0x00000000005b157a in Analyzer::analyze (this=0x5e4a130) at /root/sources/snort3/src/main/analyzer.cc:161
#14 0x00000000005b136e in Analyzer::operator() (this=0x5e4a130, ps=0xcb5b1b0, run_num=1429) at /root/sources/snort3/src/main/analyzer.cc:99
#15 0x000000000052954e in std::__invoke<Analyzer<Swapper*, unsigned short> > (__f=...) at /usr/include/c++/4.8.2/functional:234
#16 0x00000000005294ed in std::reference_wrapper<Analyzer>::operator()<Swapper*, unsigned short>(Swapper*&&, unsigned short&&) const (this=0x7fffec112950) at /usr/include/c++/4.8.2/functional:467
#17 0x0000000000529451 in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) (this=0x7fffec112940) at /usr/include/c++/4.8.2/functional:1732
#18 0x0000000000529309 in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::operator()() (this=0x7fffec112940) at /usr/include/c++/4.8.2/functional:1720
#19 0x00000000005292a2 in std::thread::_Impl<std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)> >::_M_run() (this=0x7fffec112928) at /usr/include/c++/4.8.2/thread:115
#20 0x00007ffff528b070 in ?? () from /lib64/libstdc++.so.6
#21 0x00007ffff6b42e25 in start_thread () from /lib64/libpthread.so.0
#22 0x00007ffff49efbad in clone () from /lib64/libc.so.6

/root/sources/snort3/src/utils/util_utf.cc:359: undefined reference to `libiconv_open'
/root/sources/snort3/src/utils/util_utf.cc:364: undefined reference to `libiconv'
/root/sources/snort3/src/utils/util_utf.cc:367: undefined reference to `libiconv_close'
/root/sources/snort3/src/utils/util_utf.cc:374: undefined reference to `libiconv_close'
c++: error: linker command failed with exit code 1 (use -v to see invocation)
--- src/snort ---
*** [src/snort] Error code 1
make[2]: stopped in /root/sources/snort3/build
1 error
make[2]: stopped in /root/sources/snort3/build
--- src/CMakeFiles/snort.dir/all ---
*** [src/CMakeFiles/snort.dir/all] Error code 2
make[1]: stopped in /root/sources/snort3/build
1 error
make[1]: stopped in /root/sources/snort3/build
*** [all] Error code 2
make: stopped in /root/sources/snort3/build
1 error
make: stopped in /root/sources/snort3/build

			/* Not a separator character or whitespace */
			if (j == strlen(sep_chars))
				break;
		}
		
		And then, i++
		line: 190
		for (i = 0; i < strlen(str); i++)
		
		mSplit ignored the 'escaped' character's function, 
		And treat the 'escaped' character as a normal character.

Loading /usr/local/snort/etc/snort/snort.lua:
FATAL: can't load /usr/local/snort/etc/snort/snort.lua: /usr/local/snort/etc/snort/snort.lua:209: '}' expected (to close '{' at line 197) near 'rules'
Fatal Error, Quitting..

ips =
{
	mode = tap,

	-- use this to enable decoder and inspector alerts
	enable_builtin_rules = true,

	-- use include for rules files; be sure to set your path
	-- note that rules files can include other rules files

-- THIS PARAMETER IS FROM DEFAULT INSTALLATION - FOR WHAT IS IT?
	-- include = 'snort3_community.rules'

	-- The following include syntax is only valid for BUILD_243 (13-FEB-2018) and later
	-- RULE_PATH is typically set in snort_defaults.lua
    rules = [[

-- THIS PARAMETER HAS BEEN ADD MANUALLY BY ME 
	include $RULE_PATH/snort3-community.rules

        include $RULE_PATH/snort3-app-detect.rules
        include $RULE_PATH/snort3-browser-chrome.rules
        include $RULE_PATH/snort3-browser-firefox.rules
        include $RULE_PATH/snort3-browser-ie.rules
        include $RULE_PATH/snort3-browser-other.rules
        include $RULE_PATH/snort3-browser-plugins.rules

70018: mmap(0x0,32768,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34373668864 (0x800d49000)
70018: issetugid()                               = 0 (0x0)
70018: lstat("/etc",{ mode=drwxr-xr-x ,inode=22,size=107,blksize=7168 }) = 0 (0x0)
70018: lstat("/etc/libmap.conf",{ mode=-rw-r--r-- ,inode=13727,size=109,blksize=4096 }) = 0 (0x0)
70018: openat(AT_FDCWD,"/etc/libmap.conf",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
70018: fstat(3,{ mode=-rw-r--r-- ,inode=13727,size=109,blksize=4096 }) = 0 (0x0)
70018: mmap(0x0,109,PROT_READ,MAP_PRIVATE,3,0x0) = 34373701632 (0x800d51000)
70018: close(3)                                  = 0 (0x0)
70018: lstat("/usr",{ mode=drwxr-xr-x ,inode=26,size=15,blksize=4096 }) = 0 (0x0)
70018: lstat("/usr/local",{ mode=drwxr-xr-x ,inode=217,size=11,blksize=4096 }) = 0 (0x0)
70018: lstat("/usr/local/etc",{ mode=drwxr-xr-x ,inode=98327,size=7,blksize=131072 }) = 0 (0x0)
70018: lstat("/usr/local/etc/libmap.d",0x7fffffffc6b8) ERR#2 'No such file or directory'
70018: munmap(0x800d51000,109)                   = 0 (0x0)
70018: openat(AT_FDCWD,"/var/run/ld-elf.so.hints",O_RDONLY|O_CLOEXEC,00) = 3 (0x3)
70018: read(3,"Ehnt\^A\0\0\0\M^@\0\0\0-\0\0\0\0"...,128) = 128 (0x80)
70018: fstat(3,{ mode=-r--r--r-- ,inode=99504,size=173,blksize=4096 }) = 0 (0x0)
70018: lseek(3,0x80,SEEK_SET)                    = 128 (0x80)
70018: read(3,"/lib:/usr/lib:/usr/lib/compat:/u"...,45) = 45 (0x2d)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libpcre.so.1",F_OK)          ERR#2 'No such file or directory'
70018: access("/usr/lib/libpcre.so.1",F_OK)      ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libpcre.so.1",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libpcre.so.1",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libpcre.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-rwxr-xr-x ,inode=98624,size=503168,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2600960,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34375770112 (0x800f4a000)
70018: mmap(0x800f4a000,503808,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34375770112 (0x800f4a000)
70018: mmap(0x8011c4000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x7a000) = 34378366976 (0x8011c4000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libcrypto.so.8",F_OK)        = 0 (0x0)
70018: openat(AT_FDCWD,"/lib/libcrypto.so.8",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=153,size=2517704,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,4624384,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE|MAP_ALIGNED_SUPER,-1,0x0) = 34378612736 (0x801200000)
70018: mmap(0x801200000,2351104,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34378612736 (0x801200000)
70018: mmap(0x80163d000,172032,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x23d000) = 34383056896 (0x80163d000)
70018: mmap(0x801667000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34383228928 (0x801667000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libluajit-5.1.so.2",F_OK)    ERR#2 'No such file or directory'
70018: access("/usr/lib/libluajit-5.1.so.2",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libluajit-5.1.so.2",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libluajit-5.1.so.2",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libluajit-5.1.so.2",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-rwxr-xr-x ,inode=98833,size=525344,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2621440,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34383237120 (0x801669000)
70018: mmap(0x801669000,516096,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34383237120 (0x801669000)
70018: mmap(0x8018e7000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x7e000) = 34385850368 (0x8018e7000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libhwloc.so.5",F_OK)         ERR#2 'No such file or directory'
70018: access("/usr/lib/libhwloc.so.5",F_OK)     ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libhwloc.so.5",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libhwloc.so.5",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libhwloc.so.5",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-rwxr-xr-x ,inode=98971,size=194288,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2289664,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34385858560 (0x8018e9000)
70018: mmap(0x8018e9000,188416,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34385858560 (0x8018e9000)
70018: mmap(0x801b17000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x2e000) = 34388144128 (0x801b17000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libdnet.so.1",F_OK)          ERR#2 'No such file or directory'
70018: access("/usr/lib/libdnet.so.1",F_OK)      ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libdnet.so.1",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libdnet.so.1",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libdnet.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-rwxr-xr-x ,inode=98427,size=73766,blksize=74240 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2162688,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34388148224 (0x801b18000)
70018: mmap(0x801b18000,57344,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34388148224 (0x801b18000)
70018: mmap(0x801d26000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xe000) = 34390302720 (0x801d26000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libpcap.so.1",F_OK)          ERR#2 'No such file or directory'
70018: access("/usr/lib/libpcap.so.1",F_OK)      ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libpcap.so.1",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libpcap.so.1",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libpcap.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r-xr-xr-x ,inode=98469,size=311656,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2408448,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34390310912 (0x801d28000)
70018: mmap(0x801d28000,303104,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34390310912 (0x801d28000)
70018: mmap(0x801f72000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x4a000) = 34392711168 (0x801f72000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libsfbpf.so.0",F_OK)         ERR#2 'No such file or directory'
70018: access("/usr/lib/libsfbpf.so.0",F_OK)     ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libsfbpf.so.0",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libsfbpf.so.0",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libsfbpf.so.0",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-rwxr-xr-x ,inode=98554,size=244712,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2342912,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34392719360 (0x801f74000)
70018: mmap(0x801f74000,241664,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34392719360 (0x801f74000)
70018: mmap(0x8021ae000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x3a000) = 34395054080 (0x8021ae000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libz.so.6",F_OK)             = 0 (0x0)
70018: openat(AT_FDCWD,"/lib/libz.so.6",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=142,size=102024,blksize=102400 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2199552,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34395062272 (0x8021b0000)
70018: mmap(0x8021b0000,98304,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34395062272 (0x8021b0000)
70018: mmap(0x8023c8000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x18000) = 34397257728 (0x8023c8000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/liblzma.so.5",F_OK)          ERR#2 'No such file or directory'
70018: access("/usr/lib/liblzma.so.5",F_OK)      = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/lib/liblzma.so.5",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=2984,size=168728,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2265088,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34397261824 (0x8023c9000)
70018: mmap(0x8023c9000,163840,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34397261824 (0x8023c9000)
70018: mmap(0x8025f1000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x28000) = 34399522816 (0x8025f1000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libc++.so.1",F_OK)           ERR#2 'No such file or directory'
70018: access("/usr/lib/libc++.so.1",F_OK)       = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/lib/libc++.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=2595,size=805824,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2912256,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34399526912 (0x8025f2000)
70018: mmap(0x8025f2000,782336,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34399526912 (0x8025f2000)
70018: mmap(0x8028b0000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xbe000) = 34402402304 (0x8028b0000)
70018: mmap(0x8028b7000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34402430976 (0x8028b7000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libcxxrt.so.1",F_OK)         = 0 (0x0)
70018: openat(AT_FDCWD,"/lib/libcxxrt.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=138,size=106232,blksize=106496 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2220032,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34402439168 (0x8028b9000)
70018: mmap(0x8028b9000,102400,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34402439168 (0x8028b9000)
70018: mmap(0x802ad1000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x18000) = 34404634624 (0x802ad1000)
70018: mmap(0x802ad3000,16384,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34404642816 (0x802ad3000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libm.so.5",F_OK)             = 0 (0x0)
70018: openat(AT_FDCWD,"/lib/libm.so.5",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=170,size=192576,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2273280,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34404659200 (0x802ad7000)
70018: mmap(0x802ad7000,172032,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34404659200 (0x802ad7000)
70018: mmap(0x802d01000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x2a000) = 34406928384 (0x802d01000)
70018: mmap(0x0,36864,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34373705728 (0x800d52000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libgcc_s.so.1",F_OK)         = 0 (0x0)
70018: openat(AT_FDCWD,"/lib/libgcc_s.so.1",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=169,size=58752,blksize=58880 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2154496,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34406932480 (0x802d02000)
70018: mmap(0x802d02000,57344,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34406932480 (0x802d02000)
70018: mmap(0x802f0f000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0xd000) = 34409082880 (0x802f0f000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libthr.so.3",F_OK)           = 0 (0x0)
70018: openat(AT_FDCWD,"/lib/libthr.so.3",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=143,size=120728,blksize=120832 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2260992,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34409086976 (0x802f10000)
70018: mmap(0x802f10000,110592,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34409086976 (0x802f10000)
70018: mmap(0x80312b000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x1b000) = 34411294720 (0x80312b000)
70018: mmap(0x80312c000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34411298816 (0x80312c000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libc.so.7",F_OK)             = 0 (0x0)
70018: openat(AT_FDCWD,"/lib/libc.so.7",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-r--r--r-- ,inode=171,size=1761320,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,3899392,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34411347968 (0x803138000)
70018: mmap(0x803138000,1646592,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34411347968 (0x803138000)
70018: mmap(0x8034ca000,49152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x192000) = 34415091712 (0x8034ca000)
70018: mmap(0x8034d6000,106496,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34415140864 (0x8034d6000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libpciaccess.so.0",F_OK)     ERR#2 'No such file or directory'
70018: access("/usr/lib/libpciaccess.so.0",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libpciaccess.so.0",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libpciaccess.so.0",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libpciaccess.so.0",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-rwxr-xr-x ,inode=98862,size=27840,blksize=28160 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,2125824,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34415247360 (0x8034f0000)
70018: mmap(0x8034f0000,24576,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34415247360 (0x8034f0000)
70018: mmap(0x8036f6000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x6000) = 34417369088 (0x8036f6000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: access("/lib/libxml2.so.2",F_OK)          ERR#2 'No such file or directory'
70018: access("/usr/lib/libxml2.so.2",F_OK)      ERR#2 'No such file or directory'
70018: access("/usr/lib/compat/libxml2.so.2",F_OK) ERR#2 'No such file or directory'
70018: access("/usr/local/lib/libxml2.so.2",F_OK) = 0 (0x0)
70018: openat(AT_FDCWD,"/usr/local/lib/libxml2.so.2",O_RDONLY|O_CLOEXEC|O_VERIFY,00) = 3 (0x3)
70018: fstat(3,{ mode=-rwxr-xr-x ,inode=98924,size=1655200,blksize=131072 }) = 0 (0x0)
70018: mmap(0x0,4096,PROT_READ,MAP_PRIVATE|MAP_PREFAULT_READ,3,0x0) = 34373701632 (0x800d51000)
70018: mmap(0x0,3756032,PROT_NONE,MAP_PRIVATE|MAP_ANON|MAP_NOCORE,-1,0x0) = 34417373184 (0x8036f7000)
70018: mmap(0x8036f7000,1609728,PROT_READ|PROT_EXEC,MAP_PRIVATE|MAP_FIXED|MAP_NOCORE|MAP_PREFAULT_READ,3,0x0) = 34417373184 (0x8036f7000)
70018: mmap(0x803a80000,45056,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_PREFAULT_READ,3,0x189000) = 34421080064 (0x803a80000)
70018: mmap(0x803a8b000,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_FIXED|MAP_ANON,-1,0x0) = 34421125120 (0x803a8b000)
70018: munmap(0x800d51000,4096)                  = 0 (0x0)
70018: close(3)                                  = 0 (0x0)
70018: munmap(0x800d57000,16384)                 = 0 (0x0)
70018: mmap(0x0,69632,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34373726208 (0x800d57000)
70018: munmap(0x800d62000,24576)                 = 0 (0x0)
70018: mmap(0x0,102400,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34373771264 (0x800d62000)
70018: munmap(0x800d76000,20480)                 = 0 (0x0)
70018: mmap(0x0,561152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34373853184 (0x800d76000)
70018: sysarch(AMD64_SET_FSBASE,0x7fffffffe078)  = 0 (0x0)
70018: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: readlink("/etc/malloc.conf",0x7fffffffd770,1024) ERR#2 'No such file or directory'
70018: issetugid()                               = 0 (0x0)
70018: __sysctl(0x7fffffffd610,0x2,0x7fffffffd660,0x7fffffffd658,0x803299c93,0xd) = 0 (0x0)
70018: __sysctl(0x7fffffffd660,0x2,0x7fffffffd724,0x7fffffffd718,0x0,0x0) = 0 (0x0)
70018: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34421129216 (0x803a8c000)
70018: munmap(0x803a8c000,2097152)               = 0 (0x0)
70018: mmap(0x0,4190208,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34421129216 (0x803a8c000)
70018: munmap(0x803a8c000,1523712)               = 0 (0x0)
70018: munmap(0x803e00000,569344)                = 0 (0x0)
70018: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGKILL|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: __sysctl(0x7fffffffdbc0,0x2,0x803137648,0x7fffffffdbc8,0x0,0x0) = 0 (0x0)
70018: getrlimit(RLIMIT_STACK,{ cur=536870912,max=536870912 }) = 0 (0x0)
70018: __sysctl(0x7fffffffdab0,0x2,0x7fffffffdb00,0x7fffffffdaf8,0x802f27408,0xd) = 0 (0x0)
70018: __sysctl(0x7fffffffdb00,0x3,0x803136c70,0x7fffffffdbc8,0x0,0x0) = 0 (0x0)
70018: mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34424750080 (0x803e00000)
70018: thr_self(0x803e18000)                     = 0 (0x0)
70018: mmap(0x7fffdfffe000,4096,PROT_NONE,MAP_ANON,-1,0x0) = 140736951476224 (0x7fffdfffe000)
70018: rtprio_thread(0x0,0x19717,0x7fffffffdb88) = 0 (0x0)
70018: sysarch(AMD64_SET_FSBASE,0x7fffffffdb88)  = 0 (0x0)
70018: sigaction(SIGTHR,{ 0x802f1dee0 SA_SIGINFO ss_t },0x0) = 0 (0x0)
70018: sigprocmask(SIG_UNBLOCK,{ },0x0)          = 0 (0x0)
70018: _umtx_op(0x7fffffffdb90,UMTX_OP_WAKE,0x1,0x0,0x0) = 0 (0x0)
70018: mprotect(0x0,0,PROT_NONE)                 = 0 (0x0)
70018: getpid()                                  = 70018 (0x11182)
70018: getpid()                                  = 70018 (0x11182)
70018: sigprocmask(SIG_BLOCK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: getcontext(0x7fffffffd7d0)                = 0 (0x0)
70018: fstat(1,{ mode=crw--w---- ,inode=285,size=0,blksize=4096 }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGTERM,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGINT,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGQUIT,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGUSR1,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGUSR2,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGHUP,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL 0x0 ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGURG,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGPIPE,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGABRT,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGSEGV,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ }) = 0 (0x0)
70018: sigaction(SIGBUS,{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t },{ SIG_DFL SA_RESTART ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ },0x0)          = 0 (0x0)
70018: __sysctl(0x7fffffffe478,0x2,0x7fffffffe480,0x7fffffffe488,0x0,0x0) = 0 (0x0)
70018: __sysctl(0x7fffffffded8,0x2,0x7fffffffdf30,0x7fffffffded0,0x0,0x0) = 0 (0x0)
70018: __sysctl(0x7fffffffded8,0x2,0x7fffffffe030,0x7fffffffded0,0x0,0x0) = 0 (0x0)
70018: __sysctl(0x7fffffffded8,0x2,0x7fffffffe330,0x7fffffffded0,0x0,0x0) = 0 (0x0)
70018: cpuset_getid(0x2,0x2,0xffffffffffffffff,0x7fffffffe40c) = 0 (0x0)
70018: cpuset_setid(0x2,0xffffffffffffffff,0x0)  ERR#3 'No such process'
70018: cpuset_getaffinity(0x3,0x1,0xffffffffffffffff,0x20,0x7fffffffe2a0) = 0 (0x0)
70018: cpuset_setaffinity(0x3,0x1,0xffffffffffffffff,0x20,0x7fffffffe2a0) = 0 (0x0)
70018: SIGNAL 11 (SIGSEGV)
70018: sigprocmask(SIG_SETMASK,{ SIGSEGV },0x0)  = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGHUP|SIGINT|SIGQUIT|SIGILL|SIGTRAP|SIGABRT|SIGEMT|SIGFPE|SIGKILL|SIGBUS|SIGSEGV|SIGSYS|SIGPIPE|SIGALRM|SIGTERM|SIGURG|SIGSTOP|SIGTSTP|SIGCONT|SIGCHLD|SIGTTIN|SIGTTOU|SIGIO|SIGXCPU|SIGXFSZ|SIGVTALRM|SIGPROF|SIGWINCH|SIGINFO|SIGUSR1|SIGUSR2 },{ SIGSEGV }) = 0 (0x0)
70018: sigaction(SIGSEGV,{ SIG_DFL SA_RESTART ss_t },{ 0x802f1dd90 SA_RESTART|SA_SIGINFO ss_t }) = 0 (0x0)
70018: sigprocmask(SIG_SETMASK,{ SIGSEGV },0x0)  = 0 (0x0)
70018: thr_self(0x7fffffffd990)                  = 0 (0x0)
70018: thr_kill(104215,SIGSEGV)                  = 0 (0x0)
70018: sigreturn(0x7fffffffd9e0)                 = 0 (0x0)
70018: SIGNAL 11 (SIGSEGV)
70018: process killed, signal = 11

APPID_PATH = '/usr/local/snort/appid'

appid =
{
    app_detector_dir = APPID_PATH,
    log_stats = true
}

# cat odp/version.conf 
VERSION=303

-- [2] ./pcaps/fuzz-2006-07-06-20811.pcap
++ [2] ./pcaps/fuzz-2006-07-09-13403.pcap
[Thread 0x7ffff2802700 (LWP 21563) exited]
[New Thread 0x7ffff2802700 (LWP 21567)]
#0  0x00007ffff647c1b0 in ?? () from /usr/local/lib/libluajit-5.1.so.2
#1  0x00007ffff647d861 in lua_rawgeti () from /usr/local/lib/libluajit-5.1.so.2
#2  0x00007ffff64b4e79 in luaL_unref () from /usr/local/lib/libluajit-5.1.so.2
#3  0x00000000006b26fe in free_detector_flow (userdata=0xcef81f0) at /root/sources/snort3/src/network_inspectors/appid/lua_detector_flow_api.cc:235
#4  0x0000000000673681 in snort::sflist_static_free_all (s=0x7ffff2ff0948, nfree=0x6b26bb <free_detector_flow(void*)>) at /root/sources/snort3/src/utils/sflsq.cc:294
#5  0x00000000006b3258 in LuaDetectorManager::~LuaDetectorManager (this=0x7fffef38d350, __in_chrg=<optimized out>) at /root/sources/snort3/src/network_inspectors/appid/lua_detector_module.cc:193
#6  0x00000000006b338b in LuaDetectorManager::terminate () at /root/sources/snort3/src/network_inspectors/appid/lua_detector_module.cc:219
#7  0x000000000069e7b3 in AppIdInspector::tterm (this=0x1ee1aa0) at /root/sources/snort3/src/network_inspectors/appid/appid_inspector.cc:172
#8  0x00000000005d9304 in snort::InspectorManager::thread_stop () at /root/sources/snort3/src/managers/inspector_manager.cc:664
#9  0x00000000005c742b in snort::Snort::thread_term () at /root/sources/snort3/src/main/snort.cc:824
#10 0x00000000005b1373 in Analyzer::operator() (this=0x15b63210, ps=0xfb0f480, run_num=7) at /root/sources/snort3/src/main/analyzer.cc:101
#11 0x000000000052954e in std::__invoke<Analyzer<Swapper*, unsigned short> > (__f=...) at /usr/include/c++/4.8.2/functional:234
#12 0x00000000005294ed in std::reference_wrapper<Analyzer>::operator()<Swapper*, unsigned short>(Swapper*&&, unsigned short&&) const (this=0x105544d0) at /usr/include/c++/4.8.2/functional:467
#13 0x0000000000529451 in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) (this=0x105544c0) at /usr/include/c++/4.8.2/functional:1732
#14 0x0000000000529309 in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::operator()() (this=0x105544c0) at /usr/include/c++/4.8.2/functional:1720
#15 0x00000000005292a2 in std::thread::_Impl<std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)> >::_M_run() (this=0x105544a8) at /usr/include/c++/4.8.2/thread:115
#16 0x00007ffff528b070 in ?? () from /lib64/libstdc++.so.6
#17 0x00007ffff6b42e25 in start_thread () from /lib64/libpthread.so.0
#18 0x00007ffff49efbad in clone () from /lib64/libc.so.6

In file included from /home/me/build/snort++/snort3/src/utils/dnet_header.h:44:0,
                 from /home/me/build/snort++/snort3/src/framework/parameter.cc:33:
/usr/local/include/dnet.h:22:23: fatal error: dnet/sctp.h: No such file or directory
compilation terminated.
[  6%] Building CXX object src/framework/CMakeFiles/framework.dir/mpse.cc.o
src/framework/CMakeFiles/framework.dir/build.make:182: recipe for target 'src/framework/CMakeFiles/framework.dir/parameter.cc.o' failed
make[2]: *** [src/framework/CMakeFiles/framework.dir/parameter.cc.o] Error 1
make[2]: *** Waiting for unfinished jobs....
In file included from /home/me/build/snort++/snort3/src/utils/dnet_header.h:44:0,
                 from /home/me/build/snort++/snort3/src/packet_io/active.cc:31:
/usr/local/include/dnet.h:22:23: fatal error: dnet/sctp.h: No such file or directory
compilation terminated.
src/packet_io/CMakeFiles/packet_io.dir/build.make:62: recipe for target 'src/packet_io/CMakeFiles/packet_io.dir/active.cc.o' failed
make[2]: *** [src/packet_io/CMakeFiles/packet_io.dir/active.cc.o] Error 1
CMakeFiles/Makefile2:1616: recipe for target 'src/packet_io/CMakeFiles/packet_io.dir/all' failed
make[1]: *** [src/packet_io/CMakeFiles/packet_io.dir/all] Error 2

Making all in appid
make[4]: Entering directory '/root/tools/snort3/src/network_inspectors/appid'
make[5]: Entering directory '/root/tools/snort3/src/network_inspectors/appid'
  CXX      service_plugins/service_ssl.o
service_plugins/service_ssl.cc: In function ‘bool parse_certificates(ServiceSSLData*)’:
service_plugins/service_ssl.cc:496:38: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
             char* start = strstr(cert->name, COMMON_NAME_STR);
                                      ^~
In file included from /usr/include/openssl/x509.h:20:0,
                 from service_plugins/service_ssl.cc:28:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^~~~~~~
service_plugins/service_ssl.cc:513:32: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
             start = strstr(cert->name, ORG_NAME_STR);
                                ^~
In file included from /usr/include/openssl/x509.h:20:0,
                 from service_plugins/service_ssl.cc:28:
/usr/include/openssl/ossl_typ.h:119:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^~~~~~~
make[5]: *** [Makefile:1017: service_plugins/service_ssl.o] Error 1
make[5]: Leaving directory '/root/tools/snort3/src/network_inspectors/appid'
make[4]: *** [Makefile:1053: all-recursive] Error 1
make[4]: Leaving directory '/root/tools/snort3/src/network_inspectors/appid'
make[3]: *** [Makefile:518: all-recursive] Error 1
make[3]: Leaving directory '/root/tools/snort3/src/network_inspectors'
make[2]: *** [Makefile:694: all-recursive] Error 1
make[2]: Leaving directory '/root/tools/snort3/src'
make[1]: *** [Makefile:520: all-recursive] Error 1
make[1]: Leaving directory '/root/tools/snort3'
make: *** [Makefile:429: all] Error 2

service_plugins/service_ssl.cc: In function ‘int parse_certificates(ServiceSSLData*)’:
service_plugins/service_ssl.cc:514:32: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
             start = strstr(cert->name, COMMON_NAME_STR);
                                ^
In file included from /usr/local/include/openssl/buffer.h:13:0,
                 from /usr/local/include/openssl/x509.h:22,
                 from service_plugins/service_ssl.cc:28:
/usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;
                ^
service_plugins/service_ssl.cc:530:32: error: invalid use of incomplete type ‘X509 {aka struct x509_st}’
             start = strstr(cert->name, ORG_NAME_STR);
                                ^
In file included from /usr/local/include/openssl/buffer.h:13:0,
                 from /usr/local/include/openssl/x509.h:22,
                 from service_plugins/service_ssl.cc:28:
/usr/local/include/openssl/ossl_typ.h:118:16: note: forward declaration of ‘X509 {aka struct x509_st}’
 typedef struct x509_st X509;

--------------------------------------------------
Appid dynamic stats:
http: flows: 1, clients: 0, users: 0, payloads 0, misc: 0, incompatible: 0, failed: 0
baidu: flows: 0, clients: 0, users: 0, payloads 1, misc: 0, incompatible: 0, failed: 0
app7171: flows: 9, clients: 0, users: 0, payloads 0, misc: 0, incompatible: 94099791939216, failed: 3209
app7172: flows: 94099792608848, clients: 2828, users: 1065353216, payloads 3209, misc: 0, incompatible: 0, failed: 94099791459536
app7173: flows: 337, clients: 94099792606672, users: 211, payloads 1065353216, misc: 337, incompatible: 0, failed: 0
app7174: flows: 94099792049968, clients: 709, users: 94099792605216, payloads 445, misc: 1065353216, incompatible: 709, failed: 0
...
--------------------------------------------------

for (unsigned i = 0; i < app_num; i++)
{
    AppIdDynamicPeg* pegs = &appid_dynamic_sum[i];
    if (pegs->all_zeros())
        continue;

    std::string app_name = AppIdPegCounts::appid_detectors_info[i];
    snort::LogMessage("%s: ", app_name.c_str());
    pegs->print();
}

	cd snort3
	git log | head
		commit a8a93c26ae70fa5abca8daf547e41b229ad033fe
		Author: Michael Altizer (mialtize) <[email protected]>
		Date:   Thu Jan 31 15:11:09 2019 -0500

		    Merge pull request #1483 in SNORT/snort3 from ~BBANTWAL/snort3:batching to master

		    Squashed commit of the following:

		    commit ecb607e1f70f760b545101a4dfa687f184aa2c36
		    Author: Jonathan McDowell <[email protected]>

	cd safeclib
	git log | head
		commit 8f68fa3021a30f4bae081d6a158e5b8514579b10
		Author: Reini Urban <[email protected]>
		Date:   Sun Dec 30 11:16:50 2018 +0100

		    Release v30122018 3.4.0

		    See ChangeLog

		commit 7f1bfd5839dffbb801cd471ec99e79d6fb1d2c87
		Author: Reini Urban <[email protected]>

	find /usr/local/lib64 /usr/local/include -type f | grep safec
		/usr/local/lib64/libsafec-3.4.la
		/usr/local/lib64/libsafec-3.4.so.3.0.4
		/usr/local/lib64/pkgconfig/safec-3.4.pc
		/usr/local/include/libsafec/safe_lib_errno.h
		/usr/local/include/libsafec/safe_lib.h
		/usr/local/include/libsafec/safe_config.h
		/usr/local/include/libsafec/safe_str_lib.h
		/usr/local/include/libsafec/safe_mem_lib.h
		/usr/local/include/libsafec/safe_types.h
		/usr/local/include/libsafec/safe_compile.h

	pkg-config --libs --cflags safec-3.4
		-I/usr/local/include/safec-3.4 -I/usr/local/lib64/safec-3.4/include -L/usr/local/lib64 -lsafec-3.4

	mkdir build
	cd    build
	cmake ..  \
	 -DENABLE_SAFEC=1 \
	 -DSAFEC_INCLUDE_DIR=/usr/local/include/libsafec \
	 -DSAFEC_LIBRARIES=/usr/local/lib64/libsafec-3.4.so \
	 ...

	Feature options:
	    Flatbuffers:    OFF
	    Hyperscan:      ON
	    ICONV:          ON
	    LZMA:           ON
	    RPC DB:         Built-in
	    SafeC:          OFF    <==================
	    TCMalloc:       OFF
	    UUID:           ON

	grep SAFE CMakeCache.txt
!!!		ENABLE_SAFEC:BOOL=1
		SAFEC_INCLUDE_DIR:PATH=/usr/local/include/libsafec
		SAFEC_LIBRARIES:FILEPATH=/usr/local/lib64/libsafec-3.4.so

	...
	if (HAVE_SAFEC AND SAFEC_ENABLED)
	    message("\
	    SafeC:          ON")
	else ()
	    message("\
	    SafeC:          OFF")
	endif ()
	...

	configure_cmake.sh (sh)  
        --disable-safec)
            append_cache_entry ENABLE_SAFEC             BOOL false
            ;;
        --enable-safec)
            append_cache_entry ENABLE_SAFEC             BOOL true

	CMakeLists.txt
-		if (HAVE_SAFEC AND SAFEC_ENABLED)
+		if (HAVE_SAFEC AND ENABLE_SAFEC)

	cmake .. \
	...

		Feature options:
		    Flatbuffers:    OFF
		    Hyperscan:      ON
		    ICONV:          ON
		    LZMA:           ON
		    RPC DB:         Built-in
		    SafeC:          ON      <===========
		    TCMalloc:       OFF
		    UUID:           ON

20d19
< 
169d167
< 

react tcp any any -> any any ( flow:to_server; msg:"test uri"; http_uri: path; content:"123"; sid:1; )
reject tcp any any -> any 80 (msg:"test2"; http_uri; content:"/test";sid:2;)

# /opt/snort3/bin/snort -c /etc/snort3/snort.lua --create-pidfile --warn-all --plugin-path=/opt/snort3/lib/snort_extra -v -z 1 -Lalert_full -Q -Anone
...
Loading /etc/snort3/snort.lua:
        binder
        stream_tcp
        normalizer
        search_engine
        reject
        react
        ips
        latency
        http_inspect
        stream_ip
        active
        daq
        stream
        alert_full
Finished /etc/snort3/snort.lua.
Loading rules:
Loading main.conf.rules:
Loading /etc/snort3/rules/test.rules:
Finished /etc/snort3/rules/test.rules.
Finished main.conf.rules.
Finished rules.

** caught reload-config signal
.. reloading configuration
Loading /etc/snort3/snort.lua:
        binder
        stream_tcp
        normalizer
        search_engine
        ips
        latency
        http_inspect
        stream_ip
        active
        daq
        stream
Finished /etc/snort3/snort.lua.
Loading rules:
Loading main.conf.rules:
Loading /etc/snort3/rules/test.rules:
ERROR: /etc/snort3/rules/test.rules:4 unconfigured rule action 'react'
ERROR: /etc/snort3/rules/test.rules:7 unconfigured rule action 'reject'
Finished /etc/snort3/rules/test.rules.
Finished main.conf.rules.
Finished rules.