COMMAND:ulimit -c unlimited; src/suricata -c suricata117.yaml -r /home/coz/downloads/dc17ctf-httpcookie-segv.pcap -l ./ -s /home/coz/downloads/current-all-blah.rules
STDERR:26/11/2009 -- 16:13:52 - (detect.c:221) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_OPENING_RULE_FILE(21)] - ERROR opening rule file netbios.rules. Check the path and perms.
26/11/2009 -- 16:13:52 - (detect.c:221) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_OPENING_RULE_FILE(21)] - ERROR opening rule file x11.rules. Check the path and perms.
26/11/2009 -- 16:14:45 - (app-layer-htp.c:136) <Error> (HTPHandleRequestData) -- [ERRCODE: SC_ALPARSER_ERR(36)] - Error in parsing HTTP client request: [1] [htp_request_generic.c] [132] Request field invalid: colon missing
26/11/2009 -- 16:14:45 - (app-layer-parser.c:817) <Error> (AppLayerParse) -- [ERRCODE: SC_ALPARSER_ERR(36)] - Error occured in parsing "http" app layer protocol, using network protocol 6, source IP address 10.31.5.3, destination IP address 10.31.1.2, src port 35480 and dst port 80
Segmentation fault (core dumped)

EXITVAL:139
STDOUT:Warning: Invalid global_log_level assigned by user.  Falling back on the default_log_level "Info"
Warning: Invalid global_log_format supplied by user or format length exceeded limit of "128" characters.  Falling back on default log_format "%t - (%f:%l) <%d> (%n) -- "
Warning: Output_interface not supplied by user.  Falling back on default_output_interface "Console"
Setting up console logging: log_level=info.
26/11/2009 -- 16:13:52 - (util-debug.c:1052) <Warning> (SCLogLoadConfig) -- [ERRCODE: SC_UNIMPLEMENTED(56)] - Ignoring unknown logging interface: file
Setting up syslog logging: log_level=(null), facility=local5.
26/11/2009 -- 16:13:52 - (suricata.c:563) <Info> (main) -- preallocating packets... packet size 90616
26/11/2009 -- 16:13:52 - (suricata.c:577) <Info> (main) -- preallocating packets... done: total memory 4530800
26/11/2009 -- 16:13:52 - (flow.c:373) <Info> (FlowInitConfig) -- initializing flow engine...
26/11/2009 -- 16:13:52 - (flow.c:413) <Info> (FlowInitConfig) -- allocated 3145728 bytes of memory for the flow hash... 65536 buckets of size 48
26/11/2009 -- 16:13:52 - (flow.c:427) <Info> (FlowInitConfig) -- preallocated 10000 flows of size 208
26/11/2009 -- 16:13:52 - (flow.c:429) <Info> (FlowInitConfig) -- flow memory usage: 3145728 bytes, maximum: 33554432
26/11/2009 -- 16:13:52 - (detect.c:294) <Info> (SigLoadSignatures) -- Loading rule file: netbios.rules
26/11/2009 -- 16:13:52 - (detect.c:294) <Info> (SigLoadSignatures) -- Loading rule file: x11.rules
26/11/2009 -- 16:13:52 - (detect.c:308) <Info> (SigLoadSignatures) -- Loading rule file: /home/coz/downloads/current-all-blah.rules
Unknown rule keyword 'http_header'.
DetectDepthSetup: Unknown previous keyword!
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous keyword!
Unknown rule keyword 'fragoffset'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
Unknown rule keyword 'tag'.
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectAddressMergeNot: complete IP space negated
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDepthSetup: Unknown previous keyword!
DetectAddressMergeNot: complete IP space negated
DetectAddressMergeNot: complete IP space negated
DetectAddressMergeNot: complete IP space negated
DetectAddressMergeNot: complete IP space negated
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
DetectDepthSetup: Unknown previous keyword!
DetectMsgSetup: w does not need to be escaped but is
DetectMsgSetup: x does not need to be escaped but is
DetectMsgSetup: x does not need to be escaped but is
DetectNocaseSetup: Unknown previous keyword! (type 10)
DetectWithinSetup: Unknown previous-previous keyword!
DetectMsgSetup: / does not need to be escaped but is
DetectDistanceSetup: Unknown previous keyword!
Unknown rule keyword 'tag'.
DetectDistanceSetup: Unknown previous-previous keyword!
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
Unknown rule keyword 'tag'.
DetectMsgSetup: / does not need to be escaped but is
DetectMsgSetup: / does not need to be escaped but is
Unknown rule keyword 'tag'.
DetectDistanceSetup: Unknown previous keyword!
Unknown rule keyword 'urilen'.
Unknown rule keyword 'urilen'.
DetectAddressMergeNot: complete IP space negated
DetectNocaseSetup: Unknown previous keyword! (type 10)
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectNocaseSetup: Unknown previous keyword! (type 10)
DetectNocaseSetup: Unknown previous keyword! (type 10)
DetectMsgSetup: ' does not need to be escaped but is
DetectMsgSetup: ' does not need to be escaped but is
DetectMsgSetup: ' does not need to be escaped but is
DetectMsgSetup: ' does not need to be escaped but is
DetectMsgSetup: ' does not need to be escaped but is
DetectMsgSetup: ' does not need to be escaped but is
DetectOffsetSetup: Unknown previous keyword!
DetectDepthSetup: Unknown previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'asn1'.
Unknown rule keyword 'asn1'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous keyword!
DetectWithinSetup: Unknown previous keyword!
DetectWithinSetup: Unknown previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'ftpbounce'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'icmp_id'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'dce_iface'.
Unknown rule keyword 'http_client_body'.
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectDistanceSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
Unknown rule keyword 'http_method'.
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
DetectDistanceSetup: Unknown previous keyword!
26/11/2009 -- 16:13:55 - (detect-fast-pattern.c:67) <Warning> (DetectFastPatternSetup) -- [ERRCODE: UNKNOWN_ERROR(19)] - fast_pattern found inside the rule, without a content context.  Please use a content keyword before using fast pattern
DetectDistanceSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectWithinSetup: Unknown previous-previous keyword!
DetectDepthSetup: Unknown previous keyword!
Unknown rule keyword 'http_header'.
DetectWithinSetup: Unknown previous-previous keyword!
26/11/2009 -- 16:13:55 - (detect.c:242) <Info> (DetectLoadSigFile) -- 12586 successfully loaded from file /home/coz/downloads/current-all-blah.rules. 1930 sigs failed to load
26/11/2009 -- 16:13:55 - (detect.c:323) <Info> (SigLoadSignatures) -- 12586 rules loaded from 3 files.
26/11/2009 -- 16:13:55 - (detect-engine-sigorder.c:787) <Info> (SCSigOrderSignatures) -- ordering signatures in memory
SCSigOrderSignatures: Total Signatures to be processed by thesigordering module: 12614
26/11/2009 -- 16:14:03 - (detect-engine-sigorder.c:828) <Info> (SCSigOrderSignatures) -- total signatures reordered by the sigordering module: 12614
26/11/2009 -- 16:14:03 - (detect.c:1042) <Info> (SigAddressPrepareStage1) -- 12614 signatures processed. 0 are IP-only rules, 12443 are inspecting packet payload, 1 inspect application layer
26/11/2009 -- 16:14:03 - (detect.c:1044) <Info> (SigAddressPrepareStage1) -- building signature grouping structure, stage 1: adding signatures to signature source addresses... done
26/11/2009 -- 16:14:03 - (detect.c:1643) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address lists...
26/11/2009 -- 16:14:04 - (detect-engine-iponly.c:237) <Info> (IPOnlyPrint) -- IP ONLY (SRC): 0 /16's in our hash, 0 total address ranges
26/11/2009 -- 16:14:04 - (detect-engine-iponly.c:239) <Info> (IPOnlyPrint) -- IP ONLY (DST): 0 /16's in our hash, 0 total address ranges
26/11/2009 -- 16:14:04 - (detect.c:1714) <Info> (SigAddressPrepareStage2) -- 12614 total signatures:
26/11/2009 -- 16:14:04 - (detect.c:1715) <Info> (SigAddressPrepareStage2) -- 12585 in ipv4 small group, 12380 in rest
26/11/2009 -- 16:14:04 - (detect.c:1716) <Info> (SigAddressPrepareStage2) -- 12585 in ipv6 small group, 12380 in rest
26/11/2009 -- 16:14:04 - (detect.c:1717) <Info> (SigAddressPrepareStage2) -- 12585 in any small group,  12380 in rest
26/11/2009 -- 16:14:04 - (detect.c:1719) <Info> (SigAddressPrepareStage2) -- small: 10776 in ipv4 toserver group, 2449 in toclient
26/11/2009 -- 16:14:04 - (detect.c:1721) <Info> (SigAddressPrepareStage2) -- small: 10776 in ipv6 toserver group, 2449 in toclient
26/11/2009 -- 16:14:04 - (detect.c:1723) <Info> (SigAddressPrepareStage2) -- small: 10776 in any toserver group,  2449 in toclient
26/11/2009 -- 16:14:04 - (detect.c:1725) <Info> (SigAddressPrepareStage2) -- big: 10618 in ipv4 toserver group, 2342 in toclient
26/11/2009 -- 16:14:04 - (detect.c:1727) <Info> (SigAddressPrepareStage2) -- big: 10618 in ipv6 toserver group, 2342 in toclient
26/11/2009 -- 16:14:04 - (detect.c:1729) <Info> (SigAddressPrepareStage2) -- big: 10618 in any toserver group,  2342 in toclient
26/11/2009 -- 16:14:04 - (detect.c:1756) <Info> (SigAddressPrepareStage2) -- TCP Source address blocks:     any:    4, ipv4:   28, ipv6:    4.
26/11/2009 -- 16:14:04 - (detect.c:1782) <Info> (SigAddressPrepareStage2) -- UDP Source address blocks:     any:    4, ipv4:   28, ipv6:    4.
26/11/2009 -- 16:14:04 - (detect.c:1808) <Info> (SigAddressPrepareStage2) -- ICMP Source address blocks:    any:    4, ipv4:   20, ipv6:    4.
26/11/2009 -- 16:14:04 - (detect.c:1812) <Info> (SigAddressPrepareStage2) -- building signature grouping structure, stage 2: building source address list... done
26/11/2009 -- 16:14:04 - (detect.c:2332) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists...
26/11/2009 -- 16:14:45 - (detect.c:2417) <Info> (SigAddressPrepareStage3) -- MPM memory 344606815 (dynamic 344574223, ctxs 32592, avg per ctx 524466)
26/11/2009 -- 16:14:45 - (detect.c:2419) <Info> (SigAddressPrepareStage3) -- max sig id 12614, array size 1577
26/11/2009 -- 16:14:45 - (detect.c:2420) <Info> (SigAddressPrepareStage3) -- signature group heads: unique 5914, copies 17152.
26/11/2009 -- 16:14:45 - (detect.c:2422) <Info> (SigAddressPrepareStage3) -- MPM instances: 657 unique, copies 5257 (none 0).
26/11/2009 -- 16:14:45 - (detect.c:2424) <Info> (SigAddressPrepareStage3) -- MPM (URI) instances: 22 unique, copies 5892 (none 0).
26/11/2009 -- 16:14:45 - (detect.c:2425) <Info> (SigAddressPrepareStage3) -- MPM max patcnt 6343, avg 28893
26/11/2009 -- 16:14:45 - (detect.c:2427) <Info> (SigAddressPrepareStage3) -- MPM (URI) max patcnt 10320, avg 1049377 (23086302/22)
26/11/2009 -- 16:14:45 - (detect.c:2428) <Info> (SigAddressPrepareStage3) -- port maxgroups: 47, avg 14, tot 8156
26/11/2009 -- 16:14:45 - (detect.c:2429) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done
RunModeFilePcap: file /home/coz/downloads/dc17ctf-httpcookie-segv.pcap
TmModuleReceivePcapFileRegister: datalink 1
26/11/2009 -- 16:14:45 - (tm-threads.c:1141) <Info> (TmThreadWaitOnThreadInit) -- all 9 packet processing threads, 3 management threads initialized, engine started.
ReceivePcap: code 0 error 
 - (ReceivePcapFile) Packets 21, bytes 4054.
26/11/2009 -- 16:14:45 - (suricata.c:649) <Info> (main) -- signal received
26/11/2009 -- 16:14:45 - (suricata.c:652) <Info> (main) -- SIGINT or EngineStop received

GNU gdb (GDB) 7.0-ubuntu
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Reading symbols from /home/coz/downloads/oisfnew/src/suricata...
done.
[New Thread 19673]
[New Thread 19668]
[New Thread 19666]
[New Thread 19676]
[New Thread 19656]
[New Thread 19667]
[New Thread 19672]
[New Thread 19674]
[New Thread 19670]
[New Thread 19675]
[New Thread 19671]
Reading symbols from /usr/lib/libhtp-0.1.so.1...
done.
Loaded symbols for /usr/lib/libhtp-0.1.so.1
Reading symbols from /usr/lib/libpcap.so.0.8...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpcap.so.0.8
Reading symbols from /usr/local/lib/libpfring.so...
done.
Loaded symbols for /usr/local/lib/libpfring.so
Reading symbols from /usr/lib/libnet.so.1...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnet.so.1
Reading symbols from /lib/libpthread.so.0...
Reading symbols from /usr/lib/debug/lib/libpthread-2.10.1.so...
done.
(no debugging symbols found)...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libyaml-0.so.1...
(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libyaml-0.so.1
Reading symbols from /lib/libpcre.so.3...
(no debugging symbols found)...done.
Loaded symbols for /lib/libpcre.so.3
Reading symbols from /lib/libc.so.6...
Reading symbols from /usr/lib/debug/lib/libc-2.10.1.so...
done.
(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libz.so.1...
(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...
Reading symbols from /usr/lib/debug/lib/ld-2.10.1.so...
done.
(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib/libgcc_s.so.1...
(no debugging symbols found)...done.
Loaded symbols for /lib/libgcc_s.so.1
Core was generated by `src/suricata -c suricata117.yaml -r /home/coz/downloads/dc17ctf-httpcookie-segv'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000000000447475 in DetectHttpCookieMatch (t=0x7f97240128f0, det_ctx=0x7f9724012ba0, f=0x2806ae0, flags=4 '', state=0x29e8a470, s=0x4019590, m=0x4019e70) at detect-http-cookie.c:80
80	    htp_tx_t *tx = list_get(htp_state->connp->conn->transactions, 0);
#0  0x0000000000447475 in DetectHttpCookieMatch (t=0x7f97240128f0, det_ctx=0x7f9724012ba0, f=0x2806ae0, flags=4 '', state=0x29e8a470, s=0x4019590, m=0x4019e70) at detect-http-cookie.c:80
        co = 0x4019d90
        htp_state = 0x29e8a470
        ret = 0
        tx = 0x7f972a460f00
        h = 0x2a298e0
#1  0x000000000041991e in SigMatchSignaturesAppLayer (th_v=0x7f97240128f0, de_ctx=0x2a298e0, det_ctx=0x7f9724012ba0, sgh=0x4651130, p=0x23f6cb0) at detect.c:527
        match = 1
        fmatch = 0
        s = 0x4019590
        sm = 0x4019e70
        idx = 8731
        sig = 11913
        flags = 4 ''
        alstate = 0x29e8a470
#2  0x000000000041a2b3 in SigMatchSignatures (th_v=0x7f97240128f0, de_ctx=0x2a298e0, det_ctx=0x7f9724012ba0, p=0x23f6cb0) at detect.c:786
        match = 0
        fmatch = 1
        s = 0x40ffcb0
        sm = 0x0
        idx = 9413
        sig = 12613
#3  0x000000000041a35a in Detect (tv=0x7f97240128f0, p=0x23f6cb0, data=0x7f9724012ba0, pq=0x7f97240129f0) at detect.c:823
        det_ctx = 0x7f9724012ba0
        de_ctx = 0x2a298e0
        r = 32663
#4  0x000000000046842b in TmThreadsSlot1 (td=0x7f97240128f0) at tm-threads.c:325
        tv = 0x7f97240128f0
        s = 0x7f97240129c0
        p = 0x23f6cb0
        run = 1 ''
        r = TM_ECODE_OK
#5  0x00007f972c942a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
        __res = <value optimized out>
        pd = 0x7f972a461910
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {
140287226026256, 
-5743550190939853706, 
140736003484000, 
0, 
0, 
3, 
5720867868372315254, 
5720863042702617718}, 
mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 
0x0}, data = {
              prev = 0x0, cleanup = 0x0, 
canceltype = 0}}}
        not_first_call = <value optimized out>
        robust = <value optimized out>
#6  0x00007f972c25d7bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#7  0x0000000000000000 in ?? ()
No symbol table info available.
