Trisul is a deep packet processing application that sifts through quite a bit of protocols and parses things such as SSL messages, HTTP headers, DNS, and more.
We go to great lengths to ensure robustness against various kinds of malformed packets - it isnt, and can probably never be 100% perfect. If you ever experience persistent segfaults or crashes, you can follow these steps to help us debug it. Its called "crashpcap"
1. Edit trisulConfig.xml to save the latest 8 MB of packets in a special shared memory location called a Packet Trail
<Logging>
..
<PacketTrailMB>8</PacketTrailMB>
2. Run trisul normally. In case if crashes, do the following
trisul -nodemon /usr/local/etc/trisul/trisulConfig.xml -mode crashpcap
Wrote crash pcap file to triscrash.pcap
This will save the latest x MB as a PCAP file (triscrash.pcap). Send it to us via private email info at unleashnetworks dot com -
If the crash was indeed due to a malformed packet, this will help us debug it.
Hope that helps !