[Snort-devel] snort on 64 bit machines

Bob McElrath mcelrath at ...595...
Sun Aug 12 01:29:42 EDT 2001


Do you have any reports of snort running on any 64-bit machine?  I'm
having a bit of trouble with it here on my alpha/linux box.  I can't get
it to put *anything* in the log files (or database), and when exiting it
says:

Snort analyzed 10 out of 10 packets, dropping 0(0.000%) packets
Breakdown by protocol:                Action Stats:
    TCP: 0          (0.000%)          ALERTS: 0
    UDP: 0          (0.000%)          LOGGED: 0
   ICMP: 0          (0.000%)          PASSED: 0
    ARP: 0          (0.000%)
   IPv6: 0          (0.000%)
    IPX: 0          (0.000%)
  OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)
===============================================================================
Fragmentation Stats:
Fragmented IP Packets: 0          (0.000%)
   Rebuilt IP Packets: 0
   Frag elements used: 0
Discarded(incomplete): 0
   Discarded(timeout): 0
===============================================================================
TCP Stream Reassembly Stats:
   TCP Packets Used:      0          (0.000%)
   Reconstructed Packets: 0          (0.000%)
   Streams Reconstructed: 0
===============================================================================

Note that 10 packets were analyzed, and none of them end up in the
breakdowns (probably all ICMP ECHOs...I ran ping).

I notice that in the code you use u_long all over the place.  Are you
aware that on 64-bit machines, unsigned long is 64-bits?  I haven't
looked carefully, but if you're using u_long's in a struct that comes
off the network, it will break on 64-bit archs.

Cheers,
-- Bob

Bob McElrath (rsmcelrath at ...596...) 
Univ. of Wisconsin at Madison, Department of Physics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20010812/aa271c93/attachment.sig>


More information about the Snort-devel mailing list