[Snort-devel] Bus error w/ Snort 2.0

Paul Whittenburg paul at ...2079...
Fri Jul 18 05:39:02 EDT 2003


Erek,

Thanks for the reply. I ran into time constraints and had to try Solaris 8.
I loaded it on an identical system, compiled Snort 2.0.0 w/ gcc 3.3 and set
it up the same as before. It ran without problems so I went that route for
all the sensors.

I'm setting up a Solaris 9 system in my office and if I can get it to fail
as before, I will try your suggestions below and report the findings.

I did notice when doing various backtraces of core files that they all
seemed to happen while processing HTTP/CGI traffic.

Erek Adams wrote:
> On Sat, 12 Jul 2003, Paul Whittenburg wrote:
> 
> 
>>I'm setting up a few sensors and am having a problem where Snort core dumps
>>after running for a while. Here are the specifics of my environment:
>>
>>Solaris 9 4/03 with the latest recommended patches installed on a Sun Netra
>>T1 (Sparc). I compiled Snort 2.0.0 w/ gcc 3.3 and updated the rules. My
>>snort.conf is pretty standard - I'm not trying anything tricky. I'm listening
>>on a stealth interface (hme0).
> 
> 
> [...snip....]
> 
> Odd.  I'm running Snort on a Solaris 9 (fully updated and patched) box and
> it's chugging away happily.
> 
> One thing that you might want to try is to downgrade gcc to 2.95 and see
> if you still get the error.  I've heard of some issues with gcc 3.x, but I
> thought they had all be resolved.
> 
> And just to be safe, see if you can get a pcap (65535 snaplen) of the
> data.  It'll be interesting to see if it's the packet or if it's something
> else.
> 
> Cheers!
> 
> -----
> Erek Adams
> 
>    "When things get weird, the weird turn pro."   H.S. Thompson
> 

-- 
   Paul Whittenburg
  <paul at ...2079...>
   Phone: 630.521.8932





More information about the Snort-devel mailing list