[Snort-devel] BUG - Solaris + snort 2.0.1 in PrintTcpOptions

Bruno Saverio Delbono bdelbono at ...2087...
Wed Jul 23 17:06:21 EDT 2003


BUG Report (2)

OS - Solaris 7 SunOS hell.lucifer.at 5.7 Generic_106541-08 sun4m sparc
SUNW,SPARCstation-5

CC - cc: Sun C 5.5 2003/03/12 (Part of SunONE 8 Compiler collection)

BUG In - Reading of snort.log binary log files
Details:

hell.lucifer.at# dbx /usr/bin/snort
Reading snort
Reading ld.so.1
Reading libm.so.1
Reading libsocket.so.1
Reading libnsl.so.1
Reading libc.so.1
Reading libdl.so.1
Reading libmp.so.2

(dbx) run -dve -r snort.log.1058979504
Running: snort -dve -r snort.log.1058979504 
(process id 2850)
    Reading nss_files.so.1
    Running in packet dump mode
    Log directory = /var/log/snort
    TCPDUMP file reading mode.
    Reading network traffic from "snort.log.1058979504" file.
    snaplen = 1514

--== Initializing Snort ==--
Initializing Output Plugins!

--== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.1 (Build 88)
By Martin Roesch (roesch at ...402..., www.snort.org)
07/23-09:59:33.547274 0:0:77:98:8A:1B -> 8:0:20:20:FF:3D type:0x800 len:0x3C
24.84.17.78 -> 24.84.18.15 ICMP TTL:53 TOS:0x0 ID:37089 IpLen:20
DgmLen:28 DF Type:8  Code:0  ID:9126   Seq:0  ECHO

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

07/23-09:59:33.580588 8:0:20:20:FF:3D -> 0:0:77:98:8A:1B type:0x800 len:0x2A
24.84.18.15 -> 24.84.17.78 ICMP TTL:255 TOS:0x0 ID:62780 IpLen:20 DgmLen:28 DF
Type:0  Code:0  ID:9126  Seq:0  ECHO REPLY

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

07/23-09:59:34.407405 0:0:77:98:8A:1B -> 8:0:20:20:FF:3D type:0x800 len:0x3E
24.84.17.78:53109 -> 24.84.18.15:161 TCP TTL:63 TOS:0x0 ID:37138
IpLen:20 DgmLen:48 DF
******S* Seq: 0x6F09AE62  Ack: 0x0  Win: 0xC1E8  TcpLen: 28

signal BUS (invalid address alignment) in PrintTcpOptions at line 1547
in file "log.c" 1547 fprintf(fp, "%u ", EXTRACT_16BITS(tmp));


(dbx) where                           
  =>[1] PrintTcpOptions(fp = 0x228550, p = 0xeffff3e4), line 1547 in
   "log.c" 
    [2] PrintTCPHeader(fp = 0x228550, p = 0xeffff3e4), line 986 in "log.c"
    [3] PrintIPPkt(fp = 0x228550, type = 6, p = 0xeffff3e4), line 364 in "log.c"
    [4] ProcessPacket(user = (nil), pkthdr = 0xeffff8d0, pkt =
        0x2d7e42 "^H"), line 566 in "snort.c"
    [5] pcap_offline_read(0x2d4a60, 0xffffffff, 0x595d8, 0x0,
        0x595d8, 0xeffff8d0), at 0xcafc8 
    [6] pcap_loop(0x2d4a60, 0xffffffff, 0x595d8, 0x0, 0x0,
        0x228570), at 0xc15c0 
    [7] InterfaceThread(arg = (nil)), line 1525 in "snort.c"
    [8] SnortMain(argc = 4, argv = 0xeffffb14), line 537 in "snort.c"
    [9] main(argc = 4, argv = 0xeffffb14), line 165 in "snort.c"

Workaround: Currently none

Anyone, please help?


-- 
Bruno Saverio Delbono <bdelbono at leviathan dot lucifer dot at>
Systems Engineer - Open-Systems Group Inc.
http://www.open-systems.org/users/bruno/
GPG Fingerprint: 1AAC 0F81 54F6 C7AF 2EC4  8993 0594 88B3 E127 35C5




More information about the Snort-devel mailing list