[Snort-devel] snort dies on linux/sparc64 when using preprocessor stream4_reassemble

Jason Wever weeve at ...2185...
Tue Sep 16 07:30:03 EDT 2003


I've encountered a problem with snort running on linux/sparc64 when using
preprocessor stream4_reassemble in the config file.  Basically snort dies
shortly after startup, with a bus error.  Removing the statement for
preprocessor stream4_reassemble from the config seems to fix this issue.

This did not seem to produce a core file when it failed, but I have used
strace against it (and can send the output if you desire).

I also tried to build with --enable-debug, however the compilation failed
with the following messages;

make[3]: Entering directory `/root/tmp/snort-2.0.1/src'
gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors 
  -O0 -DDEBUG -g -c `test -f 'codes.c' || echo './'`codes.c gcc
-DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors 
  -O0 -DDEBUG -g -c `test -f 'debug.c' || echo './'`debug.c gcc
-DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
-I../src/output-plugins -I../src/detection-plugins -I../src/preprocessors 
  -O0 -DDEBUG -g -c `test -f 'decode.c' || echo './'`decode.c decode.c: In
function `DecodeVlan': decode.c:373: `pri' undeclared (first use in this
function) decode.c:373: (Each undeclared identifier is reported only once
decode.c:373: for each function it appears in.)
make[3]: *** [decode.o] Error 1
make[3]: Leaving directory `/root/tmp/snort-2.0.1/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/root/tmp/snort-2.0.1/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/root/tmp/snort-2.0.1'
make: *** [all] Error 2

Here is the information as requested in doc/BUGS

System Architecture - sparc64
Operating System and version - Linux 2.4.22
Version of Snort - 2.0.1
What preprocessors you loaded - frag, stream4, stream4_reassemble,
						http_decode, rpc_decode, bo, 
What rules (if any) you were using - bad-traffic, exploit, scan, finger,
						   ftp, telnet, smtp, rpc, rservices, dos,
						   ddos, dns, tftp, web-coldfusion, web-iis,
						   web-frontpage, web-attacks, sql, x11, icmp,
						  netbios, misc, attack-responses, backdoor,
						  shellcode, policy, porn, info, icmp-info, virus,
What output plug-ins you loaded - none that I can tell
What command line switches you were using - -D -u snort -g snort -i eth0
								  -l /var/log/snort
								  -c /etc/snort/snort.conf
Any Snort error messages - bus error (only without the -D switch)

Jason Wever
Gentoo/Sparc Team Co-Lead
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20030916/8e2cbea2/attachment.sig>

More information about the Snort-devel mailing list