[Snort-devel] Re: snort dies on linux/sparc64 when using preprocessor stream4_reassemble

Martin Roesch roesch at ...402...
Wed Sep 17 15:22:03 EDT 2003


Well, it's obviously a memory alignment issue, we get these a lot in 
the stream and frag reassemblers.  Have you tried running in gdb to see 
what line the error is occurring on?

      -Marty


On Tuesday, September 16, 2003, at 10:31 AM, Jason Wever wrote:

> Hello,
>
> I've encountered a problem with snort running on linux/sparc64 when 
> using
> preprocessor stream4_reassemble in the config file.  Basically snort 
> dies
> shortly after startup, with a bus error.  Removing the statement for
> preprocessor stream4_reassemble from the config seems to fix this 
> issue.
>
> This did not seem to produce a core file when it failed, but I have 
> used
> strace against it (and can send the output if you desire).
>
> I also tried to build with --enable-debug, however the compilation 
> failed
> with the following messages;
>
> make[3]: Entering directory `/root/tmp/snort-2.0.1/src'
> gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
> -I../src/output-plugins -I../src/detection-plugins 
> -I../src/preprocessors
>   -O0 -DDEBUG -g -c `test -f 'codes.c' || echo './'`codes.c gcc
> -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
> -I../src/output-plugins -I../src/detection-plugins 
> -I../src/preprocessors
>   -O0 -DDEBUG -g -c `test -f 'debug.c' || echo './'`debug.c gcc
> -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I/usr/include/pcap
> -I../src/output-plugins -I../src/detection-plugins 
> -I../src/preprocessors
>   -O0 -DDEBUG -g -c `test -f 'decode.c' || echo './'`decode.c 
> decode.c: In
> function `DecodeVlan': decode.c:373: `pri' undeclared (first use in 
> this
> function) decode.c:373: (Each undeclared identifier is reported only 
> once
> decode.c:373: for each function it appears in.)
> make[3]: *** [decode.o] Error 1
> make[3]: Leaving directory `/root/tmp/snort-2.0.1/src'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/root/tmp/snort-2.0.1/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/root/tmp/snort-2.0.1'
> make: *** [all] Error 2
>
> Here is the information as requested in doc/BUGS
>
> System Architecture - sparc64
> Operating System and version - Linux 2.4.22
> Version of Snort - 2.0.1
> What preprocessors you loaded - frag, stream4, stream4_reassemble,
> 						http_decode, rpc_decode, bo,
> 						telnet_decode
> What rules (if any) you were using - bad-traffic, exploit, scan, 
> finger,
> 						   ftp, telnet, smtp, rpc, rservices, dos,
> 						   ddos, dns, tftp, web-coldfusion, web-iis,
> 						   web-frontpage, web-attacks, sql, x11, icmp,
> 						  netbios, misc, attack-responses, backdoor,
> 						  shellcode, policy, porn, info, icmp-info, virus,
> 						  local
> What output plug-ins you loaded - none that I can tell
> What command line switches you were using - -D -u snort -g snort -i 
> eth0
> 								  -l /var/log/snort
> 								  -c /etc/snort/snort.conf
> 							
> Any Snort error messages - bus error (only without the -D switch)
>
> Thanks,
> -- 
> Jason Wever
> Gentoo/Sparc Team Co-Lead
> <mime-attachment>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-devel mailing list