[Snort-devel] Bus Error with 2.6 Beta on PA-RISC2/HPUX 11i

James Pendergrass jpenderg at ...2886...
Thu Jul 20 13:18:17 EDT 2006


Hi,
Yes, actually detecting hpux 11 in configure is definitely a better
solution.

Thanks for your help.
-aaron

On Thu, Jul 20, 2006 at 11:44:02AM -0400, Steven Sturges wrote:
> Hi--
> 
> Another means to resolve this is to add an HPUX 11i entry to
> configure.in -- this is why HPUX isn't being defined on
> that platform.
> 
> Change Line 95
> 	*-hpux10*)
> to
> 	*-hpux10*|*-hpux11*)
> 
> That causes the define of HPUX to be done in config.h.
> Better to do it this way, as different compilers may use
> different defines.
> 
> We'll look into the other issues you mentioned.
> 
> Cheers.
> -steve
> 
> James Pendergrass wrote:
> >List,
> >I have solved my HPUX/PA-RISC sig bus problem.
> >The fix for Sparc/Solaris does the trick,  the problem it is not enabled
> >by default for HPUX (although the attempt is made).  In the file
> >src/decode.h, lines 795 through 799 define the macro SPARC_TWIDDLE:
> >
> >    795 #if defined (SOLARIS) || defined (SUNOS) || defined (__sparc__) || 
> >    defined(__sparc64__) || defined (HPUX)
> >    796 #define SPARC_TWIDDLE       2
> >    797 #else
> >    798 #define SPARC_TWIDDLE       0
> >    799 #endif
> >
> >This value is added to the buffer base address when saving packets, to
> >ensure that alignments work out right.  The problem is that the gcc
> >4.1.1 compiler distributed by HP does not define the HPUX macro, so
> >SPARC_TWIDDLE is set to 0 rather than 2.  Changing the macro to
> >_HPUX_SOURCE solves this problem,  as would defining the HPUX macro
> >1) somewhere in config.h  
> >
> >A similar problem occurs in src/log.h at line 32.
> >
> >Other minor HPUX notes (for those interested) include:
> >1) struct sockaddr_ext used by net/if6.h is only defined if 
> >_XOPEN_SOURCE_EXTENDED is undefined.  I'm not sure exactly what 
> >	other effects this macro has, but unsetting it causes compilation
> >	to succeed.
> >2) in src/dynamic-plugins/sf_dynamic_plugins.c including dlfcn at line 55 
> >causes numerous errors.
> >	specifically gcc fails to parse:
> >		typedef unsigned long long UINT64;  
> >	at line 66.  Instead numerous errors are reported about extra 
> >	"unsigned" keyword,  and "long long long" being too long for gcc.
> >
> >	Moving the #include directive above all other includes in 
> >	sf_dynamic_plugins.c fixes this error
> >
> >Other than the above issues (and the .sl/.so issue referenced previously) 
> >snort compiles and runs fairly cleanly.
> >
> >If you would like exact error messages for any of the above let me know 
> >and I'll regenerate them.
> >
> >Thanks for your help and guidance.
> >-aaron
> >
> >
> >On Tue, Jun 27, 2006 at 09:05:08AM -0400, James Pendergrass wrote:
> >
> >>Steve,
> >>Thanks for the quick response.  
> >>It turns out I am using the final 2.6.0 release not the beta (my mistake).
> >>When I get some free time I'll take a closer look at what might be 
> >>causing this problem
> >>and try to come up with a small patch.
> >>
> >>Note: I expect this is a PA-RISC problem and not unique to HPUX (i.e. 
> >>NetBSD on PA-RISC
> >>should experience it too),  but I have no real evidence to back that up.
> >>
> >>Thanks again for the quick response.
> >>-aaron
> >>
> >>On Tue, Jun 27, 2006 at 08:49:29AM -0400, Steven Sturges wrote:
> >>
> >>>Hello James--
> >>>
> >>>HPUX is not an officially supported platform, but I'd
> >>>recommend syncing up to Snort 2.6.0 Final (it was released
> >>>a few weeks ago).
> >>>
> >>>There were some changes made to support Solaris platform
> >>>in Stream4 and those may resolve the problem you are seeing
> >>>on HP.
> >>>
> >>>We'll look into the shared library extension issue.
> >>>
> >>>Cheers.
> >>>-steve
> >>>
> >>>James Pendergrass wrote:
> >>>
> >>>>Hello, 
> >>>>I've been trying to get snort 2.6 beta up and running on an HP Visualize
> >>>>B1000 Workstation running HPUX 11i.  I've got everything compiled and
> >>>>going, but have been receiving a Bus Error when snort runs.
> >>>>
> >>>>I think the problem is the same as the problem described on the SPARC
> >>>>architecture in the post:
> >>>>http://sourceforge.net/mailarchive/message.php?msg_id=12609196
> >>>>
> >>>>The problem does not occur if the stream4_reassemble preprocessor is not
> >>>>enabled.  
> >>>>
> >>>>I have seen the BusError triggered from two different places.
> >>>>The stack trace of the first observed error confirms my belief that the 
> >>>>issue is similar
> >>>>to the one described in the post referenced above:
> >>>>#0  0xa8b8 in IPHdrTests ()
> >>>>#1  0xc794 in DecodeIP ()
> >>>>#2  0xe138 in DecodeEthPkt ()
> >>>>#3  0x4e3a0 in FlushDeletedStream ()
> >>>>#4  0x4e51c in DropSession ()
> >>>>#5  0x4e5c8 in DeleteSession ()
> >>>>#6  0x5e81c in CleanHashTable ()
> >>>>#7  0x5e8a4 in PruneSessionCache ()
> >>>>#8  0x50544 in ReassembleStream4 ()
> >>>>#9  0x288e4 in Preprocess ()
> >>>>#10 0x204cc in ProcessPacket ()
> >>>>#11 0x206f4 in PcapProcessPacket ()
> >>>>#12 0xc23694c0 in __gcc_personality_v0 () from /usr/local/lib/libpcap.sl
> >>>>#13 0xc236b5a0 in __gcc_personality_v0 () from /usr/local/lib/libpcap.sl
> >>>>#14 0x207f0 in InterfaceThread ()
> >>>>#15 0x20efc in SnortMain ()
> >>>>#16 0x2176c in main ()
> >>>>
> >>>>The other stack trace is slightly different, but also suggests 
> >>>>stream4_reassamble as the
> >>>>culprit (or at least a significant part of the problem):
> >>>>#0  0x4cd1c in BuildPacket ()
> >>>>#1  0x4dab4 in FlushStream ()
> >>>>#2  0x5081c in ReassembleStream4 ()
> >>>>#3  0x288e4 in Preprocess ()
> >>>>#4  0x204cc in ProcessPacket ()
> >>>>#5  0x206f4 in PcapProcessPacket ()
> >>>>#6  0xc10194c0 in InitializePreprocessor () from 
> >>>>/usr/local/lib/libpcap.sl
> >>>>#7  0xc101b5a0 in InitializePreprocessor () from 
> >>>>/usr/local/lib/libpcap.sl
> >>>>#8  0x207f0 in InterfaceThread ()
> >>>>#9  0x20efc in SnortMain ()
> >>>>#10 0x2176c in main ()
> >>>>
> >>>>Can someone confirm that this is a recognized bug and either patch 
> >>>>exists or is in the
> >>>>pipes?  Can someone suggest a workaround?
> >>>>Thanks.
> >>>>
> >>>>Also,  just to be nitpicky; snort seems to assume dynmic plugins will 
> >>>>have a .so extension,
> >>>>this really ought to be detected at build time and set to the 
> >>>>appropriate extension for
> >>>>the platform.
> >>>>
> >>>>Thanks again,
> >>>>aaron
> >>>>
> >>>>Using Tomcat but need to do more? Need to support web services, 
> >>>>security?
> >>>>Get stuff done quickly with pre-integrated technology to make your job 
> >>>>easier
> >>>>Download IBM WebSphere Application Server v.1.0.1 based on Apache 
> >>>>Geronimo
> >>>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >>>>_______________________________________________
> >>>>Snort-devel mailing list
> >>>>Snort-devel at lists.sourceforge.net
> >>>>https://lists.sourceforge.net/lists/listinfo/snort-devel
> >>>>
> >>>
> >>>
> >>>Using Tomcat but need to do more? Need to support web services, security?
> >>>Get stuff done quickly with pre-integrated technology to make your job 
> >>>easier
> >>>Download IBM WebSphere Application Server v.1.0.1 based on Apache 
> >>>Geronimo
> >>>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >>>_______________________________________________
> >>>Snort-devel mailing list
> >>>Snort-devel at lists.sourceforge.net
> >>>https://lists.sourceforge.net/lists/listinfo/snort-devel
> >>
> >>Using Tomcat but need to do more? Need to support web services, security?
> >>Get stuff done quickly with pre-integrated technology to make your job 
> >>easier
> >>Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> >>http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >>_______________________________________________
> >>Snort-devel mailing list
> >>Snort-devel at lists.sourceforge.net
> >>https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
> >
> >Using Tomcat but need to do more? Need to support web services, security?
> >Get stuff done quickly with pre-integrated technology to make your job 
> >easier
> >Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> >_______________________________________________
> >Snort-devel mailing list
> >Snort-devel at lists.sourceforge.net
> >https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
> 




More information about the Snort-devel mailing list