[Snort-users] Bus Error on Solaris 7/SPARC

User BALGAA System Engineer balgaa at ...4516...
Sun Mar 3 20:21:03 EST 2002


Hello,

I changed my Sun Ultra 1E OS from Redhat-6.2/SPARC to Solaris
7/SPARC.

I configured/compiled successfully "snort-stable" with following
parameters:

./configure --prefix=/opt/snort --with-mysql=/opt/mysql
--enable-smbalerts --enable-flexresp --with-libpcap-includes --with-libpcap-libraries

After that I tried to load ./snort without any option in source
directory and I got "Bus Error" message.

# /usr/local/bin/gdb ./snort --core core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "sparc-sun-solaris2.7"...
Core was generated by `./snort'.
Program terminated with signal 10, Bus Error.
Reading symbols from /usr/lib/libz.so...done.
Reading symbols from /usr/lib/libm.so.1...done.
Reading symbols from /usr/lib/libsocket.so.1...done.
Reading symbols from /usr/lib/libnsl.so.1...done.
Reading symbols from /usr/lib/libmysqlclient.so.10...done.
Reading symbols from /usr/lib/libc.so.1...done.
Reading symbols from /usr/lib/libgcc_s.so.1...done.
Reading symbols from /usr/lib/libdl.so.1...done.
Reading symbols from /usr/lib/libmp.so.2...done.
Reading symbols from /usr/lib/libcrypt_i.so.1...done.
Reading symbols from /usr/lib/libgen.so.1...done.
Reading symbols from /usr/platform/SUNW,Ultra-1/lib/libc_psr.so.1...done.
Reading symbols from /usr/lib/nss_files.so.1...done.
#0  InitStream4Pkt () at spp_stream4.c:2916
---Type <return> to continue, or q <return> to quit---

then I pressed return key.

2916        stream_pkt->iph->ip_ver   = 0x4;
(gdb) set print address on
(gdb) run
Starting program: /export/home/balgaa/snort-stable/./snort
Log directory = /var/log/snort

Initializing Network Interface le0
using config file ./snort.conf
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file ./snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE

Program received signal SIGBUS, Bus error.
InitStream4Pkt () at spp_stream4.c:2916
2916        stream_pkt->iph->ip_ver   = 0x4;
(gdb) bt
#0  InitStream4Pkt () at spp_stream4.c:2916
#1  0x449a0 in Stream4Init (args=0xbe078 "detect_scans") at
spp_stream4.c:587
#2  0x1e240 in ParsePreprocessor (rule=0xbe078 "detect_scans") at
rules.c:1327
#3  0x1d8e4 in ParseRule (rule_file=0x81618,
    prule=0xffbef780 "preprocessor stream4: detect_scans", inclevel=0)
    at rules.c:539
#4  0x1d1e4 in ParseRulesFile (
    file=0xffbef780 "preprocessor stream4: detect_scans", inclevel=0)
    at rules.c:198
#5  0x16a20 in ReadConfFile () at snort.c:3316
#6  0x129e4 in main (argc=1, argv=0xffbefd7c) at snort.c:189
(gdb)


What is going wrong with snort? Any suggestion?

Thanks,
Balgaa





More information about the Snort-users mailing list