[Snort-users] Snort 2.8.6 on SPARC 64 OpenBSD from Port "bus error"

Kaya Saman kayasaman at ...11827...
Sun Dec 9 20:19:23 EST 2012


I'm running Snort 2.8.6 on OpenBSD 5.2 sparc64 platform.

My system is being used as a router/gateway/NAT/Firewall with multiple 
VLANs, LACP and PPPoE for WAN connectivity.

I'm running this particular version of Snort because it was built 
directly from Ports meaning that it is supported (all be it out of date).

(trunk0 is my LACP interface connected to my switch on ports bge2 and bge3)

If I run: snort -i trunk0 -c /etc/snort/snort.conf

or with -i set to any of my vlans I get the error: "bus error core dumped"

Rebuilding with debugging active I have traced the error to this:

cd /usr/ports/net/snort
FLAVOR="mysql flexresp" make clean
FLAVOR="mysql flexresp" make DEBUG=-g repackage reinstall
gdb `which snort`
set args -i trunk0 -c /etc/snort/snort.conf

Program received signal SIGBUS, Bus error.
0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
2657        msec = tvp->tv_usec / 1000;

(gdb) bt full
#0  0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
          lt = (struct tm *) 0x0
          buf = 0x209c74660 ""
          msec = 74103168
#1  0x000000000016c30c in Database (p=0xffffffffffff76b0,
msg=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", arg=0x20b75f880,
          data = (DatabaseData *) 0x20b75f880
          query = (SQLQuery *) 0x2046ab980
          root = (SQLQuery *) 0x2046ab980
          timestamp_string = 0x0
          insert_fields = 0x0
          insert_values = 0x0
          sig_name = 0x0
          sig_class = 0x0
          ref_system_name = 0x0
          ref_node_id_string = 0x0
          ref_tag = 0x0
          packet_data = 0x0
          packet_data_not_escaped = 0x0
          select0 = 0x0
          select1 = 0x0
          insert0 = 0x0
          i = 0
          insert_fields_len = 0
          insert_values_len = 21365344
          ok_transaction = 0
          ref_system_id = -2113895936
          ret = 0
          sig_id = 0
          ref_id = 0
          class_id = 0
          class_ptr = (ClassType *) 0x0
          refNode = (ReferenceNode *) 0x2033fd3c0
          sig_rev = '\0' <repeats 15 times>
          sig_sid = '\0' <repeats 15 times>
          sig_gid = '\0' <repeats 15 times>
#2  0x000000000014c62c in CallAlertFuncs (p=0xffffffffffff76b0,
message=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", head=0x20e33eb00,
      event=0x205cf6d64) at
          idx = (OutputFuncNode *) 0x20a284080
#3  0x000000000014d744 in AlertAction (p=0xffffffffffff76b0,
otn=0x205cf6c00, event=0x205cf6d64)

I am no expert at debugging programs and I'm not sure what is going on 
other then there seems to be an issue with:

GetTimeStamp in the util.c file

Could anyone offer any assistance to get snort working?

I really would like to use the system as an IDS and already have setup 
MySQL and Base, so to get working would be brilliant!



More information about the Snort-users mailing list