[Snort-users] Snort 2.8.6 on SPARC 64 OpenBSD from Port "bus error"
kayasaman at ...11827...
Sun Dec 9 20:19:23 EST 2012
I'm running Snort 2.8.6 on OpenBSD 5.2 sparc64 platform.
My system is being used as a router/gateway/NAT/Firewall with multiple
VLANs, LACP and PPPoE for WAN connectivity.
I'm running this particular version of Snort because it was built
directly from Ports meaning that it is supported (all be it out of date).
(trunk0 is my LACP interface connected to my switch on ports bge2 and bge3)
If I run: snort -i trunk0 -c /etc/snort/snort.conf
or with -i set to any of my vlans I get the error: "bus error core dumped"
Rebuilding with debugging active I have traced the error to this:
FLAVOR="mysql flexresp" make clean
FLAVOR="mysql flexresp" make DEBUG=-g repackage reinstall
gdb `which snort`
set args -i trunk0 -c /etc/snort/snort.conf
Program received signal SIGBUS, Bus error.
0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
2657 msec = tvp->tv_usec / 1000;
(gdb) bt full
#0 0x0000000000149f64 in GetTimestamp (tvp=0x20bed8b3c, tz=0) at
lt = (struct tm *) 0x0
buf = 0x209c74660 ""
msec = 74103168
#1 0x000000000016c30c in Database (p=0xffffffffffff76b0,
msg=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", arg=0x20b75f880,
data = (DatabaseData *) 0x20b75f880
query = (SQLQuery *) 0x2046ab980
root = (SQLQuery *) 0x2046ab980
timestamp_string = 0x0
insert_fields = 0x0
insert_values = 0x0
sig_name = 0x0
sig_class = 0x0
ref_system_name = 0x0
ref_node_id_string = 0x0
ref_tag = 0x0
packet_data = 0x0
packet_data_not_escaped = 0x0
select0 = 0x0
select1 = 0x0
insert0 = 0x0
i = 0
insert_fields_len = 0
insert_values_len = 21365344
ok_transaction = 0
ref_system_id = -2113895936
ret = 0
sig_id = 0
ref_id = 0
class_id = 0
class_ptr = (ClassType *) 0x0
refNode = (ReferenceNode *) 0x2033fd3c0
sig_rev = '\0' <repeats 15 times>
sig_sid = '\0' <repeats 15 times>
sig_gid = '\0' <repeats 15 times>
#2 0x000000000014c62c in CallAlertFuncs (p=0xffffffffffff76b0,
message=0x208b39280 "ET P2P Vuze BT UDP Connection (5)", head=0x20e33eb00,
idx = (OutputFuncNode *) 0x20a284080
#3 0x000000000014d744 in AlertAction (p=0xffffffffffff76b0,
I am no expert at debugging programs and I'm not sure what is going on
other then there seems to be an issue with:
GetTimeStamp in the util.c file
Could anyone offer any assistance to get snort working?
I really would like to use the system as an IDS and already have setup
MySQL and Base, so to get working would be brilliant!
More information about the Snort-users