[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[snort] sparc SIGBUS

This is about bug #102772

Snort does work on solaris9/sparc, but not on debian stable on sparc.
The 1.8.4beta1-3.1 version of snort in stable won't work.

I've build snort from the maintainers apt source:
deb-src http://people.debian.org/~ssmeenk/snort-stable-i386/ ./

I've patched decode.c and preprocessors/spp_conversation.c
With the attached patches it's posible to start snort w/o SIGBUS. Now snort
only generates a sigbus if there's a portscan detected.

It's a 32bit MicroSPARC cpu. (sun4m, sparctstation4-110) with debian stable.

Is there anybody who got snort working on sparc/linux?

Program received signal SIGBUS, Bus error.
0x0008640c in FillStateRecord (s=0xefffe3a0, p=0xefffe568) at
spp_conversation.c:495
495	    if(PACKET_FORWARD(p))
(gdb) where
#0  0x0008640c in FillStateRecord (s=0xefffe3a0, p=0xefffe568) at
spp_conversation.c:495
#1  0x0008667c in ConvGetSession (p=0xefffe568) at spp_conversation.c:547
#2  0x00085f30 in ConvFunc (p=0xefffe568) at spp_conversation.c:338
#3  0x0003aed0 in Preprocess (p=0xefffe568) at detect.c:116
#4  0x000307fc in ProcessPacket (user=0x0, pkthdr=0xefffea68,
pkt=0x2117d0 "\b") at snort.c:595
#5  0x5002c8a0 in pcap_read () from /usr/lib/libpcap.so.0
#6  0x5002c644 in pcap_read () from /usr/lib/libpcap.so.0
#7  0x5002d8cc in pcap_loop () from /usr/lib/libpcap.so.0
#8  0x00032ad8 in InterfaceThread (arg=0x0) at snort.c:1525
#9  0x00030590 in SnortMain (argc=3, argv=0xefffee14) at snort.c:537
#10 0x0002f990 in main (argc=3, argv=0xefffee14) at snort.c:165

I've build snort-2.02 on my solaris9 ultrasparc box. (CFLAGS: -m32
-mcpu=v9) and that works just fine.

Daniel van Eeden <daniel_e@dds.nl>

366a367
>             DebugMessage(DEBUG_DECODE, "   Priority: %d(0x%X)\n", pri, pri);
2159,2160c2160,2161
<         memcpy(&ph.sip, &p->iph->ip_src.s_addr,4);
<         memcpy(&ph.sip, &p->iph->ip_dst.s_addr,4);
---
>         ph.sip = (u_int32_t)(p->iph->ip_src.s_addr);
>         ph.dip = (u_int32_t)(p->iph->ip_dst.s_addr);
2323,2324c2324,2325
<         memcpy(&ph.sip, &p->iph->ip_src.s_addr,4);
<         memcpy(&ph.sip, &p->iph->ip_dst.s_addr,4);
---
>         ph.sip = (u_int32_t)(p->iph->ip_src.s_addr);
>         ph.dip = (u_int32_t)(p->iph->ip_dst.s_addr);


329c329
<     /* DEBUG_WRAP(DebugMessage(DEBUG_CONVERSATION,
---
>     DEBUG_WRAP(DebugMessage(DEBUG_CONVERSATION,
334c334
<                             inet_ntoa(p->iph->ip_dst), p->dp);); */
---
>                             inet_ntoa(p->iph->ip_dst), p->dp););
499,500c499,500
<         memcpy(&s->sip, &p->iph->ip_src.s_addr,4);
<         memcpy(&s->dip, &p->iph->ip_dst.s_addr,4);
---
>         s->sip = p->iph->ip_src.s_addr;
>         s->dip = p->iph->ip_dst.s_addr;
Reply to: