Re: [snort] sparc SIGBUS

To: Daniel van Eeden <daniel_e@dds.nl>
Cc: debian-sparc@lists.debian.org
Subject: Re: [snort] sparc SIGBUS
From: "David S. Miller" <davem@redhat.com>
Date: Wed, 29 Oct 2003 09:15:53 -0800
Message-id: <[🔎] 20031029091553.01bced39.davem@redhat.com>
In-reply-to: <[🔎] 3F9FEA75.1020202@dds.nl>
References: <[🔎] 3F9FEA75.1020202@dds.nl>

On Wed, 29 Oct 2003 17:27:33 +0100
Daniel van Eeden <daniel_e@dds.nl> wrote:

> Program received signal SIGBUS, Bus error.
> 0x0008640c in FillStateRecord (s=0xefffe3a0, p=0xefffe568) at
> spp_conversation.c:495
> 495	    if(PACKET_FORWARD(p))

I think the PACKET_FORWARD() macro is the source of the problem:

#define PACKET_FORWARD(a) (*((unsigned int*)&a->iph->ip_dst) > *((unsigned int*)&a->iph->ip_src))

The a->iph->ip_dst and a->iph->ip_src objects are probably not aligned
enough to be accessed as an "unsigned int" (ie. it doesn't have 4 byte
alignment) and making such an unaligned access is illegal on sparc
(and most risc systems).

There appears to be some logic in the snort sources to attempt to
deal with these alignment issues, see the WORDS_MUSTALIGN macro
which should be getting set in the header file generated by the
configure script.

However, this is only used for accessor macros defined in decode.h.
I think PACKET_FORWARD() need to be making use of these macros instead
of directly accessing the IP header pieces via direct pointer
derefernces.

Reply to:

References:
- [snort] sparc SIGBUS
  - From: Daniel van Eeden <daniel_e@dds.nl>

Prev by Date: Re: [snort] sparc SIGBUS
Next by Date: Sun Blade 100
Previous by thread: Re: [snort] sparc SIGBUS
Next by thread: sarge iso
Index(es):
- Date
- Thread