These forums have been switched to read-only mode as of March 1, 2011. The content that already existed here will be retained for posterity. No new posts will be accepted here. For more information and for the address of the new forums, see this page: http://snort.org/community/groups
Forums Support

Snort Solaris 10 BUS ERROR

Subscribe to Snort Solaris 10 BUS ERROR 1 post(s), 1 voice(s)

 
18 Mar, 2010 01:51 PM
Avatar zoeloe 1 post(s)

Empty_starEmpty_starEmpty_starEmpty_starEmpty_star

Hi,
after compiling snort and it’s prereqs with the cooltools Sun compilers I’m getting a BUS ERROR when I start feeding snort packets.
(Followed the <a href="http://www.procyonlabs.com/guides/solaris/snort_base/">http://www.procyonlabs.com/guides/solaris/snort…</a> recipe)
Running snort in gdb with the ddd graphical debugger gives me the following error where snort breaks:
The backtrace is as follows:

  1. Frag3KeyCmpFunc (s1=0xd0e4888, s2=0xffbfef1c, n=40) at /usr/local/packages/ids/snort/snort-2.8.5.3/src/preprocessors//spp_frag3.c:926
    (gdb) up
  2. 0×0010a8d0 in sfxhash_find_node_row (t=0×139ac40, key=0xffbfef1c, rindex=0xffbfee4c) at /usr/local/packages/ids/snort/snort-2.8.5.3/src/sfutil//sfxhash.c:735
    (gdb) up
  3. 0×0010ac78 in sfxhash_find (t=0×139ac40, key=0xffbfef1c) at /usr/local/packages/ids/snort/snort-2.8.5.3/src/sfutil//sfxhash.c:937
    (gdb) up
  4. 0×000ce5f8 in Frag3GetTracker (p=<value optimized out>, fkey=0xffbfef1c) at /usr/local/packages/ids/snort/snort-2.8.5.3/src/preprocessors//spp_frag3.c:2235
    (gdb) up
  5. 0×000cd440 in Frag3Defrag (p=<value optimized out>, context=0×0) at /usr/local/packages/ids/snort/snort-2.8.5.3/src/preprocessors//spp_frag3.c:1628
    (gdb) up
  6. 0×0005b318 in Preprocess (p=0xfeeb5678) at /usr/local/packages/ids/snort/snort-2.8.5.3/src//detect.c:163
    (gdb) up
  7. 0×00048648 in ProcessPacket (user=0×0, pkthdr=<value optimized out>, pkt=<value optimized out>, ft=<value optimized out>) at /usr/local/packages/ids/snort/snort-2.8.5.3/src//snort.c:1557
    (gdb) up
  8. 0×00048088 in PcapProcessPacket (user=0×0, pkthdr=0xffbff7b0, pkt=0×28cc7a2 "") at /usr/local/packages/ids/snort/snort-2.8.5.3/src//snort.c:1044
    (gdb) up
  9. 0×0014ab88 in pcap_process_pkts ()
    (gdb) up
  10. 0×0014a620 in pcap_read_dlpi ()
    (gdb) up
  11. 0×0004c77c in InterfaceThread (arg=0×0) at /usr/local/packages/ids/snort/snort-2.8.5.3/src//snort.c:2961
    (gdb) up
  12. 0×00052050 in SnortProcess () at /usr/local/packages/ids/snort/snort-2.8.5.3/src//snort.c:5274
    (gdb) up
  13. 0×000473f8 in SnortMain (argc=5, argv=0xffbffa34) at /usr/local/packages/ids/snort/snort-2.8.5.3/src//snort.c:740
    (gdb) up
  14. 0×00047304 in main (argc=5, argv=0xffbffa34) at /usr/local/packages/ids/snort/snort-2.8.5.3/src//snort.c:614
    (gdb)

Tried policy solaris in the frag3 config.

snort 2.8.3.rc breaks at the same place.

Any ideas appreciated
Forums Support

©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. Terms of Use | Privacy Policy