Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Coredumps on Sparc

From: mel <meling () scan-associates net>
Date: Wed, 17 Oct 2001 11:27:59 +0800
Hi, 

I've installed snort on two old sparcs, and the following nmap scans
causes snort to core dump:
nmap -sX -f <snort_sensor>

Both Snorts are:
Version 1.8.1-RELEASE (Build 74)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

The following are the gdb traces. The first trace is for SPARCstation-4,
and the second one is for SPARCstation-5

---gdb trace 1----
Sensor: OpenBSD ns 2.9 GENERIC#34 sparc SUNW,SPARCstation-4

bash-2.05# gdb /usr/local/snort/bin/snort snort.core
GNU gdb 4.16.1
Copyright 1996 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-unknown-openbsd2.9"...
Core was generated by `snort'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/lib/libz.so.1.3...done.
Reading symbols from /usr/lib/libpcap.so.1.1...done.
Reading symbols from /usr/lib/libm.so.0.1...done.
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.10.0...done.
Reading symbols from /usr/lib/libssl.so.4.1...done.
Reading symbols from /usr/lib/libcrypto.so.4.1...done.
Reading symbols from /usr/lib/libc.so.26.2...done.
#0  DecodeIP (pkt=0xb110e "E", len=40, p=0xf7ffee30) at decode.c:1194
1194        if(p->iph->ip_ver != 4)
(gdb) bt
#0  DecodeIP (pkt=0xb110e "E", len=40, p=0xf7ffee30) at decode.c:1194
#1  0xd8a4 in DecodeEthPkt (p=0xf7ffee30, pkthdr=0xb1000, pkt=0xb1100 "\b")
    at decode.c:85
#2  0x3498 in ProcessPacket (user=0x0, pkthdr=0xb1000, pkt=0xb1100 "\b")
    at snort.c:484
#3  0x473c0 in RebuildFrag (ft=0x5b0c80, p=0x14) at spp_frag2.c:752
#4  0x46bc8 in Frag2Defrag (p=0xf7fff448) at spp_frag2.c:472
#5  0x14304 in Preprocess (p=0xf7fff448) at rules.c:3426
#6  0x35c0 in ProcessPacket (user=0x0, pkthdr=0x79400, pkt=0xa10b2 "\b")
    at snort.c:534
#7  0x80850a4 in pcap_read ()
#8  0x8095c24 in pcap_loop ()
#9  0x5de8 in InterfaceThread (arg=0x79588) at snort.c:1561
#10 0x345c in main (argc=497032, argv=0xf7fffacc) at snort.c:467

---gdb trace 2----
Sensor : OpenBSD ns1 2.9 GENERIC#34 sparc SUNW,SPARCstation-5

bash-2.04# gdb bin/snort snort.core
GNU gdb 4.16.1
Copyright 1996 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-unknown-openbsd2.9"...
Core was generated by `snort'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/libexec/ld.so...done.
Reading symbols from /usr/lib/libz.so.1.3...done.
Reading symbols from /usr/lib/libpcap.so.1.1...done.
Reading symbols from /usr/lib/libm.so.0.1...done.
Reading symbols from /usr/local/lib/mysql/libmysqlclient.so.10.0...done.
Reading symbols from /usr/lib/libssl.so.4.1...done.
Reading symbols from /usr/lib/libcrypto.so.4.1...done.
Reading symbols from /usr/lib/libc.so.26.2...done.
#0  DecodeIP (pkt=0xb110e "E", len=40, p=0xf7ffee98) at decode.c:1194
1194        if(p->iph->ip_ver != 4)
(gdb) bt
#0  DecodeIP (pkt=0xb110e "E", len=40, p=0xf7ffee98) at decode.c:1194
#1  0xd93c in DecodeEthPkt (p=0xf7ffee98, pkthdr=0xb1000, pkt=0xb1100 "\b")
    at decode.c:85
#2  0x3498 in ProcessPacket (user=0x0, pkthdr=0xb1000, pkt=0xb1100 "\b")
    at snort.c:484
#3  0x47458 in RebuildFrag (ft=0xaf080, p=0x14) at spp_frag2.c:752
#4  0x46c60 in Frag2Defrag (p=0xf7fff4b0) at spp_frag2.c:472
#5  0x1439c in Preprocess (p=0xf7fff4b0) at rules.c:3426
#6  0x35c0 in ProcessPacket (user=0x0, pkthdr=0x79400, pkt=0xa10b2 "\b")
    at snort.c:534
#7  0x80850a4 in pcap_read ()
#8  0x8095c24 in pcap_loop ()
#9  0x5de8 in InterfaceThread (arg=0x79588) at snort.c:1561
#10 0x345c in main (argc=497032, argv=0xf7fffb34) at snort.c:467
-- 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: