Snort mailing list archives
RE: Snort ver 1.8.4-beta2 gives bus error.....
From: "PAD HOSMANE" <phosmane () pop fedworld gov>
Date: Tue, 26 Feb 2002 08:25:52 -0500
Chris, Thank you very much for the response. I just sent one more email regarding snort 1.8.3, and it also refers to same sort of problem. I am not a programmer, please explain it little bit more detail as to what should i do. Thanks -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Chris Green Sent: Tuesday, February 26, 2002 7:57 AM To: PAD HOSMANE Cc: snort-users () sourceforge net Subject: Re: [Snort-users] Snort ver 1.8.4-beta2 gives bus error..... "PAD HOSMANE" <phosmane () apollo fedworld gov> writes:
Hi, I compiled snort 1.8.4-beta2 on HP-UX 11.00 (with GCC 3.0.1). I ran configure with follwoing options
Ok, thanks for trying to compile ( and rereporting your bug, I had meant to ask about it earlier ). I don't have experience with solving alignment problems but the only way I can think to solve it right now (and ones like it) is to create a union thats the size of the full type and assign both fields directly into it. What's happening is snort is trying to copy a u_int8_t into a field that's 4 bits long. Hrm is this HP-UX little endian or big endian? I assume big but I would have thought it failed on the stream_pkt->iph->ip_hlen assignment instead. stream_pkt->iph->ip_ver = stream_pkt->iph->ip_ver & 0x4
#0 0x7c46c in InitStream4Pkt () at spp_stream4.c:2916 2916 stream_pkt->iph->ip_ver = 0x4; (gdb) where #0 0x7c46c in InitStream4Pkt () at spp_stream4.c:2916 #1 0x75438 in Stream4Init (args=0x40058d00 "detect_scans") at spp_stream4.c:587 #2 0x29fc0 in ParsePreprocessor (rule=0x7f7f0f38 "preprocessor stream4: detect_scans") at rules.c:1327 #3 0x28cfc in ParseRule (rule_file=0x7f7d9d30, prule=0x7f7f0a30 "preprocessor stream4: detect_scans", inclevel=0) at rules.c:539 #4 0x28388 in ParseRulesFile (file=0x400349a4 "/etc/snort.conf", inclevel=0) at rules.c:198 #5 0x1bc64 in ReadConfFile () at snort.c:3316 #6 0x14b98 in main (argc=5, argv=0x7f7f0764) at snort.c:189 Any help is greatly appreciated. Thanks _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Chris Green <cmg () uab edu> A good pun is its own reword. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 25)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 26)
- RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 26)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 26)
- 1.8.1 -> 1.8.3 DB Mike Arrison (Feb 26)
- RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 26)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 26)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 27)
- RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 27)
- RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 27)
- RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 27)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 27)
- RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 28)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 28)
- RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 27)
- <Possible follow-ups>
- RE: Snort ver 1.8.4-beta2 gives bus error..... Clausing, James A (Jim), SOBUS (Feb 26)