Snort 2.3.0 dumps core on Solaris 9

["Miner, Jonathan W (CSC) (US SSA)" <jonathan.w.miner () baesystems com>]

Hello -

I just upgraded to Snort 2.3.0, running on Solaris 9 and it is dumping core. The traceback shows:

#0  MakePortscanPkt (ps_pkt=0xffbff5b0, proto=0x237f71c, proto_type=1,
    user=0x0) at spp_sfportscan.c:352
#1  0x00050448 in PortscanAlert (ps_pkt=0xffbff5b0, proto=0x237f71c,
    proto_type=1) at spp_sfportscan.c:640
#2  0x000509cc in PortscanDetect (p=0xffbff5b0) at spp_sfportscan.c:681

I'm using the default rules, and default snort.conf, with output set to my mysql database, and HOME_NET defined as:

var HOME_NET [192.233.11.0/24]

Snort is executed with:

snort -c ../rules/snort.conf -l /var/log/snort -D

and was compiled with gcc-3.4.1, and configured with the options:

./configure --prefix=/tools/snort-2.3.0/sun5.9 \
              --with-libpcap-includes=$build/libpcap-0.8.3 \
              --with-libpcap-libraries=$build/libpcap-0.8.3 \
              --with-libnet-includes=$build/Libnet-1.0.2a/include \
              --with-libnet-libraries=$build/Libnet-1.0.2a/lib \
              --with-mysql=/tools/mysql-4.1.7/sun5.9 \
              --enable-flexresp

Snort 2.2.0 worked fine, configured and compiled with all the same options. How can I help debug this?

Thanks


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users