Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort 2.9.3 core dump on solaris 10 sparc

From: Luis <luis.mlists () gmail com>
Date: Thu, 9 Aug 2012 10:18:38 -0400
hello:

I decided to download and try to compile snort 2.9.3 on solaris sparc.

as before, put in the 'patch' to compile daq 1.1.1 and patched the 30 or so
files in the snort source adding the  #include "sf_types.h" for the solaris
compile...

however I'm getting a core soon after snort starts (after it processes a
few hundred packets..)..

somewhat sanitized output below... :)
...
Acquiring network traffic from "bge2".
Reload thread starting...
Reload thread started, thread 2 (28839)
Decoding Ethernet

        --== Initialization Complete ==--

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.3 IPv6 GRE (Build 37)
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2012 Sourcefire, Inc., et al.
           Using PCRE version: 8.12 2011-01-15
           Using ZLIB version: 1.2.3

           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 1.16  <Build 18>
           Preprocessor Object: SF_POP (IPV6)  Version 1.0  <Build 1>
           Preprocessor Object: SF_MODBUS (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSLPP (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_FTPTELNET (IPV6)  Version 1.2  <Build 13>
           Preprocessor Object: SF_SMTP (IPV6)  Version 1.1  <Build 9>
           Preprocessor Object: SF_IMAP (IPV6)  Version 1.0  <Build 1>
           Preprocessor Object: SF_REPUTATION (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_DCERPC2 (IPV6)  Version 1.0  <Build 3>
           Preprocessor Object: SF_SDF (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_GTP (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SIP (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_DNS (IPV6)  Version 1.1  <Build 4>
           Preprocessor Object: SF_DNP3 (IPV6)  Version 1.1  <Build 1>
           Preprocessor Object: SF_SSH (IPV6)  Version 1.1  <Build 3>
Commencing packet processing (pid=28839)
08/09-08:59:51.839609 <IP>:514 -> <IP>:514
UDP TTL:254 TOS:0x0 ID:22800 IpLen:20 DgmLen:235
Len: 207
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
...

08/09-08:59:53.247146 <IP> 60941 -> <IP>:445
TCP TTL:123 TOS:0x0 ID:5073 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xFA6A959D  Ack: 0x4B29A592  Win: 0x104  TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Bus Error(coredump)



here's pstack and pflags output on core file


# pstack core_sunsv02t_snort_0_0_1344517193_28839
core 'core_sunsv02t_snort_0_0_1344517193_28839' of 28839:
/opt/PP2K/bin/snort -v -v -v -v -c /opt/PP2K/etc/snort2.conf.293test1
-----------------  lwp# 1 / thread# 1  --------------------
 febafe48 DCE2_Move (ffbfe608, ffbfe606, 9f, 0, ffbfe606, f20a7ec) + 30
 febaf984 DCE2_SmbProcess (14fce850, fec263b8, 0, 3d03, 0, fffffd58) + 908
 feba6c70 DCE2_Process (f14ccf0, 0, 0, eb0f9c20, 8b754, eb0f9c20) + e68
 feba1874 DCE2_Main (f14ccf0, 0, ffbfe7d8, ffbfe7d8, c6afb8, 15d60b8) + 328
 00086f74 Preprocess (f14ccf0, e4e118, 0, eb0ebe45, 8b754, 7abc7c) + 488
 0015497c _flush_to_seq_4 (1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0,
ffbfef98) + 8f8
 001532d4 flush_to_seq (1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0, ffbfef98)
+ 130
 00164370 CheckFlushPolicyOnAck (1839b78, 1839cd4, 1839b78, ffbfec08,
ffbfeee8, ff60) + 534
 001624b4 ProcessTcp (14fce188, ffbfeee8, ffbfec08, d274af8, 8b754,
ffbfeee8) + 4838
 00156e38 Stream5ProcessTcp (ffbfeee8, 14fce188, d274af8, ffbfece8, 8b754,
ffbfece8) + df8
 001232c0 Stream5Process (ffbfeee8, 0, 0, 19dc, c6afb8, f135330) + 248
 000871b8 Preprocess (ffbfeee8, ffffffff, ffbfef98, ffbfefb0, 0, 0) + 6cc
 00074e1c ProcessPacket (ffbfeee8, ffbff6c8, 14f9dcc2, 0, 0, 25fb0) + 28c
 00074664 PacketCallback (0, ffbff6c8, 14f9dcc2, 78, 0, 78) + 364
 001a55ec pcap_process_loop (14d74858, ffbff780, 14f9dcc2, 3c, 5ea, 3c5e3)
+ 64
 ff0878fc pcap_process_pkts (14d75a50, 1a5588, 14d74858, ffffffb2,
14f9dd02, ffbff768) + ac
 ff075c48 pcap_read_dlpi (14d75a50, ffffffb2, 1a5588, 14d74858, 5, fffc00)
+ 9c
 ff077284 pcap_dispatch (14d75a50, ffffffb2, 1a5588, 14d74858, 0, 0) + 14
 001a566c pcap_daq_acquire (14d74858, ffffffff, 1a5400, 0, 1, 6) + 4c
 001a49bc daq_acquire_with_meta (fffffffa, 14d74858, ffffffff, 74300, 0, 0)
+ 50
 000a7400 DAQ_Acquire (ffffffff, 74300, 0, 0, 7aa6a8, 7aa684) + 40
 00077ff0 PacketLoop (0, ffffffff, 0, 0, 0, f03d88) + 48
 00072738 SnortMain (9, ffbffbbc, 0, 0, 0, 7aa67c) + 230
 000724f0 main     (9, ffbffbbc, ffbffbe4, c7df40, ff2c0100, 0) + 34
 0002a9a8 _start   (0, 0, 0, 0, 0, 0) + 5c
-----------------  lwp# 2 / thread# 2  --------------------
 fef4d8c0 ___nanosleep (1, 0, 0, fea50200, fefc23ec, 0) + 8
 0007d008 ReloadConfigThread (0, fe9fc000, 0, 0, 7cda4, 1) + 264
 fef4a9c8 _lwp_start (0, 0, 0, 0, 0, 0)



# pflags core_sunsv02t_snort_0_0_1344517193_28839
core 'core_sunsv02t_snort_0_0_1344517193_28839' of 28839:
/opt/PP2K/bin/snort -v -v -v -v -c /opt/PP2K/etc/snort2.conf.293test1
        data model = _ILP32  flags = MSACCT|MSFORK
 /1:    flags = 0
        sigmask = 0xffffbefc,0x0000ffff  cursig = SIGBUS
 /2:    flags = STOPPED  nanosleep(0xfe9fbf10,0xfe9fbf08)
        why = PR_SUSPENDED
        sigmask = 0xffbffeff,0x0000fff7



# adb  core_sunsv02t_snort_0_0_1344517193_28839
core file = core_sunsv02t_snort_0_0_1344517193_28839 -- program
``/opt/PP2K/bin/snort'' on platform SUNW,Sun-Fire-V240
SIGBUS: Bus Error
$c
libsf_dce2_preproc.so.0.0.0`DCE2_Move+0x30(ffbfe608, ffbfe606, 9f, 0,
ffbfe606, f20a7ec)
libsf_dce2_preproc.so.0.0.0`DCE2_SmbProcess+0x908(14fce850, fec263b8, 0,
3d03, 0, fffffd58)
libsf_dce2_preproc.so.0.0.0`DCE2_Process+0xe68(f14ccf0, 0, 0, eb0f9c20,
8b754, eb0f9c20)
libsf_dce2_preproc.so.0.0.0`DCE2_Main+0x328(f14ccf0, 0, ffbfe7d8, ffbfe7d8,
c6afb8, 15d60b8)
Preprocess+0x488(f14ccf0, e4e118, 0, eb0ebe45, 8b754, 7abc7c)
_flush_to_seq_4+0x8f8(1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0, ffbfef98)
flush_to_seq+0x130(1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0, ffbfef98)
CheckFlushPolicyOnAck+0x534(1839b78, 1839cd4, 1839b78, ffbfec08, ffbfeee8,
ff60)
ProcessTcp+0x4838(14fce188, ffbfeee8, ffbfec08, d274af8, 8b754, ffbfeee8)
Stream5ProcessTcp+0xdf8(ffbfeee8, 14fce188, d274af8, ffbfece8, 8b754,
ffbfece8)
Stream5Process+0x248(ffbfeee8, 0, 0, 19dc, c6afb8, f135330)
Preprocess+0x6cc(ffbfeee8, ffffffff, ffbfef98, ffbfefb0, 0, 0)
ProcessPacket+0x28c(ffbfeee8, ffbff6c8, 14f9dcc2, 0, 0, 25fb0)
PacketCallback+0x364(0, ffbff6c8, 14f9dcc2, 78, 0, 78)
pcap_process_loop+0x64(14d74858, ffbff780, 14f9dcc2, 3c, 5ea, 3c5e3)
libpcap.so.1`pcap_process_pkts+0xac(14d75a50, 1a5588, 14d74858, ffffffb2,
14f9dd02, ffbff768)
libpcap.so.1`pcap_read_dlpi+0x9c(14d75a50, ffffffb2, 1a5588, 14d74858, 5,
fffc00)
libpcap.so.1`pcap_dispatch+0x14(14d75a50, ffffffb2, 1a5588, 14d74858, 0, 0)
pcap_daq_acquire+0x4c(14d74858, ffffffff, 1a5400, 0, 1, 6)
daq_acquire_with_meta+0x50(fffffffa, 14d74858, ffffffff, 74300, 0, 0)
DAQ_Acquire+0x40(ffffffff, 74300, 0, 0, 7aa6a8, 7aa684)
PacketLoop+0x48(0, ffffffff, 0, 0, 0, f03d88)
SnortMain+0x230(9, ffbffbbc, 0, 0, 0, 7aa67c)
main+0x34(9, ffbffbbc, ffbffbe4, c7df40, ff2c0100, 0)
_start+0x5c(0, 0, 0, 0, 0, 0)



any  help would be appreciated  :-)

Thanks,


Luis

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: