Snort mailing list archives
snort 2.9.3 core dump on solaris 10 sparc
From: Luis <luis.mlists () gmail com>
Date: Thu, 9 Aug 2012 10:18:38 -0400
hello: I decided to download and try to compile snort 2.9.3 on solaris sparc. as before, put in the 'patch' to compile daq 1.1.1 and patched the 30 or so files in the snort source adding the #include "sf_types.h" for the solaris compile... however I'm getting a core soon after snort starts (after it processes a few hundred packets..).. somewhat sanitized output below... :) ... Acquiring network traffic from "bge2". Reload thread starting... Reload thread started, thread 2 (28839) Decoding Ethernet --== Initialization Complete ==-- ,,_ -*> Snort! <*- o" )~ Version 2.9.3 IPv6 GRE (Build 37) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2012 Sourcefire, Inc., et al. Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3 Rules Engine: SF_SNORT_DETECTION_ENGINE Version 1.16 <Build 18> Preprocessor Object: SF_POP (IPV6) Version 1.0 <Build 1> Preprocessor Object: SF_MODBUS (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SSLPP (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_FTPTELNET (IPV6) Version 1.2 <Build 13> Preprocessor Object: SF_SMTP (IPV6) Version 1.1 <Build 9> Preprocessor Object: SF_IMAP (IPV6) Version 1.0 <Build 1> Preprocessor Object: SF_REPUTATION (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_DCERPC2 (IPV6) Version 1.0 <Build 3> Preprocessor Object: SF_SDF (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_GTP (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SIP (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_DNS (IPV6) Version 1.1 <Build 4> Preprocessor Object: SF_DNP3 (IPV6) Version 1.1 <Build 1> Preprocessor Object: SF_SSH (IPV6) Version 1.1 <Build 3> Commencing packet processing (pid=28839) 08/09-08:59:51.839609 <IP>:514 -> <IP>:514 UDP TTL:254 TOS:0x0 ID:22800 IpLen:20 DgmLen:235 Len: 207 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ ... 08/09-08:59:53.247146 <IP> 60941 -> <IP>:445 TCP TTL:123 TOS:0x0 ID:5073 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xFA6A959D Ack: 0x4B29A592 Win: 0x104 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Bus Error(coredump) here's pstack and pflags output on core file # pstack core_sunsv02t_snort_0_0_1344517193_28839 core 'core_sunsv02t_snort_0_0_1344517193_28839' of 28839: /opt/PP2K/bin/snort -v -v -v -v -c /opt/PP2K/etc/snort2.conf.293test1 ----------------- lwp# 1 / thread# 1 -------------------- febafe48 DCE2_Move (ffbfe608, ffbfe606, 9f, 0, ffbfe606, f20a7ec) + 30 febaf984 DCE2_SmbProcess (14fce850, fec263b8, 0, 3d03, 0, fffffd58) + 908 feba6c70 DCE2_Process (f14ccf0, 0, 0, eb0f9c20, 8b754, eb0f9c20) + e68 feba1874 DCE2_Main (f14ccf0, 0, ffbfe7d8, ffbfe7d8, c6afb8, 15d60b8) + 328 00086f74 Preprocess (f14ccf0, e4e118, 0, eb0ebe45, 8b754, 7abc7c) + 488 0015497c _flush_to_seq_4 (1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0, ffbfef98) + 8f8 001532d4 flush_to_seq (1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0, ffbfef98) + 130 00164370 CheckFlushPolicyOnAck (1839b78, 1839cd4, 1839b78, ffbfec08, ffbfeee8, ff60) + 534 001624b4 ProcessTcp (14fce188, ffbfeee8, ffbfec08, d274af8, 8b754, ffbfeee8) + 4838 00156e38 Stream5ProcessTcp (ffbfeee8, 14fce188, d274af8, ffbfece8, 8b754, ffbfece8) + df8 001232c0 Stream5Process (ffbfeee8, 0, 0, 19dc, c6afb8, f135330) + 248 000871b8 Preprocess (ffbfeee8, ffffffff, ffbfef98, ffbfefb0, 0, 0) + 6cc 00074e1c ProcessPacket (ffbfeee8, ffbff6c8, 14f9dcc2, 0, 0, 25fb0) + 28c 00074664 PacketCallback (0, ffbff6c8, 14f9dcc2, 78, 0, 78) + 364 001a55ec pcap_process_loop (14d74858, ffbff780, 14f9dcc2, 3c, 5ea, 3c5e3) + 64 ff0878fc pcap_process_pkts (14d75a50, 1a5588, 14d74858, ffffffb2, 14f9dd02, ffbff768) + ac ff075c48 pcap_read_dlpi (14d75a50, ffffffb2, 1a5588, 14d74858, 5, fffc00) + 9c ff077284 pcap_dispatch (14d75a50, ffffffb2, 1a5588, 14d74858, 0, 0) + 14 001a566c pcap_daq_acquire (14d74858, ffffffff, 1a5400, 0, 1, 6) + 4c 001a49bc daq_acquire_with_meta (fffffffa, 14d74858, ffffffff, 74300, 0, 0) + 50 000a7400 DAQ_Acquire (ffffffff, 74300, 0, 0, 7aa6a8, 7aa684) + 40 00077ff0 PacketLoop (0, ffffffff, 0, 0, 0, f03d88) + 48 00072738 SnortMain (9, ffbffbbc, 0, 0, 0, 7aa67c) + 230 000724f0 main (9, ffbffbbc, ffbffbe4, c7df40, ff2c0100, 0) + 34 0002a9a8 _start (0, 0, 0, 0, 0, 0) + 5c ----------------- lwp# 2 / thread# 2 -------------------- fef4d8c0 ___nanosleep (1, 0, 0, fea50200, fefc23ec, 0) + 8 0007d008 ReloadConfigThread (0, fe9fc000, 0, 0, 7cda4, 1) + 264 fef4a9c8 _lwp_start (0, 0, 0, 0, 0, 0) # pflags core_sunsv02t_snort_0_0_1344517193_28839 core 'core_sunsv02t_snort_0_0_1344517193_28839' of 28839: /opt/PP2K/bin/snort -v -v -v -v -c /opt/PP2K/etc/snort2.conf.293test1 data model = _ILP32 flags = MSACCT|MSFORK /1: flags = 0 sigmask = 0xffffbefc,0x0000ffff cursig = SIGBUS /2: flags = STOPPED nanosleep(0xfe9fbf10,0xfe9fbf08) why = PR_SUSPENDED sigmask = 0xffbffeff,0x0000fff7 # adb core_sunsv02t_snort_0_0_1344517193_28839 core file = core_sunsv02t_snort_0_0_1344517193_28839 -- program ``/opt/PP2K/bin/snort'' on platform SUNW,Sun-Fire-V240 SIGBUS: Bus Error $c libsf_dce2_preproc.so.0.0.0`DCE2_Move+0x30(ffbfe608, ffbfe606, 9f, 0, ffbfe606, f20a7ec) libsf_dce2_preproc.so.0.0.0`DCE2_SmbProcess+0x908(14fce850, fec263b8, 0, 3d03, 0, fffffd58) libsf_dce2_preproc.so.0.0.0`DCE2_Process+0xe68(f14ccf0, 0, 0, eb0f9c20, 8b754, eb0f9c20) libsf_dce2_preproc.so.0.0.0`DCE2_Main+0x328(f14ccf0, 0, ffbfe7d8, ffbfe7d8, c6afb8, 15d60b8) Preprocess+0x488(f14ccf0, e4e118, 0, eb0ebe45, 8b754, 7abc7c) _flush_to_seq_4+0x8f8(1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0, ffbfef98) flush_to_seq+0x130(1839b78, 1839cd4, 9f, ffbfeee8, ffbfefb0, ffbfef98) CheckFlushPolicyOnAck+0x534(1839b78, 1839cd4, 1839b78, ffbfec08, ffbfeee8, ff60) ProcessTcp+0x4838(14fce188, ffbfeee8, ffbfec08, d274af8, 8b754, ffbfeee8) Stream5ProcessTcp+0xdf8(ffbfeee8, 14fce188, d274af8, ffbfece8, 8b754, ffbfece8) Stream5Process+0x248(ffbfeee8, 0, 0, 19dc, c6afb8, f135330) Preprocess+0x6cc(ffbfeee8, ffffffff, ffbfef98, ffbfefb0, 0, 0) ProcessPacket+0x28c(ffbfeee8, ffbff6c8, 14f9dcc2, 0, 0, 25fb0) PacketCallback+0x364(0, ffbff6c8, 14f9dcc2, 78, 0, 78) pcap_process_loop+0x64(14d74858, ffbff780, 14f9dcc2, 3c, 5ea, 3c5e3) libpcap.so.1`pcap_process_pkts+0xac(14d75a50, 1a5588, 14d74858, ffffffb2, 14f9dd02, ffbff768) libpcap.so.1`pcap_read_dlpi+0x9c(14d75a50, ffffffb2, 1a5588, 14d74858, 5, fffc00) libpcap.so.1`pcap_dispatch+0x14(14d75a50, ffffffb2, 1a5588, 14d74858, 0, 0) pcap_daq_acquire+0x4c(14d74858, ffffffff, 1a5400, 0, 1, 6) daq_acquire_with_meta+0x50(fffffffa, 14d74858, ffffffff, 74300, 0, 0) DAQ_Acquire+0x40(ffffffff, 74300, 0, 0, 7aa6a8, 7aa684) PacketLoop+0x48(0, ffffffff, 0, 0, 0, f03d88) SnortMain+0x230(9, ffbffbbc, 0, 0, 0, 7aa67c) main+0x34(9, ffbffbbc, ffbffbe4, c7df40, ff2c0100, 0) _start+0x5c(0, 0, 0, 0, 0, 0) any help would be appreciated :-) Thanks, Luis
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort 2.9.3 core dump on solaris 10 sparc Luis (Aug 09)
- Re: snort 2.9.3 core dump on solaris 10 sparc Todd Wease (Aug 09)
- Re: snort 2.9.3 core dump on solaris 10 sparc Luis (Aug 09)
- Re: snort 2.9.3 core dump on solaris 10 sparc Todd Wease (Aug 09)