This is about bug #102772 Snort does work on solaris9/sparc, but not on debian stable on sparc. The 1.8.4beta1-3.1 version of snort in stable won't work.
I've build snort from the maintainers apt source: deb-src http://people.debian.org/~ssmeenk/snort-stable-i386/ ./ I've patched decode.c and preprocessors/spp_conversation.c With the attached patches it's posible to start snort w/o SIGBUS. Now snort only generates a sigbus if there's a portscan detected. It's a 32bit MicroSPARC cpu. (sun4m, sparctstation4-110) with debian stable. Is there anybody who got snort working on sparc/linux? Program received signal SIGBUS, Bus error. 0x0008640c in FillStateRecord (s=0xefffe3a0, p=0xefffe568) at spp_conversation.c:495 495 if(PACKET_FORWARD(p)) (gdb) where #0 0x0008640c in FillStateRecord (s=0xefffe3a0, p=0xefffe568) at spp_conversation.c:495 #1 0x0008667c in ConvGetSession (p=0xefffe568) at spp_conversation.c:547 #2 0x00085f30 in ConvFunc (p=0xefffe568) at spp_conversation.c:338 #3 0x0003aed0 in Preprocess (p=0xefffe568) at detect.c:116 #4 0x000307fc in ProcessPacket (user=0x0, pkthdr=0xefffea68, pkt=0x2117d0 "\b") at snort.c:595 #5 0x5002c8a0 in pcap_read () from /usr/lib/libpcap.so.0 #6 0x5002c644 in pcap_read () from /usr/lib/libpcap.so.0 #7 0x5002d8cc in pcap_loop () from /usr/lib/libpcap.so.0 #8 0x00032ad8 in InterfaceThread (arg=0x0) at snort.c:1525 #9 0x00030590 in SnortMain (argc=3, argv=0xefffee14) at snort.c:537 #10 0x0002f990 in main (argc=3, argv=0xefffee14) at snort.c:165 I've build snort-2.02 on my solaris9 ultrasparc box. (CFLAGS: -m32 -mcpu=v9) and that works just fine. Daniel van Eeden <[EMAIL PROTECTED]>
366a367 > DebugMessage(DEBUG_DECODE, " Priority: %d(0x%X)\n", pri, pri); 2159,2160c2160,2161 < memcpy(&ph.sip, &p->iph->ip_src.s_addr,4); < memcpy(&ph.sip, &p->iph->ip_dst.s_addr,4); --- > ph.sip = (u_int32_t)(p->iph->ip_src.s_addr); > ph.dip = (u_int32_t)(p->iph->ip_dst.s_addr); 2323,2324c2324,2325 < memcpy(&ph.sip, &p->iph->ip_src.s_addr,4); < memcpy(&ph.sip, &p->iph->ip_dst.s_addr,4); --- > ph.sip = (u_int32_t)(p->iph->ip_src.s_addr); > ph.dip = (u_int32_t)(p->iph->ip_dst.s_addr);
329c329 < /* DEBUG_WRAP(DebugMessage(DEBUG_CONVERSATION, --- > DEBUG_WRAP(DebugMessage(DEBUG_CONVERSATION, 334c334 < inet_ntoa(p->iph->ip_dst), p->dp);); */ --- > inet_ntoa(p->iph->ip_dst), p->dp);); 499,500c499,500 < memcpy(&s->sip, &p->iph->ip_src.s_addr,4); < memcpy(&s->dip, &p->iph->ip_dst.s_addr,4); --- > s->sip = p->iph->ip_src.s_addr; > s->dip = p->iph->ip_dst.s_addr;
