The diff provided by Brad resolves the problem. I was able to successfully perform an nmap scan against an hme iface without receiving a bus error. Tried this with the default rules provided with the package install; which is where I originally received the bus error.
*** From the compiler: ===> Installing snort-2.3.3p1 from /usr/ports/packages/sparc64/all/snort-2.3.3p1.tgz snort-2.3.3p1: complete --- snort-2.3.3p1 ------------------- The Snort rule examples have been installed in /usr/local/share/examples/snort *** From the snort alert log: [**] [1:469:4] ICMP PING NMAP [**] [Classification: Attempted Information Leak] [Priority: 2] a/b-c:d:e.f g.h.i.j -> k.l.m.n ICMP TTL:23 TOS:0x0 ID:42353 IpLen:20 DgmLen:28 Type:8 Code:0 ID:25454 Seq:52265 ECHO [Xref => http://www.whitehats.com/info/IDS162] The same should also work for 2.4.3 as well. I compiled this from source from snort.org and have been running with the latest rules without a problem since I first reported this issue. Axton On 1/4/06, David Krause <[EMAIL PROTECTED]> wrote: > Did this resolve the problem? I'm looking at updating it to 2.4.3 but > want to see about this first. > > David > > * Brad <[EMAIL PROTECTED]> [051224 10:41]: > > The only interesting thing that --enable-64bit-gcc flag does is > > disable optimization. Can you try the following diff with the > > snort port and let me know if it now works for you as expected? > > > > Index: Makefile > > =================================================================== > > RCS file: /cvs/ports/net/snort/Makefile,v > > retrieving revision 1.37 > > diff -u -p -r1.37 Makefile > > --- Makefile 4 Nov 2005 16:20:42 -0000 1.37 > > +++ Makefile 24 Dec 2005 16:31:55 -0000 > > @@ -3,7 +3,7 @@ > > COMMENT= "highly flexible sniffer/NIDS" > > > > DISTNAME= snort-2.3.3 > > -PKGNAME= ${DISTNAME}p0 > > +PKGNAME= ${DISTNAME}p1 > > CATEGORIES= net security > > MASTER_SITES= ${HOMEPAGE}/dl/current/ > > > > @@ -20,6 +20,10 @@ SEPARATE_BUILD= concurrent > > CONFIGURE_STYLE= gnu > > > > LIB_DEPENDS= pcre::devel/pcre > > + > > +.if ${MACHINE_ARCH} == "sparc64" > > +CFLAGS= -O0 > > +.endif > > > > FLAVORS= postgresql mysql smbalert flexresp > > FLAVOR?= > > > > > > On Fri, Dec 23, 2005 at 11:18:49PM -0500, Axton wrote: > > > Using snort-2.3.3p0.tgz (current) included in the 3.8 packages for > > > sparc64. This package is not compiled properly to support a 64-bit > > > processor. > > > > > > With the current configuration options, a bus error is generated and > > > snort core dumps when a port scan is issued against the host while > > > snort is running. > > > > > > Steps to reproduce: > > > - Install snort package: > > > > # pkg_add snort-2.3.3p0.tgz > > > - Start snort > > > > # snort -i hme0 > > > - Issue an nmap scan against the host running snort: > > > > # nmap -sS -sV -v -O -P0 x.x.x.x > > > > > > The console will then show "bus error" and snort dies. > > > > > > Compiling snort with these options resolves the problem: > > > > > > --enable-64bit-gcc \ > > > --with-mysql \ > > > --prefix=/usr/local \ > > > --build=sparc64 > > > > > > > > > Relevant System Information: > > > > > > # sysctl -n kern.version > > > OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 > > > [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC > > > > > > > > > # dmesg > > > OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 > > > [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC > > > total memory = 805306368 > > > avail memory = 723271680 > > > using 4915 buffers containing 40263680 bytes of memory > > > bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 > > > mainbus0 (root): Sun Blade 100 (UltraSPARC-IIe) > > > cpu0 at mainbus0: SUNW,UltraSPARC-IIe @ 502 MHz, version 0 FPU > > > cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 1024K > > > external (64 b/l) > > > psycho0 at mainbus0 > > > pci108e,a001: impl 0, version 0: ign 7c0 bus range 0 to 2; PCI bus 0 > > > DVMA map: c0000000 to e0000000 > > > IOTDB: 3a60000 to 3ae0000 > > > pci0 at psycho0 > > > ebus0 at pci0 dev 12 function 0 "Sun PCIO Ebus2 (US III)" rev 0x01 > > > flashprom at ebus0 addr 0-fffff not configured > > > clock1 at ebus0 addr 0-1fff: mk48t59: hostid 8304b21d > > > ebus_attach: idprom: incomplete > > > gem0 at pci0 dev 12 function 1 "Sun ERI Ether" rev 0x01: ivec 3006, > > > address 00:03:ba:04:b2:1d > > > ukphy0 at gem0 phy 1: Generic IEEE 802.3u media interface > > > ukphy0: OUI 0x0010dd, model 0x0002, rev. 1 > > > "Sun FireWire" rev 0x01 at pci0 dev 12 function 2 not configured > > > ohci0 at pci0 dev 12 function 3 "Sun USB" rev 0x01: ivec 24, version > > > 1.0, legacy support > > > usb0 at ohci0: USB revision 1.0 > > > uhub0 at usb0 > > > uhub0: Sun OHCI root hub, rev 1.00/1.00, addr 1 > > > uhub0: 4 ports with 4 removable, self powered > > > ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 > > > dma at ebus1 addr 0-ffff ipl 42 not configured > > > power at ebus1 addr 800-82f ipl 32 not configured > > > com0 at ebus1 addr 3f8-3ff ipl 43: ns16550a, 16 byte fifo > > > com1 at ebus1 addr 2e8-2ef ipl 43: ns16550a, 16 byte fifo > > > "Acer Labs M7101 Power" rev 0x00 at pci0 dev 3 function 0 not configured > > > autri0 at pci0 dev 8 function 0 "Acer Labs M5451 Audio" rev 0x01: ivec 23 > > > ac97: codec id 0x41445348 (Analog Devices AD1881A) > > > ac97: codec features headphone, Analog Devices Phat Stereo > > > audio0 at autri0 > > > midi0 at autri0: <4DWAVE MIDI UART> > > > pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3: > > > DMA, channel 0 configured to native-PCI, channel 1 configured to > > > native-PCI > > > pciide0: using ivec 180c for native-PCI interrupt > > > wd0 at pciide0 channel 0 drive 0: <MAXTOR 6L080L4> > > > wd0: 16-sector PIO, LBA, 76345MB, 156355584 sectors > > > atapiscsi0 at pciide0 channel 0 drive 1 > > > scsibus0 at atapiscsi0: 2 targets > > > cd0 at scsibus0 targ 0 lun 0: <LITEON, CD-ROM LTN486S, YSU1> SCSI0 > > > 5/cdrom removable > > > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > > > cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 > > > pciide0: channel 1 disabled (no drives) > > > ppb0 at pci0 dev 5 function 0 "DEC 21152 PCI-PCI" rev 0x03 > > > pci1 at ppb0 bus 1 > > > ppb1 at pci1 dev 1 function 0 "DEC 21153 PCI-PCI" rev 0x04 > > > pci2 at ppb1 bus 2 > > > "Sun PCIO Ebus2" rev 0x01 at pci2 dev 0 function 0 not configured > > > hme0 at pci2 dev 0 function 1 "Sun HME" rev 0x01: address > > > 08:00:20:ca:7d:c4 > > > luphy0 at hme0 phy 1: LU6612 10/100 PHY, rev. 1 > > > hme0: using ivec 301b for interrupt > > > "Sun PCIO Ebus2" rev 0x01 at pci2 dev 1 function 0 not configured > > > hme1 at pci2 dev 1 function 1 "Sun HME" rev 0x01: address > > > 08:00:20:ca:7d:c5 > > > luphy1 at hme1 phy 1: LU6612 10/100 PHY, rev. 1 > > > hme1: using ivec 300b for interrupt > > > "Sun PCIO Ebus2" rev 0x01 at pci2 dev 2 function 0 not configured > > > hme2 at pci2 dev 2 function 1 "Sun HME" rev 0x01: address > > > 08:00:20:ca:7d:c6 > > > luphy2 at hme2 phy 1: LU6612 10/100 PHY, rev. 1 > > > hme2: using ivec 301a for interrupt > > > "Sun PCIO Ebus2" rev 0x01 at pci2 dev 3 function 0 not configured > > > hme3 at pci2 dev 3 function 1 "Sun HME" rev 0x01: address > > > 08:00:20:ca:7d:c7 > > > luphy3 at hme3 phy 1: LU6612 10/100 PHY, rev. 1 > > > hme3: using ivec 300a for interrupt > > > vgafb0 at pci0 dev 19 function 0 "ATI Rage XL" rev 0x27 > > > wsdisplay0 at vgafb0: console (std, sun emulation) > > > pcons at mainbus0 not configured > > > No counter-timer -- using %tick at 502MHz as system clock. > > > uhidev0 at uhub0 port 4 configuration 1 interface 0 > > > uhidev0: Sun Microsystems Type 6 Keyboard, rev 1.00/1.02, addr 2, iclass > > > 3/1 > > > ukbd0 at uhidev0: 8 modifier keys, 6 key codes > > > wskbd0 at ukbd0: console keyboard, using wsdisplay0 > > > root on wd0a > > > rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02 > > > > > > > > > Axton Grams > > > >
