SUMMARY: Snort on Tru64

From: Brandon Saunders (brandon.a.saunders.1@ohio.edu)
Date: Fri Mar 28 2003 - 13:47:20 EST

• Next message: Jean-François Blanchet: "script for replacing Null character in files"
• Previous message: Michael: "SUMMARY : ADVFS Defragment errors"
• In reply to: Brandon Saunders: "Snort on Tru64"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

First,

Thanks to everyone that lended suggestions. I have snort 1.9.1 working,
and will probably see if I can get the necessary changes into the 2.0
stream.

Here is what I have found.

The primary issue is the include file for the u_int32_t type. In Tru64
u_int32_t is not included in the sys/types.h file. Adding the include file
sys/bitypes.h is necessary for the system to compile.

The following code needs to be added to these files after the #include
<sys/types.h> statement.

#ifdef OSF1
#include <sys/bitypes.h>
#endif

./src/event.h
./src/signature.h

It may be necessary to add this code elsewhere to more strictly declare the
variable.

With this change the code will compile with the Compaq compiler, but
alignment errors do occur during runtime. To compensate for this problem
the -misalign option can be added to the CFLAGS variable in the following
Makefiles.

./src/output-plugins/Makefile
./src/detection-plugins/Makefile
./src/preprocessors/Makefile
./src/Makefile

Work should be done to determine the changes necessary in the autoconf
scripts to add this option in Tru64. I suppose this could also be done by
setting the a CFLAGS shell variable before running the .configure script.

This generates a running program that does not issue Alignment Errors. It
does crash with a core dump. The ladebug shows that the http_decode
preprocessor is the source of the problem. To work around this problem the
preprocessor was commented out of the config file.

#preprocessor http_decode

More debugging will be done on that in the future.

The program appears to work in this state for a couple of days, then
crashes. I am looking into that as well.

Brandon Saunders
Senior Network Engineer
Ohio University Communication Network Services
Email: brandon.a.saunders.1@ohiou.edu

--On Monday, March 24, 2003 2:04 PM -0500 Brandon Saunders
<brandon.a.saunders.1@ohio.edu> wrote:

> Managers,
>
> I am currently working to get Snort 1.9.1 to work on Tru64 5.1a, and am
> getting a great deal of alignment errors. I had similar problems with
> Argus some time ago, and never found a good solution.
>
> Snort 1.8b1 was supplied with the Tru64 5.1B Open Source Software
> Collection. It works, but core dumps after a few minutes in operation and
> has several known issues.
>
> Does anyone have a version of Snort later than 1.8.1 working on their
> machines?
>
> Thank You
>
> Brandon Saunders
> Senior Network Engineer
> Ohio University Communication Network Services
> Email: brandon.a.saunders.1@ohiou.edu

• application/pgp-signature attachment: stored

• Next message: Jean-François Blanchet: "script for replacing Null character in files"
• Previous message: Michael: "SUMMARY : ADVFS Defragment errors"
• In reply to: Brandon Saunders: "Snort on Tru64"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:14 EDT