Sparc64 3.3 -current (snort bombs out)

[Philip_(_dot_)_Miller_(_at_)_ogilvy_(_dot_)_com]

Stock package runs for variable amount of time then dumps core, (if I NMAP
it,
well... fugghedaboutit it dies pretty much immediately...  best I could
find @snort.org
was some complaints about 1.8/1.9 versions and some SGI stuff...)
While strings'ing through the core file the stock binary dropped off for me
I saw some ELF complaints... so I recompiled from source for 2.0.0 (.tgz
from snort.org)
and the same error happens...


I realize this may be a bit off topic for misc@, but it is in "packages"...

gdb output:  (from my locally compiled snort-2.0.0.tgz)

bash-2.05b# gdb /usr/local/snort/bin/snort GNU gdb 4.16.1
Copyright 1996 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc64-unknown-openbsd3.3"...
(gdb) run -i hme1 -de -c /usr/local/snort/etc/snort.conf
Starting program: /usr/local/snort/bin/snort -i hme1 -de -c
/usr/local/snort/etc/snort.conf
Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface hme1
OpenPcap() device hme1 network lookup:
        hme1: no IPv4 address assigned

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface hme1
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /usr/local/snort/etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
http_decode arguments:
    Unicode decoding
    IIS alternate Unicode decoding
    IIS double encoding vuln
    Flip backslash to slash
    Include additional whitespace separators
    Ports to decode http on: 80
rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Conversation Config:
   KeepStats: 0
   Conv Count: 32000
   Timeout   : 60
   Alert Odd?: 0
   Allowed IP Protocols:  All

1409 Snort rules read...
1409 Option Chains linked into 154 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 2.0.0 (Build 72)
By Martin Roesch (roesch_(_at_)_sourcefire_(_dot_)_com, www.snort.org)
Dwarf Error: Cannot find referent at offset 519.
(gdb) quit



it dumps a core also, if someone is interested in it I will send it
seperately. (its kinda big)
the ktrace output is rather large as well... ive dumped it into human
readable and gzipped
it, but posting with attatchments is usually a foh-pah. again, ask and ye
shall recieve!


here is a dmesg just for good measure:


OpenBSD 3.3-current (GENERIC) #19: Thu May 29 20:14:52 MDT 2003
    deraadt_(_at_)_sparc64_(_dot_)_openbsd_(_dot_)_org:/usr/src/sys/arch/sparc64/compile/GENERIC
total memory = 134217728
avail memory = 115474432
using 819 buffers containing 6709248 bytes of memory
bootpath: /pci_(_at_)_1f,0/pci_(_at_)_1,1/ide_(_at_)_3,0/disk_(_at_)_0,0
mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 270MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 270 MHz, version 0 FPU
cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 256K external (64 b/l)
psycho0 at mainbus0 addr 0xfffc4000
SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 2; PCI bus 0
DVMA map: c0000000 to e0000000
IOTDB: 107c6000 to 10846000
pci0 at psycho0
ppb0 at pci0 dev 1 function 1 "Sun Simba PCI-PCI" rev 0x13
pci1 at ppb0 bus 1
ebus0 at pci1 dev 1 function 0 "Sun PCIO Ebus2" rev 0x01
auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003
power at ebus0 addr 724000-724003 ipl 37 not configured
SUNW,pll at ebus0 addr 504000-504002 not configured
sab0 at ebus0 addr 400000-40007f ipl 43: rev 3.2
sabtty0 at sab0 port 0: console i/o
sabtty1 at sab0 port 1
comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: reset timeout
comkbd0: no keyboard
com0 at ebus0 addr 3062f8-3062ff ipl 42, mouse: ns16550a, 16 byte fifo
lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 700000-70000f ipl 34: polled
fdthree at ebus0 addr 3023f0-3023f7, 706000-70600f, 720000-720003 ipl 39 not configured
clock0 at ebus0 addr 0-1fff: mk48t59: hostid 80a20652
flashprom at ebus0 addr 0-fffff not configured
audioce0 at ebus0 addr 200000-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ipl 35 ipl 36: nvaddrs 0
audio0 at audioce0
hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: address 08:00:20:a2:06:52
nsphy0 at hme0 phy 1: DP83840 10/100 media interface, rev. 1
hme0: using ivec 3021 for interrupt
vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c
wsdisplay0 at vgafb0
wsdisplay0: screen 0 added (std, sun emulation)
pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using ivec 1820 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: <ST34321A>
wd0: 32-sector PIO, LBA, 4103MB, 8894 cyl, 15 head, 63 sec, 8404830 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <LG, CD-ROM CRD-8322B, 1.03> SCSI0 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13
pci2 at ppb1 bus 2
"Sun PCIO Ebus2" rev 0x01 at pci2 dev 1 function 0 not configured
hme1 at pci2 dev 1 function 1 "Sun HME" rev 0x01: address 08:00:20:ad:7b:01
ukphy0 at hme1 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x00601d, model 0x000c, rev. 1
hme1: using ivec 3011 for interrupt
pcons at mainbus0 not configured
No counter-timer -- using %tick at 270MHz as system clock.
root on wd0a
rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02


thanks all!

~phmiller
----------------------------------------- (on bravo)

Privileged/Confidential Information may be contained in this message.  
If you are not the addressee indicated in this message (or responsible 
for delivery of the message to such person), you may not copy or 
deliver this message to anyone. In such case, you should destroy this message 
and kindly notify the sender by reply email. Please advise immediately 
if you or your employer does not consent to email for messages of this 
kind.  Opinions, conclusions and other information in this message that 
do not relate to the official business of the Ogilvy Group shall be 
understood as neither given nor endorsed by it.

---------------------------------------------------------