Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 29661 - snort 2.x dies on sparc
Summary: snort 2.x dies on sparc
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: Sparc Linux
: High normal (vote)
Assignee: Sparc Porters
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-26 04:36 UTC by Jason Wever (RETIRED)
Modified: 2008-02-13 00:58 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Wever (RETIRED) gentoo-dev 2003-09-26 04:36:34 UTC 
Snort 2.x dies shortly after start.  This seems to be related to some of the pre/post processors.  Working with the snort-devel folks to look into it.

This is presumably a vendor bug, just creating if others are interested.
Comment 1 Jason Wever (RETIRED) gentoo-dev 2003-11-01 03:52:29 UTC 
snort-2.0.2 seems to fix this problem.  Going to test for a bit longer, then
mark stable
Comment 2 Jason Wever (RETIRED) gentoo-dev 2004-01-03 06:13:14 UTC 
Looking into this further, I found the following comments from davem on the debian-sparc mailing list;

** start davem **
I think the PACKET_FORWARD() macro is the source of the problem:

#define PACKET_FORWARD(a) (*((unsigned int*)&a->iph->ip_dst) > *((unsigned   int*)&a->iph->ip_src))

The a->iph->ip_dst and a->iph->ip_src objects are probably not aligned
enough to be accessed as an "unsigned int" (ie. it doesn't have 4 byte
alignment) and making such an unaligned access is illegal on sparc
(and most risc systems).

There appears to be some logic in the snort sources to attempt to
deal with these alignment issues, see the WORDS_MUSTALIGN macro
which should be getting set in the header file generated by the
configure script.

However, this is only used for accessor macros defined in decode.h.
I think PACKET_FORWARD() need to be making use of these macros instead
of directly accessing the IP header pieces via direct pointer
derefernces.
** end davem **

The thread can be referenced at http://lists.debian.org/debian-sparc/2003/debian-sparc-200310/msg00282.html

Additionally, the INSTALL doc from snort mentions problems building snort on SGI and SunOS with gcc, and suggest building it with the native compilers for the respective OSs, or build in 64 bit.

While 64 bit may be an option in the semi-near future, it's not currently.  Also this wouldn't fix sparc32.  I've added mboman to the CC so that as the package's maintainer, he's aware of the problem and can comment if there are any RISC based arches under Gentoo that seem to work successfully with this.
Comment 3 Jason Wever (RETIRED) gentoo-dev 2004-02-16 18:14:39 UTC 
From all the info I've seen, short of a gcc rework, this will never work on sparc32.  As for sparc64, this will work once 64 bit glibc support is added.  Marking as resolve:later
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2008-01-28 14:45:21 UTC 
Reopening this bug. sparc team, please, test any version of snort in the tree. I suppose this bug should already be fixed.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-02-01 19:29:57 UTC 
Seems to work fine...
Comment 6 Jakub Moc (RETIRED) gentoo-dev 2008-02-13 00:58:16 UTC 
(In reply to comment #5)
> Seems to work fine...

Well, lets close this then.