[Snort-devel] SUMMARY: Snort on Tru64 (fwd)

From: Brandon Saunders <brandon.a.saunders.1(at)ohio.edu>
Date: Fri Mar 28 2003 - 13:51:14 EST

Developers,

I have managed to get Snort 1.9.1 compiled and running in Tru64. I have attached my findings below. I am going to work on 2.0 soon. What is the best way for me to make suggested code changes for Tru64 support?

Thanks,

Brandon Saunders
Senior Network Engineer
Ohio University Communication Network Services Email: brandon.a.saunders.1@ohiou.edu

The primary issue is the include file for the u_int32_t type. In Tru64 u_int32_t is not included in the sys/types.h file. Adding the include file sys/bitypes.h is necessary for the system to compile.

The following code needs to be added to these files after the #include <sys/types.h> statement.

#ifdef OSF1
#include 
#endif

./src/event.h
./src/signature.h

It may be necessary to add this code elsewhere to more strictly declare the variable.

With this change the code will compile with the Compaq compiler, but alignment errors do occur during runtime. To compensate for this problem the -misalign option can be added to the CFLAGS variable in the following Makefiles.

./src/output-plugins/Makefile
./src/detection-plugins/Makefile
./src/preprocessors/Makefile
./src/Makefile

Work should be done to determine the changes necessary in the autoconf scripts to add this option in Tru64. I suppose this could also be done by setting the a CFLAGS shell variable before running the .configure script.

This generates a running program that does not issue Alignment Errors. It does crash with a core dump. The ladebug shows that the http_decode preprocessor is the source of the problem. To work around this problem the preprocessor was commented out of the config file.

#preprocessor http_decode

More debugging will be done on that in the future.

The program appears to work in this state for a couple of days, then crashes. I am looking into that as well.

• Forwarded Message ---------- Date: Monday, March 24, 2003 2:15 PM -0500 From: Brandon Saunders <brandon.a.saunders.1@ohio.edu> To: snort-devel@lists.sourceforge.net Subject: [Snort-devel] Snort on Tru64

I am currently working to get Snort 1.9.1 to work on Tru64 5.1a, and am getting a great deal of alignment errors which are related to the 64 bit operation.

Snort 1.8b1 was supplied with the Tru64 5.1B Open Source Software Collection. It works, but core dumps after a few minutes in operation and has several known issues.

Does anyone have a version of Snort later than 1.8.1 working on Tru64 or any other 64-bit operating system?

Thank You,

Brandon Saunders
Senior Network Engineer
Ohio University Communication Network Services Email: brandon.a.saunders.1@ohiou.edu

• End Forwarded Message ----------

  attached mail follows:

  ---

I am currently working to get Snort 1.9.1 to work on Tru64 5.1a, and am getting a great deal of alignment errors which are related to the 64 bit operation.

Snort 1.8b1 was supplied with the Tru64 5.1B Open Source Software Collection. It works, but core dumps after a few minutes in operation and has several known issues.

Does anyone have a version of Snort later than 1.8.1 working on Tru64 or any other 64-bit operating system?

Thank You,

Brandon Saunders
Senior Network Engineer
Ohio University Communication Network Services Email: brandon.a.saunders.1@ohiou.edu

---

This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-develReceived on Fri Mar 28 14:09:44 2003