Home page logo
/

snort logo Snort mailing list archives

Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems
From: Ross Lawrie <ross () riverstyx net>
Date: Thu, 4 Nov 2010 20:50:54 -0700


On 2010-11-04, at 4:20 PM, Russ Combs wrote:



On Thu, Nov 4, 2010 at 7:01 PM, Ross Lawrie <ross () riverstyx net> wrote:
On Thu, 2010-11-04 at 18:18 -0400, Russ Combs wrote:


On Thu, Nov 4, 2010 at 6:12 PM, JJC <cummingsj () gmail com> wrote:
        quickest way for you is to add this to the snort ./configure
        options

        --disable-static-daq

        then when you start snort, add this:

        --daq-dir=/usr/local/lib/daq/

        and voila

The above is an excellent workaround.  If you want to debug farther:

nm /usr/local/lib/libdaq_static.a | grep daq_load_modules

and send the output.  I'm guessing that you will see something like:

00000000000005ab T daq_load_modules

Which means the symbol is there but isn't being found by configure's
test program.

Let me know.



        JJC


        On Thu, Nov 4, 2010 at 3:38 PM, Ross Lawrie
        <ross () riverstyx net> wrote:
        > Hi,
        >
        > I was hoping someone might be able to offer some advice.
         I'm
        > encountered problems installing Snort 2.9.0.1 on OpenBSD
        4.8.  I have
        > installed an updated libpcap (1.1.1), libdnet (1.12) and DAQ
        (0.3)
        > without any obvious problems.  DAQ seems to install its
        libraries
        > correctly:
        >
        > ls -al /usr/local/lib/libdaq*
        > -rw-r--r--  1 root  wheel  40382 Nov  4 14:26 libdaq.a
        > -rwxr-xr-x  1 root  wheel    926 Nov  4 14:26 libdaq.la
        > -rwxr-xr-x  1 root  wheel  37400 Nov  4 14:26 libdaq.so.0.1
        > -rw-r--r--  1 root  wheel  41460 Nov  4 14:26
        libdaq_static.a
        > -rwxr-xr-x  1 root  wheel    907 Nov  4 14:26
        libdaq_static.la
        > -rw-r--r--  1 root  wheel  61164 Nov  4 14:27
        libdaq_static_modules.a
        > -rwxr-xr-x  1 root  wheel    931 Nov  4 14:27
        libdaq_static_modules.la
        >
        > I'm able to run daq-modules-config and confirm that it is in
        my path:
        >
        > daq-modules-config --static --libs
        > -L/usr/local/lib -ldaq_static_modules
        >
        > ldconfig sees the libdaq library:
        >
        > ldconfig -Rv /usr/local/lib 2>&1 | grep daq
        > Adding /usr/local/lib/libdaq.so.0.1
        >
        > However when I try to configure Snort I receive this error:
        >
        > ...
        > checking for pcap_datalink in -lpcap... yes
        > checking for pcap_lex_destroy... no
        > checking for pcap_lib_version... yes
        > checking pcre.h usability... yes
        > checking pcre.h presence... yes
        > checking for pcre.h... yes
        > checking for pcre_compile in -lpcre... yes
        > checking for libpcre version 6.0 or greater... yes
        > checking dnet.h usability... yes
        > checking dnet.h presence... yes
        > checking for dnet.h... yes
        > checking for eth_set in -ldnet... yes
        > checking for dlsym in -ldl... no
        > checking for dlsym in -lc... yes
        > checking for daq_load_modules in -ldaq_static... no
        >
        >   ERROR!  daq_static library not found, go get it from
        >   http://www.snort.org/.
        >
        > The configure string I'm using for Snort is:
        >
        > ./configure \
        > --sysconfdir=/etc/snort \
        > --with-daq-includes=/usr/local/include \
        > --with-daq-libraries=/usr/local/lib \
        > --with-libpcap-includes=/usr/local/include \
        > --with-libpcap-libraries=/usr/local/lib \
        > --with-dnet-includes=/usr/local/include \
        > --with-dnet-libraries=/usr/local/lib
        >
        > I've seen some suggestion that building DAQ without the ipfw
        module
        > could help, but I still encounter the same issue.
        >
        > Appreciate any suggestions,
        >
        > Ross.
        >



Hi,

JJC: that worked however it looks like Snort's not
building /usr/local/lib/snort_dynamicengine/libsf_engine.so for some
reason now.

Nov  4 15:48:19 snort[17745]: FATAL ERROR: parser.c(5235) Could not stat
dynamic module path
"/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or
directory.


Russ: You're right, the output looks much like you anticipated:

nm /usr/local/lib/libdaq_static.a | grep daq_load_modules
000008c0 T daq_load_modules

I've attached two config.log files, one generated when I try to include
the static daq libraries, and the other when I configure without them.

Definitely appreciate the help, I haven't had any problems in the past
and this one just has me banging my head against the wall.
 
OK, now try this:
 
sudo ldconfig -p | grep daq
 
Edit /etc/ld.so.conf and add a line with /usr/local/lib.  Then:
 
sudo ldconfig -v | grep daq

ldconfig's not quite the same on OpenBSD, but I can confirm that the directory containing daq (/usr/local/lib) is 
already in the hints for ldconfig:

ldconfig -rv | grep daq 
        search directories: 
/usr/lib:/usr/X11R6/lib:/usr/local/lib:/usr/local/lib/daq:/usr/local/lib/snort_dynamicengine:/usr/local/lib/snort_dynamicpreprocessor
        112:-ldaq.0.1 => /usr/local/lib/libdaq.so.0.1

Ross.

------------------------------------------------------------------------------
The Next 800 Companies to Lead America's Growth: New Video Whitepaper
David G. Thomson, author of the best-selling book "Blueprint to a 
Billion" shares his insights and actions to help propel your 
business during the next growth cycle. Listen Now!
http://p.sf.net/sfu/SAP-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault