Snort mailing list archives

Re: Problems in compiling snort-2.9.0.3 with daq-0.5

From: Michael Altizer <maltizer () sourcefire com>
Date: Tue, 25 Jan 2011 15:51:17 -0500

On 01/25/2011 03:35 PM, sudhakar govindavajhala wrote:


Hello all,

I am new to snort 2.9.x with DAQ functionality.  I am running into 
trouble in compiling snort. could you help?  Thanks in advance.

snort-2.9.0.3 with daq-0.5

1) Do you know where to get snort2.8x packages?  Since I have 
familiarity with 2.8, it may be easier to use that.

2) I managed to compile libpcap, install pcre-devel and daq.

3) OS: RHEL 5.2. I have also tried this on Fedora 9. same issue


5) The issue below occurs when I compile snort; it is missing 
sfbpf_dlt.h, which is in daq folder sfbpf. Error below:

gcc -DHAVE_CONFIG_H -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins 
-I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors 
-I../../src/preprocessors/portscan -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 
-I../../src/target-based  -I/home/sudhakar/snort/libpcap/libpcap-1.1.1/ -DDYNAMIC_PLUGIN 
-I/home/sudhakar/snort/libdnet/libdnet-1.12/include -I/home/sudhakar/snort/snort/daq-0.5/api/  -g -O2 
-fvisibility=hidden -fno-strict-aliasing -Wall -c sfhashfcn.c

In file included from ../../src/spo_plugbase.h:30,
                  from ../../src/snort.h:34,
                  from sfhashfcn.c:35:
../../src/decode.h:49:23: error: sfbpf_dlt.h: No such file or directory
make[3]: *** [sfhashfcn.o] Error 1



So, it is a case of bad "-I".  It should look in daq-0.5/sfbpf for this file; it is looking in daq-0.5/api instead 
due to the flag I sent to configure below.

5) Here is how I configured snort:

[sudhakar@localhost snort-2.9.0.3]$ ./configure --with-libpcap-includes=/home/sudhakar/snort/libpcap/libpcap-1.1.1/ 
--with-libpcap-libraries=/home/sudhakar/snort/libpcap/libpcap-1.1.1/ 
--with-dnet-includes=/home/sudhakar/snort/libdnet/libdnet-1.12/include 
--with-dnet-libraries=/home/sudhakar/snort/libdnet/libdnet-1.12/src/.libs/  --disable-static-daq 
--with-daq-libraries=/home/sudhakar/snort/snort/daq-0.5/api/.libs 
--with-daq-includes=/home/sudhakar/snort/snort/daq-0.5/api/


Please note the flags --with-daq-includes and --with-daq-libraries and --disable-static-daq

6) I had to disable static-daq to overcome this error. Is this good or bad?
configure:14004: gcc -o conftest -g -O2  -I/home/sudhakar/snort/libpcap/libpcap-1.1.1/  -DDYNAMIC_PLUGIN 
-I/home/sudhakar/snort/libdnet/libdnet-1.12/include -I/home/sudhakar/snort/snort/daq-0.5/api/  
-L/home/sudhakar/snort/libpcap/libpcap-1.1.1/ -lpcre -L/home/sudhakar/snort/libdnet/libdnet-1.12/src/.libs/ -ldnet 
-L/home/sudhakar/snort/snort/daq-0.5/api/.libs conftest.c -ldaq_static   -lpcre -lpcap -lnsl -lm -lm  -ldl>&5

/home/sudhakar/snort/snort/daq-0.5/api/.libs/libdaq_static.a(libdaq_static_la-daq_base.o): In function 
`load_static_modules':
/home/sudhakar/snort/snort/daq-0.5/api/daq_base.c:273: undefined reference to `num_static_modules'

/home/sudhakar/snort/snort/daq-0.5/api/daq_base.c:276: undefined reference to `static_modules'
/home/sudhakar/snort/snort/daq-0.5/api/.libs/libdaq_static.a(libdaq_static_la-daq_base.o): In function 
`daq_load_modules':

/home/sudhakar/snort/snort/daq-0.5/api/daq_base.c:403: undefined reference to `num_static_modules'
collect2: ld returned 1 exit status

7) Potentially, my --with-daq-includes is wrong. If I set it to
/home/sudhakar/snort/snort/daq-0.5/api/, it misses sfbpf/.  If I set it to

/home/sudhakar/snort/snort/daq-0.5/sfbpf, it misses declarations in api.  I am unable to include both. Can you show 
me how to make both part of includes?

Could someone please point me to a solution to these problems?


Thank you,
Sudhakar




   




gcc -DHAVE_CONFIG_H -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins 
-I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors 
-I../../src/preprocessors/portscan -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 
-I../../src/target-based  -I/home/sudhakar/snort/libpcap/libpcap-1.1.1/ -DDYNAMIC_PLUGIN 
-I/home/sudhakar/snort/libdnet/libdnet-1.12/include -I/home/sudhakar/snort/snort/daq-0.5/api/  -g -O2 
-fvisibility=hidden -fno-strict-aliasing -Wall -c sfhashfcn.c

In file included from ../../src/spo_plugbase.h:30,
                  from ../../src/snort.h:34,
                  from sfhashfcn.c:35:
../../src/decode.h:49:23: error: sfbpf_dlt.h: No such file or directory
make[3]: *** [sfhashfcn.o] Error 1


make[3]: Leaving directory `/home/sudhakar/snort/snort/snort-2.9.0.3/src/sfutil'


LibDAQ is not designed to be built against in-place as it installs from 
multiple subdirectories into a single location.  You must do a 'make 
install' and point the Snort configure at that location.

-Michael

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problems in compiling snort-2.9.0.3 with daq-0.5 sudhakar govindavajhala (Jan 25)
- Re: Problems in compiling snort-2.9.0.3 with daq-0.5 Michael Altizer (Jan 25)
- Re: Problems in compiling snort-2.9.0.3 with daq-0.5 vincent (Jan 26)