Re: Snort3 plugin debugging

[Jianyu Li via Snort-users <snort-users () lists snort org>]

Hi Carter,


I think you are right!


Yes in MmsPdu.h there is a declaration:

extern asn_TYPE_descriptor_t asn_DEF_MmsPdu;


and in MmsPdu.c there is a definition:


asn_TYPE_descriptor_t asn_DEF_MmsPdu = {
       //some code
};



To be honest I am not familiar with the build and linking process. I just go to snort_extra/build/ direcotry and run 
the "make" and "make install" command. I am not sure where I can check the "MmsPdu.c" is being build or not but I think 
it isn't built successfully as you said.


Then after spliting the .h files and .c files into two folders and change the target_include_directories into the 
following, it worked!


target_include_directories (
    dpx PUBLIC
    ${SNORT3_INCLUDE_DIRS}
    PUBLIC include

Actually I am not quite sure why it worked but I guess it's something related to cmake build process.

Best regards,
Jianyu Li


________________________________
From: Carter Waxman (cwaxman) <cwaxman () cisco com>
Sent: 08 November 2018 14:41:48
To: Jianyu Li; snort-users () lists snort org
Subject: Re: [Snort-users] Snort3 plugin debugging


Yes. If I had to guess…



my_code.h:

extern Thing MmsPdu; // I’m assuming this is how it’s defined



my_code.cc: // is this being built?

Thing MmsPdu; // if so, are you missing this definition in the compilation unit?



If that’s the case, you stated MmsPdu would be available to use for the sources that need it but never provided a 
storage space (which the linker tries to find and fails)



-Carter

From: Jianyu Li <jli31 () qub ac uk>
Date: Thursday, November 8, 2018 at 4:13 AM
To: "Carter Waxman (cwaxman)" <cwaxman () cisco com>, "snort-users () lists snort org" <snort-users () lists snort org>
Subject: Re: [Snort-users] Snort3 plugin debugging



Hi Carter,



Thank you very much for your help!

I added the --warn-all and got a warning message:



WARNING: /root/snort-3.0.0/lib//snort_extra/inspectors/dpx.so: undefined symbol: asn_DEF_MmsPdu 
(/root/snort-3.0.0/lib//snort_extra/inspectors/dpx.so)



The asn_DEF_MmsPdu is a variable defined in another file, I would like to ask what does the "undefined symbol" mean 
here, is it something related to the linking issue you mentioned before?



Thanks,

Jinayu Li

________________________________

From: Carter Waxman (cwaxman) <cwaxman () cisco com>
Sent: 07 November 2018 12:45:44
To: Jianyu Li; snort-users () lists snort org
Subject: Re: [Snort-users] Snort3 plugin debugging



--warn-all or --warn-plugins should show you what you want. Usually that means there is some sort of linking issue when 
the plugin is dlopen’d/dlsym’d.



- Carter



From: Snort-users <snort-users-bounces () lists snort org> on behalf of Jianyu Li via Snort-users <snort-users () lists 
snort org>
Reply-To: Jianyu Li <jli31 () qub ac uk>
Date: Wednesday, November 7, 2018 at 5:42 AM
To: "snort-users () lists snort org" <snort-users () lists snort org>
Subject: [Snort-users] Snort3 plugin debugging



Hi,



I added some lines in dpx plugin's dpx.cc and rebuild it successfully. But when I run the snort3 again the dpx plugin 
didn't show up in the snort summary output anymore, I would like to know if there is any way I can find out what's the 
problem, for example where I can view the error messages or is there any plugin error log file?



Thanks,

Jianyu Li

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette