Snort mailing list archives
Re: [Snort-inline-users] best practices when compiling with --enable-inline on Fedora
From: Will Metcalf <william.metcalf () gmail com>
Date: Sun, 27 Mar 2005 18:04:36 -0600
The only fix I know is the one in the FAQ. As far as the libnet question you posted, If you would like to rewrite the flexresp and inline reject stuff for libnet 1.1.x go for it. Regards, Will On Sun, 27 Mar 2005 13:00:24 -0800, Florin Andrei <florin () andrei myip org> wrote:
I've been hit by this problem: http://snort-inline.sourceforge.net/FAQ.html#compiling The snort-inline FAQ is fairly clear describing the problem and a possible solution. That's fine. The thing is, i'm not a big fan of doing "cd /usr/include; mv linux linux.orig" on a system that's otherwise 100% managed by RPM (although i will do that if there's no other way), so here is what i tried: The Fedora kernel does include some headers, they're in /lib/modules/`uname -r`/build/include but when i tried to take a quick and dirty shortcut and use them to compile Snort with inline features, it failed in a different way: #################################################### $ export CFLAGS="-I/lib/modules/`uname -r`/build/include" $ ./configure --enable-perfmonitor --enable-linux-smp-stats --enable- inline [snip] $ make [snip] Making all in output-plugins make[3]: Entering directory `/home/florin/work/snort-2.3.2/src/output- plugins' gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src - I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins - I../../src/detection-plugins -I../../src/preprocessors - I../../src/preprocessors/flow -I../../src/preprocessors/portscan - I../../src/preprocessors/flow/int-snort - I../../src/preprocessors/HttpInspect/include -I/usr/include/pcre - I/usr/include -I/lib/modules/2.6.10-1.770_FC3/build/include -Wall - DUSE_SF_STATS -DLINUX_SMP -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE - D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f 'spo_alert_fast.c' || echo './'`spo_alert_fast.c In file included from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:27, from ../../src/plugbase.h:42, from spo_alert_fast.c:44: /lib/modules/2.6.10-1.770_FC3/build/include/linux/config.h:6:2: #error including kernel header in userspace; use the glibc headers instead! In file included from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6, from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14, from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28, from ../../src/plugbase.h:42, from spo_alert_fast.c:44: /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:12: error: redefinition of `struct timespec' /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:18: error: redefinition of `struct timeval' /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:23: error: redefinition of `struct timezone' In file included from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6, from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14, from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28, from ../../src/plugbase.h:42, from spo_alert_fast.c:44: /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:126:1: warning: "FD_SET" redefined [snip, there's a huge pile of errors afterwards] #################################################### Next step would be to start messing around with the kernel-*.src.rpm package, but i'd like to hear some other opinions first. -- Florin Andrei http://florin.myip.org/ ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-inline-users mailing list Snort-inline-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-inline-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- best practices when compiling with --enable-inline on Fedora Florin Andrei (Mar 27)
- Re: [Snort-inline-users] best practices when compiling with --enable-inline on Fedora Will Metcalf (Mar 27)