Snort mailing list archives

Re: [Snort-inline-users] best practices when compiling with --enable-inline on Fedora

From: Will Metcalf <william.metcalf () gmail com>
Date: Sun, 27 Mar 2005 18:04:36 -0600

The only fix I know is the one in the FAQ.  As far as the libnet
question you posted, If you would like to rewrite the flexresp and
inline reject stuff for libnet 1.1.x go for it.

Regards,

Will


On Sun, 27 Mar 2005 13:00:24 -0800, Florin Andrei
<florin () andrei myip org> wrote:

I've been hit by this problem:

http://snort-inline.sourceforge.net/FAQ.html#compiling

The snort-inline FAQ is fairly clear describing the problem and a
possible solution. That's fine.

The thing is, i'm not a big fan of doing "cd /usr/include; mv linux
linux.orig" on a system that's otherwise 100% managed by RPM (although i
will do that if there's no other way), so here is what i tried:
The Fedora kernel does include some headers, they're
in /lib/modules/`uname -r`/build/include but when i tried to take a
quick and dirty shortcut and use them to compile Snort with inline
features, it failed in a different way:

####################################################
$ export CFLAGS="-I/lib/modules/`uname -r`/build/include"
$ ./configure --enable-perfmonitor --enable-linux-smp-stats --enable-
inline
[snip]
$ make
[snip]
Making all in output-plugins
make[3]: Entering directory `/home/florin/work/snort-2.3.2/src/output-
plugins'
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -
I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -
I../../src/detection-plugins -I../../src/preprocessors -
I../../src/preprocessors/flow -I../../src/preprocessors/portscan  -
I../../src/preprocessors/flow/int-snort  -
I../../src/preprocessors/HttpInspect/include  -I/usr/include/pcre -
I/usr/include  -I/lib/modules/2.6.10-1.770_FC3/build/include -Wall -
DUSE_SF_STATS -DLINUX_SMP -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE -
D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f
'spo_alert_fast.c' || echo './'`spo_alert_fast.c
In file included
from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:27,
                 from ../../src/plugbase.h:42,
                 from spo_alert_fast.c:44:
/lib/modules/2.6.10-1.770_FC3/build/include/linux/config.h:6:2: #error
including kernel header in userspace; use the glibc headers instead!
In file included
from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28,
                 from ../../src/plugbase.h:42,
                 from spo_alert_fast.c:44:
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:12: error:
redefinition of `struct timespec'
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:18: error:
redefinition of `struct timeval'
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:23: error:
redefinition of `struct timezone'
In file included
from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28,
                 from ../../src/plugbase.h:42,
                 from spo_alert_fast.c:44:
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:126:1: warning:
"FD_SET" redefined
[snip, there's a huge pile of errors afterwards]
####################################################

Next step would be to start messing around with the kernel-*.src.rpm
package, but i'd like to hear some other opinions first.

--
Florin Andrei

http://florin.myip.org/

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-inline-users mailing list
Snort-inline-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-inline-users



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

best practices when compiling with --enable-inline on Fedora Florin Andrei (Mar 27)
- Re: [Snort-inline-users] best practices when compiling with --enable-inline on Fedora Will Metcalf (Mar 27)