Snort mailing list archives
Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 3 Dec 2010 13:41:09 -0500
If you are having problems installing the DAQ on *BSD systems, please give this patch a try. It fixes some automake foo and removes an unsupported automake sort. To apply: cd daq-0.4/ patch -p0 < daq-bsd.diff make distclean autoreconf Then configure, make, make install as usual. You should not need to --disable-ipfw-module or --disable-static. Let me know how it goes. Thanks Russ FYI - Ross, your email address was bouncing yesterday (ross () riverstyx net). On Fri, Nov 5, 2010 at 1:29 PM, Ross Lawrie <ross () riverstyx net> wrote:
On Fri, 2010-11-05 at 12:21 -0400, Russ Combs wrote:On Fri, Nov 5, 2010 at 12:18 PM, Russ Combs <rcombs () sourcefire com> wrote: Did you configure Snort with --enable-dynamicplugin? Actually, that should have said try configuring with --enable-dynamicplugin. Also, can you send your DAQ config.log and output of make when you don't disable ipfw?Hi Russ, I've tried adding --enable-dynamicplugin to my configure with the same result. Here's my current configure: ./configure \ --sysconfdir=/etc/snort \ --with-daq-includes=/usr/local/include \ --with-daq-libraries=/usr/local/lib \ --with-libpcap-includes=/usr/local/include \ --with-libpcap-libraries=/usr/local/lib \ --with-dnet-includes=/usr/local/include \ --with-dnet-libraries=/usr/local/lib \ --enable-perfprofiling \ --enable-ppm \ --enable-zlib \ --enable-dynamicplugin I've attched the config.logs for both Snort and DAQ (without the --disable-ipfw-module), and the make output for both. Ross.On Fri, Nov 5, 2010 at 12:04 PM, Ross Lawrie <ross () riverstyx net> wrote: On Fri, 2010-11-05 at 10:52 +0100, rmkml wrote: > Hi Ross, > Could you disable ipfw in daq please? > If not work, please resend (snort) config.log. > Regards > Rmkml > > > > On Thu, 4 Nov 2010, Ross Lawrie wrote: > > > > > On 2010-11-04, at 4:20 PM, Russ Combs wrote: > > > > > > > > On Thu, Nov 4, 2010 at 7:01 PM, Ross Lawrie <ross () riverstyx net> wrote: > > On Thu, 2010-11-04 at 18:18 -0400, Russ Combs wrote: > > > > > > > > > On Thu, Nov 4, 2010 at 6:12 PM, JJC <cummingsj () gmail com> wrote: > > > quickest way for you is to add this to the snort ./configure > > > options > > > > > > --disable-static-daq > > > > > > then when you start snort, add this: > > > > > > --daq-dir=/usr/local/lib/daq/ > > > > > > and voila > > > > > > The above is an excellent workaround. If you want to debug farther: > > > > > > nm /usr/local/lib/libdaq_static.a | grep daq_load_modules > > > > > > and send the output. I'm guessing that you will see something like: > > > > > > 00000000000005ab T daq_load_modules > > > > > > Which means the symbol is there but isn't being found by configure's > > > test program. > > > > > > Let me know. > > > > > > > > > > > > JJC > > > > > > > > > On Thu, Nov 4, 2010 at 3:38 PM, Ross Lawrie > > > <ross () riverstyx net> wrote: > > > > Hi, > > > > > > > > I was hoping someone might be able to offer some advice. > > > I'm > > > > encountered problems installing Snort 2.9.0.1 on OpenBSD > > > 4.8. I have > > > > installed an updated libpcap (1.1.1), libdnet (1.12) and DAQ > > > (0.3) > > > > without any obvious problems. DAQ seems to install its > > > libraries > > > > correctly: > > > > > > > > ls -al /usr/local/lib/libdaq* > > > > -rw-r--r-- 1 root wheel 40382 Nov 4 14:26 libdaq.a > > > > -rwxr-xr-x 1 root wheel 926 Nov 4 14:26 libdaq.la > > > > -rwxr-xr-x 1 root wheel 37400 Nov 4 14:26 libdaq.so.0.1 > > > > -rw-r--r-- 1 root wheel 41460 Nov 4 14:26 > > > libdaq_static.a > > > > -rwxr-xr-x 1 root wheel 907 Nov 4 14:26 > > > libdaq_static.la > > > > -rw-r--r-- 1 root wheel 61164 Nov 4 14:27 > > > libdaq_static_modules.a > > > > -rwxr-xr-x 1 root wheel 931 Nov 4 14:27 > > > libdaq_static_modules.la > > > > > > > > I'm able to run daq-modules-config and confirm that it is in > > > my path: > > > > > > > > daq-modules-config --static --libs > > > > -L/usr/local/lib -ldaq_static_modules > > > > > > > > ldconfig sees the libdaq library: > > > > > > > > ldconfig -Rv /usr/local/lib 2>&1 | grep daq > > > > Adding /usr/local/lib/libdaq.so.0.1 > > > > > > > > However when I try to configure Snort I receive this error: > > > > > > > > ... > > > > checking for pcap_datalink in -lpcap... yes > > > > checking for pcap_lex_destroy... no > > > > checking for pcap_lib_version... yes > > > > checking pcre.h usability... yes > > > > checking pcre.h presence... yes > > > > checking for pcre.h... yes > > > > checking for pcre_compile in -lpcre... yes > > > > checking for libpcre version 6.0 or greater... yes > > > > checking dnet.h usability... yes > > > > checking dnet.h presence... yes > > > > checking for dnet.h... yes > > > > checking for eth_set in -ldnet... yes > > > > checking for dlsym in -ldl... no > > > > checking for dlsym in -lc... yes > > > > checking for daq_load_modules in -ldaq_static... no > > > > > > > > ERROR! daq_static library not found, go get it from > > > > http://www.snort.org/. > > > > > > > > The configure string I'm using for Snort is: > > > > > > > > ./configure \ > > > > --sysconfdir=/etc/snort \ > > > > --with-daq-includes=/usr/local/include \ > > > > --with-daq-libraries=/usr/local/lib \ > > > > --with-libpcap-includes=/usr/local/include \ > > > > --with-libpcap-libraries=/usr/local/lib \ > > > > --with-dnet-includes=/usr/local/include \ > > > > --with-dnet-libraries=/usr/local/lib > > > > > > > > I've seen some suggestion that building DAQ without the ipfw > > > module > > > > could help, but I still encounter the same issue. > > > > > > > > Appreciate any suggestions, > > > > > > > > Ross. > > > > > > > > > > > > > Hi, > > > > JJC: that worked however it looks like Snort's not > > building/usr/local/lib/snort_dynamicengine/libsf_engine.so for some> > reason now. > > > > Nov 4 15:48:19 snort[17745]: FATAL ERROR: parser.c(5235) Could not stat > > dynamic module path > > "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or > > directory. > > > > > > Russ: You're right, the output looks much like you anticipated: > > > > nm /usr/local/lib/libdaq_static.a | grep daq_load_modules > > 000008c0 T daq_load_modules > > > > I've attached two config.log files, one generated when I try to include > > the static daq libraries, and the other when I configure without them. > > > > Definitely appreciate the help, I haven't had any problems in the past > > and this one just has me banging my head against the wall. > > > > > > OK, now try this: > > > > sudo ldconfig -p | grep daq > > > > Edit /etc/ld.so.conf and add a line with /usr/local/lib. Then: > > > > sudo ldconfig -v | grep daq > > > > > > ldconfig's not quite the same on OpenBSD, but I can confirm that the directory containing daq (/usr/local/lib) is already in the hints for ldconfig: > > > > ldconfig -rv | grep daq > > search directories:/usr/lib:/usr/X11R6/lib:/usr/local/lib:/usr/local/lib/daq:/usr/local/lib/snort_dynamicengine:/usr/local/lib/snort_dynamicpreprocessor> > 112:-ldaq.0.1 => /usr/local/lib/libdaq.so.0.1 > > > > Ross. > > > > > > How frustrating and embarrassing; I know that I tried this several times over the last few days as I'd seen it mentioned in one of the few threads I'd found with similar issues -- and I'd had no results from it. Anyway, this time (with --disable-ipfw-module used for DAQ 0.3) Snort was able to configure and build. That said, I'm now encountering this issue when trying to start Snort: FATAL ERROR: parser.c(5235) Could not stat dynamic module path "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or directory. Sure enough, that file doesn't exist (no so files are in either snort_dynamicengine or snort_dynamicprocessor) and I noticed this (or similar) several times during the make: ... /bin/sh ../../../libtool --tag=CC --mode=link gcc -g -O2 -fvisibility=hidden -fno-strict-aliasing -Wall -shared -export-dynamic -module -L/usr/local/lib -L/usr/local/lib -Wl,-R/usr/local/lib -lpcre -L/usr/local/lib -ldnet -L/usr/local/lib -o libsf_engine.la -rpath /usr/local/lib/snort_dynamicengine bmh.lo sf_snort_detection_engine.lo sf_snort_plugin_api.lo sf_snort_plugin_byte.lo sf_snort_plugin_content.lo sf_snort_plugin_hdropts.lo sf_snort_plugin_loop.lo sf_snort_plugin_pcre.lo sf_snort_plugin_rc4.lo sfhashfcn.lo sfghash.lo sfprimetable.lo sf_ip.lo -ldaq_static -lpcre -lpcap -lm -lm -L/usr/local/lib -ldaq_static_modules *** Warning: This system can not link to static lib archive /usr/local/lib/libdaq_static.la. *** I have the capability to make that library automatically link in when *** you link to this library. But I can only do this if you have a *** shared version of the library, which you do not appear to have. *** But as you try to build a module library, libtool will still create *** a static module, that should work as long as the dlopening application *** is linked with the -dlopen flag to resolve symbols at runtime. libtool: link: ar cru .libs/libsf_engine.a .libs/bmh.o.libs/sf_snort_detection_engine.o .libs/sf_snort_plugin_api.o .libs/sf_snort_plugin_byte.o .libs/sf_snort_plugin_content.o .libs/sf_snort_plugin_hdropts.o .libs/sf_snort_plugin_loop.o .libs/sf_snort_plugin_pcre.o .libs/sf_snort_plugin_rc4.o .libs/sfhashfcn.o .libs/sfghash.o .libs/sfprimetable.o .libs/sf_ip.... I've attached my config.log in case it provides insight. Ross.------------------------------------------------------------------------------The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Attachment:
daq-bsd.diff
Description:
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJC (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems rmkml (Nov 05)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Nov 05)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 05)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 05)
- Message not available
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 03)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Joel Esler (Dec 05)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 06)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 11)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJ Cummings (Dec 12)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJC (Nov 04)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Dec 10)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Russ Combs (Dec 10)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems JJC (Dec 10)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Randal T. Rioux (Dec 11)
- Re: Snort 2.9.0.1 & OpenBSD 4.8 build problems Ross Lawrie (Dec 06)