Honeypots mailing list archives

RE: arpd on fedora core 3

From: "Christopher Cook" <cookc () ritacacas net>
Date: Wed, 9 Mar 2005 07:17:16 -0500

I ran into compilation problems with arpd as will.  I'm not sure if my
problem is your problem, but if you're running Fedora Core 3, it's likely.

The problem is the "__FUNCTION__" sorta-macro.  In previous versions of gcc,
__FUNCTION__ expanded into the name of the current C function like a macro.
The code treated it like a string literal, so you used it like this (taken
from arpd.c):

        if (op == ARP_OP_REQUEST) {
                syslog(LOG_DEBUG, __FUNCTION__ ": who-has %s tell %s",
                    addr_ntoa(tpa), addr_ntoa(spa));
        }

The strings concatenated with the quote, and everything worked.

Starting with some version of gcc that I'm too lazy to look up right now,
__FUNCTION__ began to work more like a function, and in FC3, it stopped
working like a string at all.  TO get it to work now, you simply have to
shift it to the function side of the printf-like syslog():

        if (op == ARP_OP_REQUEST) {
                syslog(LOG_DEBUG, "%s: who-has %s tell %s", __FUNCTION__,
                    addr_ntoa(tpa), addr_ntoa(spa));
        }

I don't want to admit how much time this took me to figure out.

Here's a diff between the released 0.20 code and what finally compiled for
me:
--------------------

[chris@julian]$ diff arpd.c ../arpd-patched/arpd.c
268c268
<               syslog(LOG_DEBUG, __FUNCTION__ ": who-has %s tell %s",
---

              syslog(LOG_DEBUG, "%s: who-has %s tell %s",

__FUNCTION__,
285c285
<               syslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",
---

              syslog(LOG_DEBUG, "%s: %s at %s", __FUNCTION__,

294c294
<               syslog(LOG_DEBUG, __FUNCTION__ ": no entry for %s",
---

              syslog(LOG_DEBUG, "%s: no entry for %s", __FUNCTION__,

297c297
<               syslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",
---

              syslog(LOG_DEBUG, "%s: %s at %s", __FUNCTION__,

426c426
<                       syslog(LOG_DEBUG, __FUNCTION__ ": %s at %s",
---

                      syslog(LOG_DEBUG, "%s: %s at %s", __FUNCTION__,


----------------------

I hope that helps.

Chris

-----Original Message-----
From: Jeffrey B. Murphy [mailto:jbmurphy () gmail com]
Sent: Tuesday, March 08, 2005 10:44 AM
To: honeypots () securityfocus com
Subject: Re: arpd on fedora core 3

so I ran :
ldd /usr/sbin/arpd
        libevent.so.0 => /usr/lib/libevent.so.0 (0x00c0f000)
        libpcap.so.0.8.3 => /usr/lib/libpcap.so.0.8.3 (0x0033e000)
        libc.so.6 => /lib/tls/libc.so.6 (0x001c5000)
        /lib/ld-linux.so.2 (0x001ac000)

But that doesn't tell me anything (I don't know what th results mean)
All those files exist.

So I decided to try from scratch. I uninstalled all the rpms. and
downloaded the follwoing:
libdnet-1.10.tar.gz
libevent-1.0b.tar.gz
arpd-0.2.tar.gz

The first two compile and install correctly.

With arpd, i ./configure and that runs correctly.
then I make and I get:

$ make
gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/local/include
-I/usr/local/include     -I/usr/local/include -c arpd.c
arpd.c: In function `arpd_send':
arpd.c:268: error: syntax error before string constant
arpd.c: In function `arpd_lookup':
arpd.c:285: error: syntax error before string constant
arpd.c:294: error: syntax error before string constant
arpd.c:297: error: syntax error before string constant
arpd.c: In function `arpd_recv_cb':
arpd.c:426: error: syntax error before string constant
make: *** [arpd.o] Error 1

Any one runnung arpd on fedora core 3?
Any ideas?
Thanks for your help.


On Tue, 8 Mar 2005 09:14:16 +0100, Joachim Schipper
<j.schipper () math uu nl> wrote:

On Mon, Mar 07, 2005 at 09:10:49PM -0500, Jeffrey B. Murphy wrote:

I am trying to get honeyd up and running. I would like to use arpd. I
have a fedora core 3 install. There doesn't seem to be an arpd fc3 rpm
in the dag repo. So I tried the fedora core 2 rpm.
(arpd-0.2-0.1.fc2.dag). It installs fine (I also have libevent-1.0,
honeyd-1.0, and libdnet-1.7 installed). When i try arpd IP i get the
following error:
arpd: symbol lookup error: arpd: undefined symbol: event_sigcb

Any ideas?

Thanks.


How about running 'ldd /path/to/arpd'? That should tell you what
libraries are required. Chances are good you don't have one or more of
them.

You could try rebuilding the FC2 SRPM, or just compile it from source.
(Or find an RPM somewhere else, of course.)

                Joachim

Current thread:

arpd on fedora core 3 Jeffrey B. Murphy (Mar 07)
- Re: arpd on fedora core 3 Joachim Schipper (Mar 08)
  - Re: arpd on fedora core 3 Jeffrey B. Murphy (Mar 08)
    - Re: arpd on fedora core 3 Joachim Schipper (Mar 08)
    - Re: arpd on fedora core 3 Marc Samendinger (Mar 09)
    - RE: arpd on fedora core 3 Christopher Cook (Mar 09)
- <Possible follow-ups>
- Re: Re: arpd on fedora core 3 gangadhar npk (Mar 08)