Re: honeyd compile error 1.0 and 0.8b

["gangadhar npk" <phani () myrealbox com>]

Hello Ivan,
The missing symbol means that the required API that honeyd is looking for is not present in the libdnet library. 
You can use the nm command on Linux to see if the symbol is indeed present in the libdnet library. Also, as Nelis said 
in a similar thread
http://www.honeyd.org/archive.php/04/06/0127.html
it would help if you can provide with the config.log.
If you look at the config.log of the thread, the configure fails because of missing libdevent

<snip>
configure:5833: checking for working addr_cmp in libdnet
configure:5862: gcc -o conftest -I/usr/local/include   conftest.c -L/usr/local/lib -ldnet >&5
configure:5865: $? = 0
configure:5867: ./conftest
./conftest: error while loading shared libraries: libdnet.so.0: cannot open shared object file: No such file or 
directory
configure:5870: $? = 127
configure: program exited with status 127
</snip>
See if you get a similar message in your config.log too.
If that is the case, check if the LD_LIBRARY_PATH environment variable does have the path to where the libdevent is 
installed.

hth
Gangadhar
-----Original Message-----
From: Ivan Rivera <esteban_uria () yahoo com>
To: honeypots () securityfocus com
Date: Fri, 8 Apr 2005 22:29:07 -0700 (PDT)
Subject: honeyd compile error 1.0 and 0.8b


Hi
I try to compile different version of honeyd (1.0 and
0.8b). I compile and install the following software

libdnet 1.10 (OK)
libevent 1.0c (OK)
libpcap 0.8.3 (OK)

I run ldconfig in the directory of libdnet and when I
try to compile honeyd i get the following error
message.

checking for working addr_cmp in libdnet... configure:
error: you need to install a more recent version of
libdnet

I specify the --with-libdnet=/usr/local but i get the
same error message.

I check documentation but all the documentation do not
say anything about this error, I think is a commond
error message, and i apply all the steps that i found
in the internet to fix this problem but I do not get
the right compile

Why I need to install another version more recent that
i have in my computer? I use 1.10 

Do you have any idea?

Thanks for you help

Ivan


--- James Oliver <686f6e6579 () gmail com> wrote:
> Hi,
>
> I'm running honeyd (1.0) with a host based on the
> "Linux 2.4.20"
> personality. A firewall (iptables 1.2.9) drops all
> new outgoing
> connections. When I try to ping this Linux host from
> outside the
> firewall always drops the packet, stating this is a
> new connection.
>
> I have analysed the ICMP Echo Replies honeyd sends
> for the "Linux
> 2.4.20" personality and the Code field is set to 1,
> even if the ICMP
> Echo Request's Code field is 0.
>
> In
http://www.networkmagazine.com/shared/printableArticle.jhtml?articleID=8702910
> it is stated that Linux doesn't change the code
> field, so I'm
> wondering why this happens. I have analysed my own
> ICMP Echo
> Requests/Replies and looked at
> /usr/src/linux/net/ipv4/icmp.c to have
> a look at the Linux ICMP code. This code is the same
> as the one in the
> Linux 2.4.20 sources, so the behaviour should be the
> same AFAIK.
>
> Therefore I have now modified my
> /usr/share/honeyd/xprobe2.conf in line 237 to
>
> icmp_echo_code = 0
>
> instead of
>
> icmp_echo_code = !0
>
> After this change the firewall accepts the ICMP Echo
> Replies of
> honeyd's Linux 2.4.20 personality. Nevertheless it
> now always changes
> the ICMP Echo Replie Code always to 0 which is not
> Linux behaviour.
>
> Is the behavior in the original xprobe2.conf
> intended? Is there a
> mistake on my side?
>
> Thanks for your suggestions,
> James

IvAn =^)
esteban_uria () yahoo com