Snort mailing list archives

Problems in compiling snort-2.9.0.3 with daq-0.5

From: sudhakar govindavajhala <sudhakarg79spam () gmail com>
Date: Tue, 25 Jan 2011 15:35:44 -0500

Hello all,

I am new to snort 2.9.x with DAQ functionality.  I am running into trouble
in compiling snort. could you help?  Thanks in advance.

snort-2.9.0.3 with daq-0.5

1) Do you know where to get snort2.8x packages?  Since I have familiarity
with 2.8, it may be easier to use that.

2) I managed to compile libpcap, install pcre-devel and daq.

3) OS: RHEL 5.2. I have also tried this on Fedora 9. same issue


5) The issue below occurs when I compile snort; it is missing sfbpf_dlt.h,
which is in daq folder sfbpf. Error below:

gcc -DHAVE_CONFIG_H -I. -I../.. -I../.. -I../../src -I../../src/sfutil
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/dynamic-plugins
-I../../src/preprocessors -I../../src/preprocessors/portscan
-I../../src/preprocessors/HttpInspect/include
-I../../src/preprocessors/Stream5 -I../../src/target-based
-I/home/sudhakar/snort/libpcap/libpcap-1.1.1/ -DDYNAMIC_PLUGIN
-I/home/sudhakar/snort/libdnet/libdnet-1.12/include
-I/home/sudhakar/snort/snort/daq-0.5/api/  -g -O2 -fvisibility=hidden
-fno-strict-aliasing -Wall -c sfhashfcn.c
In file included from ../../src/spo_plugbase.h:30,
                 from ../../src/snort.h:34,
                 from sfhashfcn.c:35:
../../src/decode.h:49:23: error: sfbpf_dlt.h: No such file or directory
make[3]: *** [sfhashfcn.o] Error 1


So, it is a case of bad "-I".  It should look in daq-0.5/sfbpf for
this file; it is looking in daq-0.5/api instead due to the flag I sent
to configure below.

5) Here is how I configured snort:
[sudhakar@localhost snort-2.9.0.3]$ ./configure
--with-libpcap-includes=/home/sudhakar/snort/libpcap/libpcap-1.1.1/
--with-libpcap-libraries=/home/sudhakar/snort/libpcap/libpcap-1.1.1/
--with-dnet-includes=/home/sudhakar/snort/libdnet/libdnet-1.12/include
--with-dnet-libraries=/home/sudhakar/snort/libdnet/libdnet-1.12/src/.libs/
 --disable-static-daq
--with-daq-libraries=/home/sudhakar/snort/snort/daq-0.5/api/.libs
--with-daq-includes=/home/sudhakar/snort/snort/daq-0.5/api/

Please note the flags --with-daq-includes and --with-daq-libraries and
--disable-static-daq

6) I had to disable static-daq to overcome this error. Is this good or bad?
configure:14004: gcc -o conftest -g -O2
-I/home/sudhakar/snort/libpcap/libpcap-1.1.1/  -DDYNAMIC_PLUGIN
-I/home/sudhakar/snort/libdnet/libdnet-1.12/include
-I/home/sudhakar/snort/snort/daq-0.5/api/
-L/home/sudhakar/snort/libpcap/libpcap-1.1.1/ -lpcre
-L/home/sudhakar/snort/libdnet/libdnet-1.12/src/.libs/ -ldnet
-L/home/sudhakar/snort/snort/daq-0.5/api/.libs conftest.c -ldaq_static
  -lpcre -lpcap -lnsl -lm -lm  -ldl  >&5
/home/sudhakar/snort/snort/daq-0.5/api/.libs/libdaq_static.a(libdaq_static_la-daq_base.o):
In function `load_static_modules':
/home/sudhakar/snort/snort/daq-0.5/api/daq_base.c:273: undefined
reference to `num_static_modules'
/home/sudhakar/snort/snort/daq-0.5/api/daq_base.c:276: undefined
reference to `static_modules'
/home/sudhakar/snort/snort/daq-0.5/api/.libs/libdaq_static.a(libdaq_static_la-daq_base.o):
In function `daq_load_modules':
/home/sudhakar/snort/snort/daq-0.5/api/daq_base.c:403: undefined
reference to `num_static_modules'
collect2: ld returned 1 exit status

7) Potentially, my --with-daq-includes is wrong. If I set it to
/home/sudhakar/snort/snort/daq-0.5/api/, it misses sfbpf/.  If I set it to
/home/sudhakar/snort/snort/daq-0.5/sfbpf, it misses declarations in
api.  I am unable to include both. Can you show me how to make both
part of includes?

Could someone please point me to a solution to these problems?

Thank you,
Sudhakar








gcc -DHAVE_CONFIG_H -I. -I../.. -I../.. -I../../src -I../../src/sfutil
-I/usr/include/pcap -I../../src/output-plugins
-I../../src/detection-plugins -I../../src/dynamic-plugins
-I../../src/preprocessors -I../../src/preprocessors/portscan
-I../../src/preprocessors/HttpInspect/include
-I../../src/preprocessors/Stream5 -I../../src/target-based
-I/home/sudhakar/snort/libpcap/libpcap-1.1.1/ -DDYNAMIC_PLUGIN
-I/home/sudhakar/snort/libdnet/libdnet-1.12/include
-I/home/sudhakar/snort/snort/daq-0.5/api/  -g -O2 -fvisibility=hidden
-fno-strict-aliasing -Wall -c sfhashfcn.c
In file included from ../../src/spo_plugbase.h:30,
                 from ../../src/snort.h:34,
                 from sfhashfcn.c:35:
../../src/decode.h:49:23: error: sfbpf_dlt.h: No such file or directory
make[3]: *** [sfhashfcn.o] Error 1

make[3]: Leaving directory `/home/sudhakar/snort/snort/snort-2.9.0.3/src/sfutil'

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problems in compiling snort-2.9.0.3 with daq-0.5 sudhakar govindavajhala (Jan 25)
- Re: Problems in compiling snort-2.9.0.3 with daq-0.5 Michael Altizer (Jan 25)
- Re: Problems in compiling snort-2.9.0.3 with daq-0.5 vincent (Jan 26)