Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1

From: Victor Roemer <vroemer () sourcefire com>
Date: Mon, 20 Aug 2012 08:41:28 -0400
I'll investigate this further, but it seems that be a problem with how
iptables was compiled (seems Gento users have an issue with this)

How did you install iptables and its dependencies?

In the mean time, if you don't need the IPQ daq I would disable it.

./configure --disable-ipq-module



On Sun, Aug 19, 2012 at 2:16 PM, PR <oly562 () gmail com> wrote:


**
again, im starting to think find clues that this is indeed a 32bit to
64bit issue: here is what i found on wikipedia regarding -fPIC

Such a library can be created with GCC<http://en.wikipedia.org/wiki/GNU_Compiler_Collection>by compiling the source 
file containing the new globals to be linked, with
the -fpic or -fPIC option,[<http://en.wikipedia.org/wiki/DLL_injection#cite_note-32>
33 
<http://en.wikipedia.org/wiki/DLL_injection#cite_note-32>]<http://en.wikipedia.org/wiki/DLL_injection#cite_note-32>and
 linking with the
-shared option.[ <http://en.wikipedia.org/wiki/DLL_injection#cite_note-33>
34 
<http://en.wikipedia.org/wiki/DLL_injection#cite_note-33>]<http://en.wikipedia.org/wiki/DLL_injection#cite_note-33>The
 library has access to external symbols declared in the program like any
other library.

It is also possible to use debugger-based techniques on Unix-like systems.
[ <http://en.wikipedia.org/wiki/DLL_injection#cite_note-34>35<http://en.wikipedia.org/wiki/DLL_injection#cite_note-34>
] <http://en.wikipedia.org/wiki/DLL_injection#cite_note-34>


also is there a tar that is 64bit, and not built for 32bit cpus?

i think that would solve the daq/snort issue.

your thoughts?

pete



On Sun, 2012-08-19 at 09:52 -0700, PR wrote:

here is the ./configure and make, i dont get past make... see below full
stdout... suggestions? im running 10.04 Desktop 64bit arch, acidbase,
trying to upgrade from 2.8.x to 2.9.x...

unixrealm@vulcan:~/Downloads/Programs/Snort-2012$ cd daq-1.1.1/
unixrealm@vulcan:~/Downloads/Programs/Snort-2012/daq-1.1.1$ ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for a sed that does not truncate output... /bin/sed
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for fgrep... /bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for ar... ar
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports
shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for visibility support... yes
checking CFLAGS for gcc -Wall... -Wall
checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings
checking CFLAGS for gcc -Wsign-compare... -Wsign-compare
checking CFLAGS for gcc -Wcast-align... -Wcast-align
checking CFLAGS for gcc -Wextra... -Wextra
checking CFLAGS for gcc -Wformat... -Wformat
checking CFLAGS for gcc -Wformat-security... -Wformat-security
checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter
checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing
checking CFLAGS for gcc -fdiagnostics-show-option...
-fdiagnostics-show-option
checking CFLAGS for gcc -pedantic -std=c99 -D_GNU_SOURCE... -pedantic
-std=c99 -D_GNU_SOURCE
checking for getaddrinfo... yes
checking for flex... flex
checking for flex 2.4 or higher... yes
checking for bison... bison
checking linux/if_ether.h usability... yes
checking linux/if_ether.h presence... yes
checking for linux/if_ether.h... yes
checking linux/if_packet.h usability... yes
checking linux/if_packet.h presence... yes
checking for linux/if_packet.h... yes
checking pcap.h usability... yes
checking pcap.h presence... yes
checking for pcap.h... yes
checking for pcap_lib_version in -lpcap... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking libipq.h usability... yes
checking libipq.h presence... yes
checking for libipq.h... yes
checking for linux/netfilter.h... yes
checking for netinet/in.h... (cached) yes
checking libnetfilter_queue/libnetfilter_queue.h usability... no
checking libnetfilter_queue/libnetfilter_queue.h presence... no
checking for libnetfilter_queue/libnetfilter_queue.h... no
checking for linux/netfilter.h... (cached) yes
checking for pcap.h... (cached) yes
checking for pcap_lib_version... checking for pcap_lib_version in
-lpcap... (cached) yes
checking for libpcap version >= "1.0.0"... yes
checking dnet.h usability... yes
checking dnet.h presence... yes
checking for dnet.h... yes
checking dumbnet.h usability... no
checking dumbnet.h presence... no
checking for dumbnet.h... no
checking for eth_set in -ldnet... yes
checking for eth_set in -ldumbnet... no
checking for dlopen in -ldl... yes
checking for inttypes.h... (cached) yes
checking for memory.h... (cached) yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking for netinet/in.h... (cached) yes
checking for stdint.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking for inline... inline
checking for size_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for uint8_t... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking for stdlib.h... (cached) yes
checking for unistd.h... (cached) yes
checking for getpagesize... yes
checking for working mmap... yes
checking for gethostbyname... yes
checking for getpagesize... (cached) yes
checking for memset... yes
checking for munmap... yes
checking for socket... yes
checking for strchr... yes
checking for strcspn... yes
checking for strdup... yes
checking for strerror... yes
checking for strrchr... yes
checking for strstr... yes
checking for strtoul... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating api/Makefile
config.status: creating os-daq-modules/Makefile
config.status: creating os-daq-modules/daq-modules-config
config.status: creating sfbpf/Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

Build AFPacket DAQ module.. : yes
Build Dump DAQ module...... : yes
Build IPFW DAQ module...... : yes
Build IPQ DAQ module....... : yes
Build NFQ DAQ module....... : no
Build PCAP DAQ module...... : yes

unixrealm@vulcan:~/Downloads/Programs/Snort-2012/daq-1.1.1$ make
make  all-recursive
make[1]: Entering directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1'
Making all in api
make[2]: Entering directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/api'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/api'
Making all in sfbpf
make[2]: Entering directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf'
Making all in os-daq-modules
make[2]: Entering directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/os-daq-modules'
/bin/bash ../libtool --tag=CC   --mode=link gcc -DBUILDING_SO -g -O2
-fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align
-Wextra -Wformat -Wformat-security -Wno-unused-parameter
-fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99
-D_GNU_SOURCE -module -export-dynamic -avoid-version -shared
-L/usr/local/lib -ldnet   -o daq_ipq.la -rpath /usr/local/lib/daq
daq_ipq_la-daq_ipq.lo -lipq -L/usr/local/lib -ldnet ../sfbpf/libsfbpf.la
libtool: link: gcc -shared  .libs/daq_ipq_la-daq_ipq.o   -Wl,-rpath
-Wl,/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf/.libs
-L/usr/local/lib -lipq /usr/local/lib/libdnet ../sfbpf/.libs/libsfbpf.so
-Wl,-soname -Wl,daq_ipq.so -o .libs/daq_ipq.so
/usr/bin/ld:
/usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/libipq.a(libipq.o):
relocation R_X86_64_32S against `ipq_errmap' can not be used when making a
shared object; recompile with -fPIC
/usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/libipq.a: could not
read symbols: Bad value
collect2: ld returned 1 exit status
make[2]: *** [daq_ipq.la] Error 1
make[2]: Leaving directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/os-daq-modules'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1'
make: *** [all] Error 2
unixrealm@vulcan:~/Downloads/Programs/Snort-2012/daq-1.1.1$


frustrating i tell ya... pete

On Tue, 2012-08-14 at 14:45 -0700, PR wrote:

here are the files for daq.

make.out and config.log

When install snort 2.9.x of course, is says, daq is not installed. so...
first get daq as Joel suggests. thanks for your help, really!

i simply want a nice easy way to update snort just like the good old days.
;)

pete


On Mon, 2012-08-13 at 09:28 -0400, Victor Roemer wrote:

So your using snort-2.9.3 and daq-1.1.1


Could you send your 'config.log' and make output to us for analysis.


The 'config.log' is generated after running


$ ./configure


When capturing the make output, we prefer to just have everything, via


$ make &> make.out


Then send us those files.


Other information which we find useful is OS and OS version and gcc
version.


Thanks!


 Begin forwarded message:

 *From: *PR <oly562 () gmail com>

*Subject: Re: [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1*

*Date: *August 6, 2012 3:23:49 PM EDT

*To: *Joel Esler <jesler () sourcefire com>


sorry i used wrong nomenclature. i am at 2930 aka 2.9.3, its daq at this
point. when i try to install snort it points to daq not installed, then daq
points to error use -fPIC. so what does -fPIC mean? cant find info about
it... any suggestions? oh and i remove each failed compile, and untar each
time. justa heads up, i know how to compile from source, but somethings i
need help with like -fPIC

On Mon, 2012-08-06 at 13:24 -0400, Joel Esler wrote:

I'm telling you that 2900 isn't supported.  You should update to 2930
which is supported.



On Aug 6, 2012, at 1:19 PM, PR <oly562 () gmail com> wrote:

 im downloading from http://www.snort.org/snort-downloads

you are telling me they are not supported? huh???

On Mon, 2012-08-06 at 08:51 -0400, Joel Esler wrote:

On Aug 5, 2012, at 7:46 PM, PR <oly562 () gmail com> wrote:

 your thoughts? good link? simple cmd instructions, maybe print your
history for last time you did this? little help, starting to get annoyed
when snort switches from 2800/2900 version, and its NOT simple as it could
be.


2900 isn't even supported anymore.


http://www.snort.org/vrt/rules/eol_policy



--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire









------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: