Snort mailing list archives

Re: Snort 2.9.7.0 unable to find daq

From: James Lay <jlay () slave-tothe-box net>
Date: Fri, 31 Oct 2014 10:26:35 -0600

On 2014-10-31 10:09, James Lay wrote:

On 2014-10-30 13:36, Carter Waxman (cwaxman) wrote:

Ah I left out --with-daq-includes. You should do the same with that
so
Snort configure doesn’t look in /usr/local/include.

On 10/30/14, 1:07 PM, "James Lay" <jlay () slave-tothe-box net> wrote:

On 2014-10-30 09:39, Carter Waxman (cwaxman) wrote:

Are you using ‹with-daq-libraries when running the Snort config? 
If
not,
remove --prefix from the DAQ configure line. You probably have the
older
DAQ in /usr/local/lib.

-Carter

On 10/30/14, 11:19 AM, "James Lay" <jlay () slave-tothe-box net>
wrote:

Topic says it...

checking for daq_load_modules in -ldaq_static... yes
checking for daq_hup_apply... yes
checking for daq_acquire_with_meta... yes
checking for daq_dp_add_dc... yes
checking for struct _DAQ_DP_key_t.sa.src_ip4... no

   ERROR!  daq library missing C99 patch, upgrade to >=2.0.4, go
get
it
from

Daq-2.0.4 was configured with:

./configure --prefix=/usr

[08:12:18 ids:/usr/lib$] ls -l libdaq*
-rw-r--r-- 1 root root 50834 2014-10-30 07:47 libdaq.a
-rwxr-xr-x 1 root root   909 2014-10-30 07:47 libdaq.la*
lrwxrwxrwx 1 root root    15 2014-10-30 07:47 libdaq.so ->
libdaq.so.2.0.4*
lrwxrwxrwx 1 root root    15 2014-10-30 07:47 libdaq.so.2 ->
libdaq.so.2.0.4*
-rwxr-xr-x 1 root root 42271 2014-10-30 07:47 libdaq.so.2.0.4*
-rw-r--r-- 1 root root 51852 2014-10-30 07:47 libdaq_static.a
-rwxr-xr-x 1 root root   877 2014-10-30 07:47 libdaq_static.la*
-rw-r--r-- 1 root root 99020 2014-10-30 07:47
libdaq_static_modules.a
-rwxr-xr-x 1 root root   901 2014-10-30 07:47
libdaq_static_modules.la*

from snort config.log:

configure:4423: gcc  -c -g -O2  conftest.c >&5
conftest.c:61: error: expected ';', ',' or ')' before 'text'
conftest.c: In function 'main':
conftest.c:115: error: expected '=', ',', ';', 'asm' or
'__attribute__'
before 'newvar'
conftest.c:115: error: 'newvar' undeclared (first use in this
function)
conftest.c:115: error: (Each undeclared identifier is reported 
only
once
conftest.c:115: error: for each function it appears in.)
conftest.c:125: error: 'for' loop initial declaration used outside
C99
mode
configure:4423: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL ""
| #define PACKAGE "snort"
| #define VERSION "2.9.7.0"
| /* end confdefs.h.  */
| #include <stdarg.h>
| #include <stdbool.h>
| #include <stdlib.h>
| #include <wchar.h>
| #include <stdio.h>

and

configure:13299: checking for stdbool.h that conforms to C99
configure:13366: gcc -c -g -O2  conftest.c >&5
configure:13366: $? = 0
configure:13373: result: yes
configure:13375: checking for _Bool
configure:13375: gcc -c -g -O2  conftest.c >&5
configure:13375: $? = 0
configure:13375: gcc -c -g -O2  conftest.c >&5
conftest.c: In function 'main':
conftest.c:60: error: expected expression before ')' token
configure:13375: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""

Anything else I can provide?  Thank you.

James


I've adjusted and here's what I tried:

./configure --enable-sourcefire --enable-zlib --enable-gre
--enable-pthread --enable-perfprofiling --enable-ppm --enable-reload
--enable-reload-error-restart --with-daq-libraries=/usr/lib

I've removed old version...libdaq is only in /usr/lib as shown 
above.
No difference.  Running the same with snort-2.9.6.2 runs fine.

James



Exact same result.  I'm going to say here that I suspect it may be
older compiler and configure software here.  I've successfully 
compiled
2.9.7.0 on Ubuntu 12 with no issues, but not on Slackware 12.2.  Is
there a way to determine if this is the right thinking here?  Thanks.

James


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


So...after compiling daq-2.0.4 with just ./configure, now this works 
for snort-2.9.7.0:

./configure --enable-sourcefire --enable-zlib --enable-gre 
--enable-pthread --enable-perfprofiling --enable-ppm --enable-reload 
--enable-reload-error-restart

checking for daq_load_modules in -ldaq_static... yes
checking for daq_hup_apply... yes
checking for daq_acquire_with_meta... yes
checking for daq_dp_add_dc... yes
checking for struct _DAQ_DP_key_t.sa.src_ip4... yes
checking for daq address space ID... yes
checking for daq flow ID... yes
checking for DAQ_VERDICT_RETRY... yes

I think the configure script for 2.9.7.0 needs some TLC.

James

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort 2.9.7.0 unable to find daq James Lay (Oct 30)
- Re: Snort 2.9.7.0 unable to find daq Carter Waxman (cwaxman) (Oct 30)
  - Re: Snort 2.9.7.0 unable to find daq James Lay (Oct 30)
    - Re: Snort 2.9.7.0 unable to find daq Carter Waxman (cwaxman) (Oct 30)
    - Re: Snort 2.9.7.0 unable to find daq James Lay (Oct 31)
    - Re: Snort 2.9.7.0 unable to find daq James Lay (Oct 31)