[Snort-devel] flexible response broken in cvs?

Nathan W. Labadie ab0781 at ...839...
Sat Oct 13 11:08:05 EDT 2001


Here's an issue of found in the latest cvs. The problem is
_not_ present in snort-1.8.1-RELEASE. All necessary libraries
are installed.

With snort-1.8.1-RELEASE:

[root at ...840...]# ./configure --prefix=/usr --bindir=/usr/sbin
\    
--sysconfdir=/etc/snort --enable-flexresp --with-mysql \  
--with-snmp --with-openssl

--snip--
checking for u_int8_t... yes
checking for u_int16_t... yes                           
checking for u_int32_t... yes
--snip--

[root at ...840...]# make                

--snip--                
gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap 
-I/usr/include/mysql -DENABLE_MYSQL -DENABLE_ODBC
-I/usr/include/pgsql -DENABLE_POSTGRESQL -DENABLE_SNMP
-DENABLE_SSL -I/usr/include  -g -O2 -Wall -DENABLE_RESPONSE
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
-DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c snort.c
--snip--

A few extra libraries are included... no big deal. Everything
compiles and installs fine. Flexible response _does_ work.
Testing flexresp will cause the error connection reset by peer
with tcp.                  

With snort from cvs:     

[root at ...840...]# ./configure --prefix=/usr --bindir=/usr/sbin \
--sysconfdir=/etc/snort --enable-flexresp --with-mysql \
--with-snmp --with-openssl
--snip--
checking for u_int8_t... no
checking for u_int16_t... no
checking for u_int32_t... no
--snip--

[root at ...840...]# make                

--snip--                
gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap
-I/usr/include/mysql -DENABLE_MYSQL -DENABLE_SNMP -DENABLE_SSL
-I/usr/include  -g -O2 -Wall -DENABLE_RESPONSE -D_BSD_SOURCE
-D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H
-DLIBNET_LIL_ENDIAN -c snort.c            
In file included from /usr/include/netinet/in.h:23,           
                 from snort.h:43,
                 from snort.c:45:/usr/include/stdint.h:51:
redefinition of `uint8_t'
/usr/include/sys/types.h:190: `uint8_t' previously declared here
/usr/include/stdint.h:52: redefinition of `uint16_t'    
/usr/include/sys/types.h:191: `uint16_t' previously declared
here/usr/include/stdint.h:54: redefinition of `uint32_t'
/usr/include/sys/types.h:192: `uint32_t' previously declared here
make: *** [snort.o] Error 1
--snip--

If you go into config.h and remove the following:
#define u_int8_t uint8_t
#define u_int16_t uint16_t           
#define u_int32_t uint32_t

It'll compile, _but_ flexible response is broken. Tcpdumping
reveals that no flexresp packets are sent from the snort host
on the same test rule.  

Any ideas?

Thanks,
Nate
note: please cc me on any responses... I'm not on the list.     

--
Nathan W. Labadie       | ab0781 at ...839...          
Sr. Security Specialist | 313/577.2126
Wayne State University  | 313/577.5626 fax
C&IT Security Office: http://security.wayne.edu




More information about the Snort-devel mailing list