[Snort-devel] flexible response broken in cvs?

Nathan W. Labadie ab0781 at ...839...
Sat Oct 13 11:08:05 EDT 2001

Here's an issue of found in the latest cvs. The problem is
_not_ present in snort-1.8.1-RELEASE. All necessary libraries
are installed.

With snort-1.8.1-RELEASE:

[root at ...840...]# ./configure --prefix=/usr --bindir=/usr/sbin
--sysconfdir=/etc/snort --enable-flexresp --with-mysql \  
--with-snmp --with-openssl

checking for u_int8_t... yes
checking for u_int16_t... yes                           
checking for u_int32_t... yes

[root at ...840...]# make                

gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap 
-I/usr/include/mysql -DENABLE_MYSQL -DENABLE_ODBC
-DENABLE_SSL -I/usr/include  -g -O2 -Wall -DENABLE_RESPONSE

A few extra libraries are included... no big deal. Everything
compiles and installs fine. Flexible response _does_ work.
Testing flexresp will cause the error connection reset by peer
with tcp.                  

With snort from cvs:     

[root at ...840...]# ./configure --prefix=/usr --bindir=/usr/sbin \
--sysconfdir=/etc/snort --enable-flexresp --with-mysql \
--with-snmp --with-openssl
checking for u_int8_t... no
checking for u_int16_t... no
checking for u_int32_t... no

[root at ...840...]# make                

gcc -DHAVE_CONFIG_H -I. -I. -I. -I/usr/include/pcap
-I/usr/include  -g -O2 -Wall -DENABLE_RESPONSE -D_BSD_SOURCE
-DLIBNET_LIL_ENDIAN -c snort.c            
In file included from /usr/include/netinet/in.h:23,           
                 from snort.h:43,
                 from snort.c:45:/usr/include/stdint.h:51:
redefinition of `uint8_t'
/usr/include/sys/types.h:190: `uint8_t' previously declared here
/usr/include/stdint.h:52: redefinition of `uint16_t'    
/usr/include/sys/types.h:191: `uint16_t' previously declared
here/usr/include/stdint.h:54: redefinition of `uint32_t'
/usr/include/sys/types.h:192: `uint32_t' previously declared here
make: *** [snort.o] Error 1

If you go into config.h and remove the following:
#define u_int8_t uint8_t
#define u_int16_t uint16_t           
#define u_int32_t uint32_t

It'll compile, _but_ flexible response is broken. Tcpdumping
reveals that no flexresp packets are sent from the snort host
on the same test rule.  

Any ideas?

note: please cc me on any responses... I'm not on the list.     

Nathan W. Labadie       | ab0781 at ...839...          
Sr. Security Specialist | 313/577.2126
Wayne State University  | 313/577.5626 fax
C&IT Security Office: http://security.wayne.edu

More information about the Snort-devel mailing list