[Snort-devel] Snort 2.1.1-RC1 Available

snortdev at ...2371... snortdev at ...2371...
Wed Feb 4 16:38:04 EST 2004


Could you add the pcre.lib into win32-libraries. This would be easier than
having to source it from
http://www.ethereal.com/distribution/win32/development/

I am also getting a load of these when I compile

c:\snort-2.1.1-RC1\src\sfutil\bitop.h(193) : warning C4018: '<=' :
signed/unsigned mismatch
c:\snort-2.1.1-RC1\src\sfutil\bitop.h(227) : warning C4018: '<=' :
signed/unsigned mismatch
c:\snort-2.1.1-RC1\src\sfutil\bitop.h(260) : warning C4018: '<=' :
signed/unsigned mismatch
c:\snort-2.1.1-RC1\src\sfutil\bitop.h(291) : warning C4018: '<=' :
signed/unsigned mismatch

I have also included a patch for snort that changes the fopen statement to
open the file as a binary on the win32 platform. Windows has a nasty habit
of doing carriage return\newline replacement unless you tell it to open
the file as binary. This breaks the unified barnyard file.

You also have to do something similar on the barnyard binary, but since
the W32 port is not merged into the snort.org tree I will  post that as a
seperate patch.

Ian


On Wed, 4 Feb 2004 snortdev at ...2371... wrote:

>
> Ok I know what is going on here. mc.exe doesn't like folder names with
> space in it. Go figure.
>
> Ian
>
> On Wed, 4 Feb 2004 snortdev at ...2371... wrote:
>
> >
> > I am getting
> >
> > ------ Build started: Project: snort, Configuration: MySQL Debug Win32
> > ------
> >
> > Performing Custom Build Step
> > MC: may only specify one message file to compile.
> > Microsoft (R) Message Compiler  Version 1.12.3668
> > Copyright (c) Microsoft Corporation. All rights reserved.
> > usage: MC [-?aAcdnosuUvw] [-m maxmsglen] [-h dirspec] [-e extension] [-r
> > dirspec] [-x dbgFileSpec] filename.mc
> >
> >
> > when I try and build on windows. I saw this on an earlier version but not
> > sure how it was fixed.
> >
> > Ian
> >
> > On Wed, 4 Feb 2004, Jeremy Hewlett wrote:
> >
> > >
> > > Greetings!
> > >
> > > Snort 2.1.1-RC1 is now officially available! We're asking everyone who
> > > has experienced issues with the 2.1.0 release to please test this RC.
> > > In particular, we'd like to make sure we've addressed issues brought
> > > up on the mailing lists. Ideally, this Release Candidate will just
> > > turn into the 2.1.1 release, unless there are any other issues.
> > >
> > > Some of the major issues addressed in RC1 are:
> > >
> > > * Compilation issues that some users were having on BSD and Solaris
> > > * Alert mangling fixes
> > > * Win32 snort runs as a service now (From Chris Reid)
> > > * Win32 snort now supports logging to Oracle databases
> > > * Many http_inspect configuration improvements via suggestions by the
> > >   community
> > >
> > > We've also added a new rule option, Flowbits, which can be used to
> > > track rule state across transport protocol sessions. Please read
> > > ./doc/README.flowbits for more information.
> > >
> > > For further info on changes, please review the ChangeLog and
> > > RELEASE.NOTES, which can be found in the parent directory of the snort
> > > source.
> > >
> > > Try it out, let us know what you think!
> > >
> > > Thanks,
> > > The Snort Team
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > The SF.Net email is sponsored by EclipseCon 2004
> > > Premiere Conference on Open Tools Development and Integration
> > > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> > > http://www.eclipsecon.org/osdn
> > > _______________________________________________
> > > Snort-devel mailing list
> > > Snort-devel at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/snort-devel
> > >
> > >
> >
> >
> > -------------------------------------------------------
> > The SF.Net email is sponsored by EclipseCon 2004
> > Premiere Conference on Open Tools Development and Integration
> > See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> > http://www.eclipsecon.org/osdn
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
> >
>
>
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
-------------- next part --------------
diff -Naur snort-2.1.1-RC1/src/output-plugins/spo_unified.c snort-2.1.1-RC1.ism/src/output-plugins/spo_unified.c
--- snort-2.1.1-RC1/src/output-plugins/spo_unified.c	2004-01-20 16:31:39.000000000 -0500
+++ snort-2.1.1-RC1.ism/src/output-plugins/spo_unified.c	2004-02-04 19:27:05.000000000 -0500
@@ -282,8 +282,16 @@
 
     //printf("Opening %s\n", logdir);
 
-    if((data->stream = fopen(logdir, "w")) == NULL)
+#ifdef WIN32
+	//ism: Windows has a notion of a binary file, If you don't set it to binary
+	//Then is does newline/caridge return replacement that is bad in a binary
+	//File
+    if((data->stream = fopen(logdir, "wb")) == NULL)
         FatalError("UnifiedInitLogFile(%s): %s\n", logdir, strerror(errno));
+#else 
+	if((data->stream = fopen(logdir, "w")) == NULL)
+        FatalError("UnifiedInitLogFile(%s): %s\n", logdir, strerror(errno));
+#endif 
 
     /* write the log file header */
     hdr.magic = UNIFIED_MAGIC;
@@ -720,10 +728,20 @@
 
     DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Opening %s\n", logdir););
 
-    if((data->stream = fopen(logdir, "w+")) == NULL)
+#ifdef WIN32
+	//ism: Windows has a notion of a binary file, If you don't set it to binary
+	//Then is does newline/caridge return replacement that is bad in a binary
+	//File
+	if((data->stream = fopen(logdir, "wb+")) == NULL)
+    {
+        FatalError("UnifiedInitAlertFile(%s): %s\n", logdir, strerror(errno));
+    }
+#else
+	if((data->stream = fopen(logdir, "w+")) == NULL)
     {
         FatalError("UnifiedInitAlertFile(%s): %s\n", logdir, strerror(errno));
     }
+#endif
 
     hdr.magic = ALERT_MAGIC;
     hdr.version_major = 1;
@@ -818,10 +836,20 @@
                    "too long, aborting!\n");
     }
 
-    if((data->stream = fopen(logdir, "w")) == NULL)
+#ifdef WIN32
+	//ism: Windows has a notion of a binary file, If you don't set it to binary
+	//Then is does newline/caridge return replacement that is bad in a binary
+	//File
+    if((data->stream = fopen(logdir, "wb")) == NULL)
+    {
+        FatalError("UnifiedInitLogFile(%s): %s\n", logdir, strerror(errno));
+    }
+#else
+	if((data->stream = fopen(logdir, "w")) == NULL)
     {
         FatalError("UnifiedInitLogFile(%s): %s\n", logdir, strerror(errno));
     }
+#endif 
 
     /* write the log file header */
     hdr.magic = LOG_MAGIC;


More information about the Snort-devel mailing list