[Snort-devel] Snort 2.4 Released!

M. Shirk shirkdog_list at ...445...
Wed Aug 3 09:27:09 EDT 2005


YEAH, I am not the only one. I am on stable OpenBSD 3.7

I was able to compile but I needed to adjust PATH to include /usr/local/bin 
and /usr/local/sbin and I had to get the binary packages for 
automake,autoheader,autoconf,aclocal.  I then did a CVS checkout and ran 
autojunk.sh (edited to work on OpenBSD with the bins in /usr/local/bin). 
Adding --with-libpcre-includes/libraries to my ./configure, I was able to 
compile 2.4.

After seeing this email, I took a tarball I downloaded and I was able to 
compile this time( with the changes from above).

One thing of note, in OpenBSD 3.7, and -current, they switched to GCC-3.3.5
# gcc -v
Reading specs from /usr/lib/gcc-lib/i386-unknown-openbsd3.7/3.3.5/specs
Configured with:
Thread model: single
gcc version 3.3.5 (propolice)
#



Question: I noticed that in 2.3.3, if I was using http_inspect, that I would 
get pattern matches as well as the preprocessor alerts. Since running 2.4.0, 
when the RBOT HTTP garbage hits my sensor, http_inspect is firing its 
oversized_uri alert, but I no longer get the bleeding snort rules that 
should trigger on this (also the mod_jrun community rule). Is this an 
optimization to not pattern match when the preprocessor can handle the 
traffic? (which is cool), or something else?

Shirkdog
http://www.shirkdog.us



>From: Martin Roesch <roesch at ...402...>
>To: M Raju <protocoljunkie at ...2499...>
>CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>Subject: Re: [Snort-devel] Snort 2.4 Released!
>Date: Wed, 3 Aug 2005 10:41:08 -0400
>
>Hi Raju,
>
>I'm checking it out.  I did a test build on OpenBSD 3.4 before  shipping, 
>let me see if a problem slipped in there someplace...
>
>      -Marty
>
>
>On Aug 3, 2005, at 7:55 AM, M Raju wrote:
>
>>Marty,
>>  Just wanted to let you know that 2.4 compile on OpenBSD-current
>>fails. Not sure if any builds were tested on OpenBSD (I am setting up
>>a 3.7-stable box to see it is an OBSD issue). I know you were working
>>on RH9 rpms (yikes!), but perhaps *BSD were not added for 2.4 testing?
>>Thanks.
>>
>>_Raju
>>
>>-
>>
>>local/include -DLIBNET_BSDISH_OS -DLIBNET_LIL_ENDIAN  -g -O2 -Wall -c
>>spp_stream4.c
>>spp_stream4.c: In function `DeleteSession':
>>spp_stream4.c:3661: error: `FLUSH_DELAY' undeclared (first use in  this 
>>function)
>>spp_stream4.c:3661: error: (Each undeclared identifier is reported  only 
>>once
>>spp_stream4.c:3661: error: for each function it appears in.)
>>*** Error code 1
>>
>>Stop in /usr/local/src/snort-2.4.0/src/preprocessors.
>>*** Error code 1
>>
>>Stop in /usr/local/src/snort-2.4.0/src/preprocessors (line 285 of  
>>Makefile).
>>*** Error code 1
>>
>>Stop in /usr/local/src/snort-2.4.0/src (line 334 of Makefile).
>>*** Error code 1
>>
>>Stop in /usr/local/src/snort-2.4.0 (line 303 of Makefile).
>>*** Error code 1
>>
>>Stop in /usr/local/src/snort-2.4.0 (line 180 of Makefile).
>>
>>
>>On 7/28/05, Martin Roesch <roesch at ...402...> wrote:
>>
>>>Nothing sinister, just dropped the ball between Jeremy leaving and me
>>>picking things up.  I'll take a look and get them in shortly if I  can.
>>>
>>>       -Marty
>>>
>>>
>>>On Jul 28, 2005, at 6:46 PM, Erik de Castro Lopo wrote:
>>>
>>>
>>>>On Thu, 28 Jul 2005 11:50:34 -0400
>>>>Jennifer Steffens <jennifer.steffens at ...402...> wrote:
>>>>
>>>>
>>>>
>>>>>Hey Everyone,
>>>>>
>>>>>Snort v2.4 is now officially available. This release includes a
>>>>>number
>>>>>
>>>>>
>>>>
>>>><snip>
>>>>
>>>>
>>>>
>>>>>If you have any feedback, let us know - snort-team at ...2780...
>>>>>
>>>>>
>>>>
>>>>I was rather disappointed that the two patch I sent in:
>>>>
>>>>      http://www.webservertalk.com/message1053302.html
>>>>      http://sourceforge.net/mailarchive/forum.php?
>>>>thread_id=7172477&forum_id=7142
>>>>
>>>>have not been applied. Both are smal localaised easily
>>>>verifiable changes.
>>>>
>>>>Have these been dropped by mistake or were they rejected for some
>>>>other reason?
>>>>
>>>>Erik
>>>>--
>>>>-------------------------------------------------------
>>>>[N] Erik de Castro Lopo, Senior Computer Engineer
>>>>[E] erik.de.castro.lopo at ...2292...
>>>>[W] http://www.sensorynetworks.com
>>>>[T] +61 2 83022726
>>>>[F] +61 2 94750316
>>>>[A] L6/140 William St, East Sydney NSW 2011, Australia
>>>>-------------------------------------------------------
>>>>"Premature optimization is the root of all evil" - C.A.R.Hoare
>>>>"If it doesn't work, don't optimize." - Christian Bau
>>>>
>>>>
>>>>
>>>
>>>--
>>>Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>Sourcefire - Network Defense for the Real World - http://
>>>www.sourcefire.com
>>>Snort: Open Source Intrusion Detection and Prevention - http://
>>>www.snort.org
>>>
>>>
>>>
>>>
>>>
>>>-------------------------------------------------------
>>>SF.Net email is Sponsored by the Better Software Conference & EXPO  
>>>September
>>>19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
>>>Agile & Plan-Driven Development * Managing Projects & Teams *  Testing & 
>>>QA
>>>Security * Process Improvement & Measurement * http://www.sqe.com/ 
>>>bsce5sf
>>>_______________________________________________
>>>Snort-devel mailing list
>>>Snort-devel at lists.sourceforge.net
>>>https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
>>>
>>
>>
>>--
>>May the packets be with you.
>>
>>
>
>--
>Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>Sourcefire - Network Defense for the Real World - http:// 
>www.sourcefire.com
>Snort: Open Source Intrusion Detection and Prevention - http:// 
>www.snort.org
>
>
>
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>from IBM. Find simple to follow Roadmaps, straightforward articles,
>informative Webcasts and more! Get everything you need to get up to
>speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-devel

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963





More information about the Snort-devel mailing list