[Snort-devel] Snort 2.4 Released!

Martin Roesch roesch at ...402...
Wed Aug 3 10:54:34 EDT 2005


Can you try downloading the SNORT_2_4 branch from cvs.snort.org and  
see if you still have the compilation problems?  BTW, I've been using  
gmake to do my builds on OpenBSD lately...

      -Marty

On Aug 3, 2005, at 12:58 PM, M. Shirk wrote:

> Scratch my question (snort.conf conversion from 2.3 to 2.4 was  
> missing community and bleeding snort rules and not your problem and  
> my DFO for Dumb f****** operator) :-)
>
> Shirkdog
> http://www.shirkdog.us
>
>
>
>
>> From: "M. Shirk" <shirkdog_list at ...445...>
>> To: roesch at ...402..., protocoljunkie at ...2499...
>> CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>> Subject: Re: [Snort-devel] Snort 2.4 Released!
>> Date: Wed, 03 Aug 2005 12:24:25 -0400
>>
>> YEAH, I am not the only one. I am on stable OpenBSD 3.7
>>
>> I was able to compile but I needed to adjust PATH to include /usr/ 
>> local/bin and /usr/local/sbin and I had to get the binary packages  
>> for automake,autoheader,autoconf,aclocal.  I then did a CVS  
>> checkout and ran autojunk.sh (edited to work on OpenBSD with the  
>> bins in /usr/local/bin). Adding --with-libpcre-includes/libraries  
>> to my ./configure, I was able to compile 2.4.
>>
>> After seeing this email, I took a tarball I downloaded and I was  
>> able to compile this time( with the changes from above).
>>
>> One thing of note, in OpenBSD 3.7, and -current, they switched to  
>> GCC-3.3.5
>> # gcc -v
>> Reading specs from /usr/lib/gcc-lib/i386-unknown-openbsd3.7/3.3.5/ 
>> specs
>> Configured with:
>> Thread model: single
>> gcc version 3.3.5 (propolice)
>> #
>>
>>
>>
>> Question: I noticed that in 2.3.3, if I was using http_inspect,  
>> that I would get pattern matches as well as the preprocessor  
>> alerts. Since running 2.4.0, when the RBOT HTTP garbage hits my  
>> sensor, http_inspect is firing its oversized_uri alert, but I no  
>> longer get the bleeding snort rules that should trigger on this  
>> (also the mod_jrun community rule). Is this an optimization to not  
>> pattern match when the preprocessor can handle the traffic? (which  
>> is cool), or something else?
>>
>> Shirkdog
>> http://www.shirkdog.us
>>
>>
>>
>>
>>> From: Martin Roesch <roesch at ...402...>
>>> To: M Raju <protocoljunkie at ...2499...>
>>> CC: snort-devel at lists.sourceforge.net, snort-team at ...402...
>>> Subject: Re: [Snort-devel] Snort 2.4 Released!
>>> Date: Wed, 3 Aug 2005 10:41:08 -0400
>>>
>>> Hi Raju,
>>>
>>> I'm checking it out.  I did a test build on OpenBSD 3.4 before   
>>> shipping, let me see if a problem slipped in there someplace...
>>>
>>>      -Marty
>>>
>>>
>>> On Aug 3, 2005, at 7:55 AM, M Raju wrote:
>>>
>>>
>>>> Marty,
>>>>  Just wanted to let you know that 2.4 compile on OpenBSD-current
>>>> fails. Not sure if any builds were tested on OpenBSD (I am  
>>>> setting up
>>>> a 3.7-stable box to see it is an OBSD issue). I know you were  
>>>> working
>>>> on RH9 rpms (yikes!), but perhaps *BSD were not added for 2.4  
>>>> testing?
>>>> Thanks.
>>>>
>>>> _Raju
>>>>
>>>> -
>>>>
>>>> local/include -DLIBNET_BSDISH_OS -DLIBNET_LIL_ENDIAN  -g -O2 - 
>>>> Wall -c
>>>> spp_stream4.c
>>>> spp_stream4.c: In function `DeleteSession':
>>>> spp_stream4.c:3661: error: `FLUSH_DELAY' undeclared (first use  
>>>> in  this function)
>>>> spp_stream4.c:3661: error: (Each undeclared identifier is  
>>>> reported  only once
>>>> spp_stream4.c:3661: error: for each function it appears in.)
>>>> *** Error code 1
>>>>
>>>> Stop in /usr/local/src/snort-2.4.0/src/preprocessors.
>>>> *** Error code 1
>>>>
>>>> Stop in /usr/local/src/snort-2.4.0/src/preprocessors (line 285  
>>>> of  Makefile).
>>>> *** Error code 1
>>>>
>>>> Stop in /usr/local/src/snort-2.4.0/src (line 334 of Makefile).
>>>> *** Error code 1
>>>>
>>>> Stop in /usr/local/src/snort-2.4.0 (line 303 of Makefile).
>>>> *** Error code 1
>>>>
>>>> Stop in /usr/local/src/snort-2.4.0 (line 180 of Makefile).
>>>>
>>>>
>>>> On 7/28/05, Martin Roesch <roesch at ...402...> wrote:
>>>>
>>>>
>>>>> Nothing sinister, just dropped the ball between Jeremy leaving  
>>>>> and me
>>>>> picking things up.  I'll take a look and get them in shortly if  
>>>>> I  can.
>>>>>
>>>>>       -Marty
>>>>>
>>>>>
>>>>> On Jul 28, 2005, at 6:46 PM, Erik de Castro Lopo wrote:
>>>>>
>>>>>
>>>>>
>>>>>> On Thu, 28 Jul 2005 11:50:34 -0400
>>>>>> Jennifer Steffens <jennifer.steffens at ...402...> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hey Everyone,
>>>>>>>
>>>>>>> Snort v2.4 is now officially available. This release includes a
>>>>>>> number
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> <snip>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> If you have any feedback, let us know - snort- 
>>>>>>> team at ...2780...
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> I was rather disappointed that the two patch I sent in:
>>>>>>
>>>>>>      http://www.webservertalk.com/message1053302.html
>>>>>>      http://sourceforge.net/mailarchive/forum.php?
>>>>>> thread_id=7172477&forum_id=7142
>>>>>>
>>>>>> have not been applied. Both are smal localaised easily
>>>>>> verifiable changes.
>>>>>>
>>>>>> Have these been dropped by mistake or were they rejected for some
>>>>>> other reason?
>>>>>>
>>>>>> Erik
>>>>>> --
>>>>>> -------------------------------------------------------
>>>>>> [N] Erik de Castro Lopo, Senior Computer Engineer
>>>>>> [E] erik.de.castro.lopo at ...2292...
>>>>>> [W] http://www.sensorynetworks.com
>>>>>> [T] +61 2 83022726
>>>>>> [F] +61 2 94750316
>>>>>> [A] L6/140 William St, East Sydney NSW 2011, Australia
>>>>>> -------------------------------------------------------
>>>>>> "Premature optimization is the root of all evil" - C.A.R.Hoare
>>>>>> "If it doesn't work, don't optimize." - Christian Bau
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>>>> Sourcefire - Network Defense for the Real World - http://
>>>>> www.sourcefire.com
>>>>> Snort: Open Source Intrusion Detection and Prevention - http://
>>>>> www.snort.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> -------------------------------------------------------
>>>>> SF.Net email is Sponsored by the Better Software Conference &  
>>>>> EXPO  September
>>>>> 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
>>>>> Agile & Plan-Driven Development * Managing Projects & Teams *   
>>>>> Testing & QA
>>>>> Security * Process Improvement & Measurement * http:// 
>>>>> www.sqe.com/ bsce5sf
>>>>> _______________________________________________
>>>>> Snort-devel mailing list
>>>>> Snort-devel at lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> May the packets be with you.
>>>>
>>>>
>>>>
>>>
>>> --
>>> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
>>> Sourcefire - Network Defense for the Real World - http://  
>>> www.sourcefire.com
>>> Snort: Open Source Intrusion Detection and Prevention - http://  
>>> www.snort.org
>>>
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> SF.Net email is sponsored by: Discover Easy Linux Migration  
>>> Strategies
>>> from IBM. Find simple to follow Roadmaps, straightforward articles,
>>> informative Webcasts and more! Get everything you need to get up to
>>> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>>> _______________________________________________
>>> Snort-devel mailing list
>>> Snort-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
>>
>> _________________________________________________________________
>> Is your PC infected? Get a FREE online computer virus scan from  
>> McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/ 
>> campaign.asp?cid=3963
>>
>>
>>
>> -------------------------------------------------------
>> SF.Net email is sponsored by: Discover Easy Linux Migration  
>> Strategies
>> from IBM. Find simple to follow Roadmaps, straightforward articles,
>> informative Webcasts and more! Get everything you need to get up to
>> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>
> _________________________________________________________________
> Don’t just search. Find. Check out the new MSN Search! http:// 
> search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>

-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Network Defense for the Real World - http:// 
www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention - http:// 
www.snort.org







More information about the Snort-devel mailing list