[Snort-devel] Problems in linking a dynamic-preprocessor

Todd Wease twease at ...402...
Wed May 7 08:25:59 EDT 2008


Hello Salvo,

To configure.in
===============
Add 'src/dynamic-preprocessor/<preproc-dir>/Makefile'
to AC_OUTPUT directive

To src/generators.h
===================
#define GENERATOR_PREPROC     <some large number>
Add events
Use other preprocessors as guideline

Note 'generators.h' is not known to the dynamic preprocessors.
You need to duplicate the code you put in generators.h in your
dynamic preprocessor code.  Do not try to include this file
in your dynamic preprocessor code.

To src/preprocids.h
===================
#define PP_PREPROC    <some large number>

To src/dynamic-preprocessors/Makefile.am
========================================
Add your <preproc-dir> to SUBDIRS

To src/dynamic-preprocessors/<preproc-dir>
==========================================
Create a 'Makefile.am'
Create a file called 'sf_preproc_info.h'
Look at other dynamic preprocessors for guidance


Nothing is added to 'plugbase.c' for dynamic preprocessors.

For the files available to the dynamic-preprocessors, look in the
src/dynamic-preprocessors/include directory after compiling.

Give that a try.  I may have missed something, so let us know how it goes.


Thanks,
Todd


Salvo Danilo Giuffrida wrote:
> Hello, I have developed a preprocessor, and I put its two files
> ('spp_[name].c' and 'spp_[name].h') into the directory
> 'src/dynamic-preprocessors/[name]'. To register it with the main Snort
> engine, I did the following things:
> 1 - I added into plugbase.c '#include dynamic-preprocessors/[name]/[name].h'
> 2 - I added into plugbase.c, in the function 'InitPreprocessors', a
> call to the setup function of my preprocessor
> 3 - I added to Makefile.am the path to the two files
> 'dynamic-preprocessors/[name]/[name].h' and
> 'dynamic-preprocessors/[name]/[name].c'
> 4 - These are the includes I put into the [name].c file:
> #ifdef HAVE_CONFIG_H
> #include "config.h"
> #endif
> 
> #include "ctype.h"
> //Definition of Packet
> //#include "decode.h"
> //Files related functions
> #include <sys/file.h>
> //Generators
> #include "generators.h"
> //Headers for HashTable related functions
> #include "utils/hashtable.h"
> #include "utils/hashtable_itr.h"
> #include "utils/hashtable_private.h"
> //Limits for integers, chars, etc...
> #include <limits.h>
> //Parsing related functions
> #include "parser.h"
> //Functions Add* and RegisterPreprocessor
> #include "plugbase.h"
> //Preprocessor IDs
> #include "preprocids.h"
> //Pthread library
> #include <pthread.h>
> //DynamicPreprocessorData and Snort plugin APIs
> #include "dynamic-preprocessors/include/sf_dynamic_preproc_lib.h"
> #include "dynamic-preprocessors/include/sf_snort_plugin_api.h"
> //Signals library
> #include <signal.h>
> //Standard C libraries
> #include <stdio.h>
> #include <stdlib.h>
> //String library
> #include <string.h>
> //Time related functions
> #include <time.h>
> //Definition of types
> #include <sys/types.h>
> //Utility functions (LogMessage, ...)
> #include "util.h"
> 
> //My header file
> #include "spp_[name].h"
> 
> #define GENERATOR_SPP_[name]	1000001
> 
> #define ALERT(x,y) { _dpd.alertAdd(GENERATOR_SPP_[name], x, 1, 0, 3, y, 0 ); }
> 
> extern DynamicPreprocessorData _dpd;
> 
> The problem is that, when I try to compile Snort+my new preprocessor,
> when I type 'make' after 'autoconf', 'automake' and './config', that's
> what I get as error:
> 
> make[3]: Entering directory `/mnt/hgfs/Snort/src'
> gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../src -I../src/sfutil
> -I/usr/include/pcap -I../src/output-plugins -I../src/detection-plugins
> -I../src/dynamic-plugins -I../src/preprocessors
> -I../src/preprocessors/flow -I../src/preprocessors/portscan
> -I../src/preprocessors/flow/int-snort
> -I../src/preprocessors/HttpInspect/include
> -I../src/preprocessors/Stream5 -I../src/target-based
> -fno-strict-aliasing  -g -O2 -Wall -DDYNAMIC_PLUGIN
> -fno-strict-aliasing -c -o spp_[name].o `test -f
> 'dynamic-preprocessors/[name]/spp_[name].c' || echo
> './'`dynamic-preprocessors/[name]/spp_[name].c
> dynamic-preprocessors/[name]/spp_[name].c: In function 'raiseAlarm':
> dynamic-preprocessors/[name]/spp_[name].c:231: error: '_dpd'
> undeclared (first use in this function)
> dynamic-preprocessors/[name]/spp_[name].c:231: error: (Each undeclared
> identifier is reported only once
> dynamic-preprocessors/[name]/spp_[name].c:231: error: for each
> function it appears in.)
> make[3]: *** [spp_[name].o] Error 1
> make[3]: Leaving directory `/mnt/hgfs/Snort/src'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/mnt/hgfs/Snort/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/mnt/hgfs/Snort'
> make: *** [all] Error 2
> 
> 
> The 'spp_[name].h' file is just
> #ifndef _[name]_H
> #define	_[name]_H
> 
> extern void Setup[name](void);   /* Setup function */
> 
> #endif	/* _[name]_H */
> 
> In the directory of the preprocessor
> (src/dynamic-preprocessors/[name]) there is no 'Makefile.am', because
> nowhere there's written that you have to write one...
> What could be the problem?
> Thanks a lot
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
> Don't miss this year's exciting event. There's still time to save $100. 
> Use priority code J8TL2D2. 
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list