[Snort-devel] [Snort-users] snort-3.0.0b3 on FreeBSD 7.2 UUID library fail

Richard Bejtlich taosecurity at ...2499...
Fri Aug 14 09:16:33 EDT 2009


On Fri, May 22, 2009 at 11:29 AM, Russ Combs<rcombs at ...402...> wrote:
> Richard,
>
> The only FreeBSD system I got access to doesn't seem to support a distinct
> thread ID access method.  Below is a patch that you can use as a workaround.
>
> It uses process ID in lieu of thread ID.  This primarily affects log
> statements.  The only area where it will affect performance is with CPU
> affinity - all threads will be assigned the same CPU - unless getpid()
> actually returns a thread ID on those systems.
>
> Let me know if this gets you going or if you you find a better solution.
>
> Thanks
> Russ
>
> Index: s_util/include/s_thread.h
> ===================================================================
> RCS file:
> /usr/cvsroot/sfeng/ims/sfsnort/sfips/src/s_util/include/s_thread.h,v
> retrieving revision 1.37
> diff -u -B -b -r1.37 s_thread.h
> --- s_util/include/s_thread.h   26 Nov 2008 18:53:44 -0000      1.37
> +++ s_util/include/s_thread.h   22 May 2009 15:22:24 -0000
> @@ -39,7 +39,8 @@
>  #include "s_types.h"
>  #include "s_cpuclock.h"
>
> -static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); }
> +//static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid);
> }
> +static ALWAYS_INLINE pid_t s_gettid(void) { return getpid(); }
>
>  SO_PUBLIC int s_set_affinity(int cpu);
>

Hi Russ,

Talk about taking this off the front burner... it's been so long since
I looked at this, it's totally off the stove!

I made the change

fbsd7# diff -u s_thread.h.orig s_thread.h
--- s_thread.h.orig	2009-08-14 09:11:05.000000000 -0400
+++ s_thread.h	2009-08-14 08:57:32.000000000 -0400
@@ -39,7 +39,8 @@
 #include "s_types.h"
 #include "s_cpuclock.h"

-static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); }
+//static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); }
+static ALWAYS_INLINE pid_t s_gettid(void) { return getpid(); }

 SO_PUBLIC int s_set_affinity(int cpu);

and put the new s_thread.h where it needed to be in
/usr/local/src/snortsp-3.0.0b3/src/s_util/include/s_thread.h

But I got the same error:

fbsd7# make
make  all-recursive
Making all in src
Making all in s_util
Making all in include
Making all in libsbpf
/bin/sh ../../../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H
-I. -I../../.. -I../../.. -I../../../src/s_util/libsbpf/bpf
-I../../../src/s_util/libsbpf/net -I../../../src/s_util
-I../../../src/s_util/include -I../../../src/data_source
-I../../../src/data_source/daq -I../../../src/data_source/decode
-I../../../src/data_source/flow -I../../../src/platform
-I../../../src/comms -I../../../src/analysis -I../../../src/output
-I.. -I/usr/local/include/lua51  -I/usr/local/lib
-I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
-Wall  -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
-fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF
.deps/libsbpf_la-s_bpf_filter.Tpo -c -o libsbpf_la-s_bpf_filter.lo
`test -f 'bpf/s_bpf_filter.c' || echo './'`bpf/s_bpf_filter.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../..
-I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net
-I../../../src/s_util -I../../../src/s_util/include
-I../../../src/data_source -I../../../src/data_source/daq
-I../../../src/data_source/decode -I../../../src/data_source/flow
-I../../../src/platform -I../../../src/comms -I../../../src/analysis
-I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib
-I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
-Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
-fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF
.deps/libsbpf_la-s_bpf_filter.Tpo -c bpf/s_bpf_filter.c  -fPIC -DPIC
-o .libs/libsbpf_la-s_bpf_filter.o
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../..
-I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net
-I../../../src/s_util -I../../../src/s_util/include
-I../../../src/data_source -I../../../src/data_source/daq
-I../../../src/data_source/decode -I../../../src/data_source/flow
-I../../../src/platform -I../../../src/comms -I../../../src/analysis
-I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib
-I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
-Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
-fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF
.deps/libsbpf_la-s_bpf_filter.Tpo -c bpf/s_bpf_filter.c -o
libsbpf_la-s_bpf_filter.o >/dev/null 2>&1
mv -f .deps/libsbpf_la-s_bpf_filter.Tpo .deps/libsbpf_la-s_bpf_filter.Plo
/bin/sh ../../../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H
-I. -I../../.. -I../../.. -I../../../src/s_util/libsbpf/bpf
-I../../../src/s_util/libsbpf/net -I../../../src/s_util
-I../../../src/s_util/include -I../../../src/data_source
-I../../../src/data_source/daq -I../../../src/data_source/decode
-I../../../src/data_source/flow -I../../../src/platform
-I../../../src/comms -I../../../src/analysis -I../../../src/output
-I.. -I/usr/local/include/lua51  -I/usr/local/lib
-I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
-Wall  -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
-fvisibility=hidden -O2 -MT libsbpf_la-s_gencode.lo -MD -MP -MF
.deps/libsbpf_la-s_gencode.Tpo -c -o libsbpf_la-s_gencode.lo `test -f
'bpf/s_gencode.c' || echo './'`bpf/s_gencode.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../..
-I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net
-I../../../src/s_util -I../../../src/s_util/include
-I../../../src/data_source -I../../../src/data_source/daq
-I../../../src/data_source/decode -I../../../src/data_source/flow
-I../../../src/platform -I../../../src/comms -I../../../src/analysis
-I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib
-I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
-Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
-fvisibility=hidden -O2 -MT libsbpf_la-s_gencode.lo -MD -MP -MF
.deps/libsbpf_la-s_gencode.Tpo -c bpf/s_gencode.c  -fPIC -DPIC -o
.libs/libsbpf_la-s_gencode.o
In file included from bpf/s_gencode.c:62:
../../../src/s_util/include/s_thread.h:36:26: error: linux/unistd.h:
No such file or directory
*** Error code 1

Stop in /usr/local/src/snortsp-3.0.0b3/src/s_util/libsbpf.
*** Error code 1

Stop in /usr/local/src/snortsp-3.0.0b3/src/s_util.
*** Error code 1

Stop in /usr/local/src/snortsp-3.0.0b3/src.
*** Error code 1

Stop in /usr/local/src/snortsp-3.0.0b3.
*** Error code 1

Stop in /usr/local/src/snortsp-3.0.0b3.

Any ideas?  Maybe a newer version of the beta?

Thank you,

Richard




More information about the Snort-devel mailing list