[Snort-devel] [Snort-users] snort-3.0.0b3 on FreeBSD 7.2 UUID library fail

Martin Roesch roesch at ...402...
Fri Aug 14 09:43:32 EDT 2009


Hi Richard,

I've got a FBSD 7.2 system available, I'll take a look at it today.

Marty

On Fri, Aug 14, 2009 at 9:16 AM, Richard Bejtlich<taosecurity at ...2499...> wrote:
> On Fri, May 22, 2009 at 11:29 AM, Russ Combs<rcombs at ...402...> wrote:
>> Richard,
>>
>> The only FreeBSD system I got access to doesn't seem to support a distinct
>> thread ID access method.  Below is a patch that you can use as a workaround.
>>
>> It uses process ID in lieu of thread ID.  This primarily affects log
>> statements.  The only area where it will affect performance is with CPU
>> affinity - all threads will be assigned the same CPU - unless getpid()
>> actually returns a thread ID on those systems.
>>
>> Let me know if this gets you going or if you you find a better solution.
>>
>> Thanks
>> Russ
>>
>> Index: s_util/include/s_thread.h
>> ===================================================================
>> RCS file:
>> /usr/cvsroot/sfeng/ims/sfsnort/sfips/src/s_util/include/s_thread.h,v
>> retrieving revision 1.37
>> diff -u -B -b -r1.37 s_thread.h
>> --- s_util/include/s_thread.h   26 Nov 2008 18:53:44 -0000      1.37
>> +++ s_util/include/s_thread.h   22 May 2009 15:22:24 -0000
>> @@ -39,7 +39,8 @@
>>  #include "s_types.h"
>>  #include "s_cpuclock.h"
>>
>> -static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); }
>> +//static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid);
>> }
>> +static ALWAYS_INLINE pid_t s_gettid(void) { return getpid(); }
>>
>>  SO_PUBLIC int s_set_affinity(int cpu);
>>
>
> Hi Russ,
>
> Talk about taking this off the front burner... it's been so long since
> I looked at this, it's totally off the stove!
>
> I made the change
>
> fbsd7# diff -u s_thread.h.orig s_thread.h
> --- s_thread.h.orig     2009-08-14 09:11:05.000000000 -0400
> +++ s_thread.h  2009-08-14 08:57:32.000000000 -0400
> @@ -39,7 +39,8 @@
>  #include "s_types.h"
>  #include "s_cpuclock.h"
>
> -static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); }
> +//static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); }
> +static ALWAYS_INLINE pid_t s_gettid(void) { return getpid(); }
>
>  SO_PUBLIC int s_set_affinity(int cpu);
>
> and put the new s_thread.h where it needed to be in
> /usr/local/src/snortsp-3.0.0b3/src/s_util/include/s_thread.h
>
> But I got the same error:
>
> fbsd7# make
> make  all-recursive
> Making all in src
> Making all in s_util
> Making all in include
> Making all in libsbpf
> /bin/sh ../../../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H
> -I. -I../../.. -I../../.. -I../../../src/s_util/libsbpf/bpf
> -I../../../src/s_util/libsbpf/net -I../../../src/s_util
> -I../../../src/s_util/include -I../../../src/data_source
> -I../../../src/data_source/daq -I../../../src/data_source/decode
> -I../../../src/data_source/flow -I../../../src/platform
> -I../../../src/comms -I../../../src/analysis -I../../../src/output
> -I.. -I/usr/local/include/lua51  -I/usr/local/lib
> -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
> -Wall  -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
> -fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF
> .deps/libsbpf_la-s_bpf_filter.Tpo -c -o libsbpf_la-s_bpf_filter.lo
> `test -f 'bpf/s_bpf_filter.c' || echo './'`bpf/s_bpf_filter.c
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../..
> -I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net
> -I../../../src/s_util -I../../../src/s_util/include
> -I../../../src/data_source -I../../../src/data_source/daq
> -I../../../src/data_source/decode -I../../../src/data_source/flow
> -I../../../src/platform -I../../../src/comms -I../../../src/analysis
> -I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib
> -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
> -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
> -fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF
> .deps/libsbpf_la-s_bpf_filter.Tpo -c bpf/s_bpf_filter.c  -fPIC -DPIC
> -o .libs/libsbpf_la-s_bpf_filter.o
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../..
> -I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net
> -I../../../src/s_util -I../../../src/s_util/include
> -I../../../src/data_source -I../../../src/data_source/daq
> -I../../../src/data_source/decode -I../../../src/data_source/flow
> -I../../../src/platform -I../../../src/comms -I../../../src/analysis
> -I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib
> -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
> -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
> -fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF
> .deps/libsbpf_la-s_bpf_filter.Tpo -c bpf/s_bpf_filter.c -o
> libsbpf_la-s_bpf_filter.o >/dev/null 2>&1
> mv -f .deps/libsbpf_la-s_bpf_filter.Tpo .deps/libsbpf_la-s_bpf_filter.Plo
> /bin/sh ../../../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H
> -I. -I../../.. -I../../.. -I../../../src/s_util/libsbpf/bpf
> -I../../../src/s_util/libsbpf/net -I../../../src/s_util
> -I../../../src/s_util/include -I../../../src/data_source
> -I../../../src/data_source/daq -I../../../src/data_source/decode
> -I../../../src/data_source/flow -I../../../src/platform
> -I../../../src/comms -I../../../src/analysis -I../../../src/output
> -I.. -I/usr/local/include/lua51  -I/usr/local/lib
> -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
> -Wall  -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
> -fvisibility=hidden -O2 -MT libsbpf_la-s_gencode.lo -MD -MP -MF
> .deps/libsbpf_la-s_gencode.Tpo -c -o libsbpf_la-s_gencode.lo `test -f
> 'bpf/s_gencode.c' || echo './'`bpf/s_gencode.c
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../..
> -I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net
> -I../../../src/s_util -I../../../src/s_util/include
> -I../../../src/data_source -I../../../src/data_source/daq
> -I../../../src/data_source/decode -I../../../src/data_source/flow
> -I../../../src/platform -I../../../src/comms -I../../../src/analysis
> -I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib
> -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include
> -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing
> -fvisibility=hidden -O2 -MT libsbpf_la-s_gencode.lo -MD -MP -MF
> .deps/libsbpf_la-s_gencode.Tpo -c bpf/s_gencode.c  -fPIC -DPIC -o
> .libs/libsbpf_la-s_gencode.o
> In file included from bpf/s_gencode.c:62:
> ../../../src/s_util/include/s_thread.h:36:26: error: linux/unistd.h:
> No such file or directory
> *** Error code 1
>
> Stop in /usr/local/src/snortsp-3.0.0b3/src/s_util/libsbpf.
> *** Error code 1
>
> Stop in /usr/local/src/snortsp-3.0.0b3/src/s_util.
> *** Error code 1
>
> Stop in /usr/local/src/snortsp-3.0.0b3/src.
> *** Error code 1
>
> Stop in /usr/local/src/snortsp-3.0.0b3.
> *** Error code 1
>
> Stop in /usr/local/src/snortsp-3.0.0b3.
>
> Any ideas?  Maybe a newer version of the beta?
>
> Thank you,
>
> Richard
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>



-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




More information about the Snort-devel mailing list