[Snort-devel] Snort 2.8.5 Beta Now Available

Jason Wallace jason.r.wallace at ...2499...
Fri May 15 16:32:02 EDT 2009


Hi,

I have one question and a possible bug to report.

Question:
Is the following a valid configure option?

./configure --enable-flexresp2 --enable-react


Bug:

./configure --enable-dynamicplugin --enable-flexresp2

Fails to build...

gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../src -I../src/sfutil
-I/usr/include/pcap -I../src/output-plugins -I../src/detection-plugins
-I../src/dynamic-plugins -I../src/preprocessors
-I../src/preprocessors/portscan
-I../src/preprocessors/HttpInspect/include
-I../src/preprocessors/Stream5 -I../src/target-based  -DDYNAMIC_PLUGIN
-DENABLE_RESPONSE2 -I/usr/include  -g -O2 -fvisibility=hidden -Wall -c
parser.c
parser.c:642: error: syntax error before ';' token
parser.c:643: warning: missing braces around initializer
parser.c:643: warning: (near initialization for `config_opts[42]')
parser.c:643: warning: initialization makes pointer from integer without a cast
parser.c:643: warning: initialization makes integer from pointer without a cast
parser.c:644: error: syntax error before '{' token
make[3]: *** [parser.o] Error 1
make[3]: Leaving directory
`/var/tmp/portage/net-analyzer/snort-2.8.5_beta/work/snort-2.8.5.beta/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory
`/var/tmp/portage/net-analyzer/snort-2.8.5_beta/work/snort-2.8.5.beta/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory
`/var/tmp/portage/net-analyzer/snort-2.8.5_beta/work/snort-2.8.5.beta'
make: *** [all] Error 2

Wally


On Fri, May 15, 2009 at 11:36 AM, Todd Wease <twease at ...402...> wrote:
> Hi Wally,
>
> Yes, the option has been removed.  Snort will cleanup memory regardless
> now at exit.
>
> Todd
>
>
> Jason Wallace wrote:
>> I notice the --enable-memory-cleanup ./configure option is missing.
>> Has this been removed?
>>
>> Wally
>>
>> On Thu, May 14, 2009 at 11:14 AM, Russ Combs <rcombs at ...402...> wrote:
>>
>>> Thanks for reporting this issue.  We've already opened a bug on this and are
>>> working on a fix.
>>>
>>> Russ
>>>
>>> On Thu, May 14, 2009 at 9:39 AM, rmkml <rmkml at ...879...> wrote:
>>>
>>>> Hi,
>>>> First, Congratulations SF team for this new version!
>>>> Im found a segfault with this new version with this rule:
>>>>  alert tcp any any -> any any (msg:"snort v2.8.5 beta SegFault";
>>>> content:"test"; within:; nocase; sid:987654321; rev:1;)
>>>> Yes, within keyword don't have value! and snort crash with nocasei
>>>> keyword...
>>>> look my very simple snort.conf:
>>>>  dynamicpreprocessor directory
>>>> dynamic-preprocessors/build/usr/local/lib/snort_dynamicpreprocessor/
>>>>  dynamicengine dynamic-plugins/sf_engine/.libs/libsf_engine.so
>>>>  preprocessor stream5_global: max_tcp 8192, track_tcp yes, track_udp no
>>>> and sid 987654321 of course!
>>>>
>>>> Please add my pseudo to Credits file and my company: Crusoe Researches.
>>>> Happy Detect (snort,bro,azwalaro)
>>>> Regards
>>>> Rmkml
>>>> Crusoe-Researches.com
>>>>
>>>>
>>>> On Thu, 14 May 2009, Snort Releases wrote:
>>>>
>>>>
>>>>> A beta version of Snort 2.8.5 is now available on snort.org, at
>>>>> http://www.snort.org/dl/
>>>>>
>>>>> Snort 2.8.5 introduces:
>>>>>
>>>>> - Ability to specify multiple configurations (snort.conf and everything
>>>>>  it includes), bound either by Vlan ID or IP Address.  This allows you
>>>>>  to run one instance of Snort with multiple snort.conf, rather than
>>>>>  having separate processes.
>>>>>
>>>>> - Continued inspection of traffic while reloading a configuration.
>>>>>  Add --enable-reload option to your configure script prior to building.
>>>>>
>>>>> - Rate Based Attack prevention for Connection Attempts, Concurrent
>>>>>  Connections, and improved rule/event filtering.  See README.filters
>>>>>  for details.
>>>>>
>>>>> - SSH preprocessor (no longer experimental)
>>>>>
>>>>> - Performance improvements in various places
>>>>>
>>>>> Please see the Release Notes and ChangeLog for more details.
>>>>>
>>>>> Please submit bugs, questions, and feedback to snort-beta at ...2780...
>>>>>
>>>>> Happy Snorting!
>>>>> The Snort Release Team
>>>>>
>>> ------------------------------------------------------------------------------
>>> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
>>> production scanning environment may not be a perfect world - but thanks to
>>> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK
>>> i700
>>> Series Scanner you'll get full speed at 300 dpi even with all image
>>> processing features enabled. http://p.sf.net/sfu/kodak-com
>>> _______________________________________________
>>> Snort-devel mailing list
>>> Snort-devel at lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>
>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> Crystal Reports - New Free Runtime and 30 Day Trial
>> Check out the new simplified licensing option that enables
>> unlimited royalty-free distribution of the report engine
>> for externally facing server and web deployment.
>> http://p.sf.net/sfu/businessobjects
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>
>




More information about the Snort-devel mailing list