[Snort-devel] Snort 2.8.6.1, "Error: Failed to find LibVersion()" while trying to develop a preprocessor module

BlackLight blacklight86 at ...2499...
Fri Jul 30 19:35:51 EDT 2010


I finally found a solution to this apparently meaningless issue. There
was nothing wrong with my source code. The issue just disappeared when
I started compiling it passing -DHAVE_CONFIG_H. I don't know the reason
for this issue. All I know is that defining the macro HAVE_CONFIG_H the
problem disappears.

On Wed, Jul 28, 2010 at 07:48:27PM -0400, Russ Combs wrote:
> On Wed, Jul 28, 2010 at 7:07 PM, BlackLight <blacklight86 at ...2499...> wrote:
> 
> > My issue is not with getting Snort running. I know deleting libsf*example*
> > Snort runs, but I need to develop *MY OWN* preprocessor module. Of course I
> > started from the source code of the "official" example, but it looks
> > definitely
> > bugged, taking out random LibVersion() issues.  So where should I start for
> > developing my preprocessor module if modifying a bit and compiling
> > spp_example.c all I get is Snort not working?
> >
> 
> Have a look at the ssl preprocessor.  It is relatively simple.
> 
> >
> > On Wed, Jul 28, 2010 at 06:55:32PM -0400, Joel Esler wrote:
> > > BlackLight said:
> > > > I need to work on Snort for my master thesis, developing a preprocessor
> > > > module on Snort 2.8.6.1. I started from the spp_example.c code,
> > > > creating a directory called "testpreproc" in snort_dynamicpreprocessor
> > > > with the following content:
> > > >
> > > > spp_example.c -> http://sprunge.us/GYUA
> > > > sf_dynamic_preproc_lib.c -> http://sprunge.us/HUZZ
> > > > sf_preproc_info.h -> http://sprunge.us/dIaU
> > > >
> > > > and this is the Makefile:
> > > >
> > > > all:
> > > >         gcc -I${HOME}/local/snort-src/src/dynamic-preprocessors/include
> > -g -O2 -DDYNAMIC_PLUGIN -DSUP_IP6 -g -O2 -fvisibility=hidden
> > -fno-strict-aliasing -Wall -fPIC -DPIC -shared sf_dynamic_preproc_lib.c
> > spp_example.c -o ../libsf_dynamic_preprocessor_example.so.0.0.0
> > > >         ln -sf ${PWD}/../libsf_dynamic_preprocessor_example.so.0.0.0
> > ${PWD}/../libsf_dynamic_preprocessor_example.so.0
> > > >         ln -sf ${PWD}/../libsf_dynamic_preprocessor_example.so.0.0.0
> > ${PWD}/../libsf_dynamic_preprocessor_example.so
> > > >
> > > > The compilation problem is OK, but when I try to start Snort I get the
> > > > following error:
> > > >
> > > > Loading dynamic preprocessor library
> > /home/blacklight/local/snort/lib/snort_dynamicpreprocessor//libsf_dynamic_preprocessor_example.so...
> >  ERROR: Failed to find LibVersion() function in
> > /home/blacklight/local/snort/lib/snort_dynamicpreprocessor//libsf_dynamic_preprocessor_example.so:
> > /home/blacklight/local/snort/lib/snort_dynamicpreprocessor//libsf_dynamic_preprocessor_example.so:
> > undefined symbol: LibVersion Fatal Error, Quitting..
> > > >
> > > > Googling around I noticed it's quite a common error, but the solution
> > > > everybody offers is to remove the binary file of the preprocessor
> > > > example from the preprocessor directory. Of course, this solution is OK
> > > > and works if you're just trying to run Snort and you don't care about
> > > > creating new preprocessor modules. In my case I want to create one, so
> > > > the solution of removing my own compiled .so file won't work. What's
> > > > the cause of that issue? Of course, as you may notice, the LibVersion()
> > > > function is correctly declared and instantiated in
> > > > sf_dynamic_preproc_lib.c, so there's no apparent reason why Snort
> > > > shouldn't find that function.
> > > >
> > >
> > > You need to delete the libsf_dynamic_preprocessor_example.* files in
> > > order to have Snort function.
> > >
> > > j
> >
> > --
> > -----BEGIN GEEK CODE BLOCK-----
> > Version: 3.1
> > GAT d? a? C++++ U++++ P++++ L+++++ E--- W+++ !w PS+++ PE-- Y++ PGP++ X++
> > R+ tv-- b+>+++ DI++ G++ e+++ h* r++ z**
> > ------END GEEK CODE BLOCK------
> >
> >  PGP key:
> > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE8468AFB46DBC195
> > Admin of http://0x00.ath.cx
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAkxQuC4ACgkQ6EaK???????????????????????????????????????
> > vPAAnjoIAJ8dX1nb7tdJrY7IRGxI5t8R
> > =jxQa
> > -----END PGP SIGNATURE-----
> >
> >
> > ------------------------------------------------------------------------------
> > The Palm PDK Hot Apps Program offers developers who use the
> > Plug-In Development Kit to bring their C/C++ apps to Palm for a share
> > of $1 Million in cash or HP Products. Visit us here for more details:
> > http://p.sf.net/sfu/dev2dev-palm
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
> >

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT d? a? C++++ U++++ P++++ L+++++ E--- W+++ !w PS+++ PE-- Y++ PGP++ X++
R+ tv-- b+>+++ DI++ G++ e+++ h* r++ z**
------END GEEK CODE BLOCK------

PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE8468AFB46DBC195
Admin of http://0x00.ath.cx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100731/f661a2f1/attachment.sig>


More information about the Snort-devel mailing list