[Snort-devel] Possible bug in compiling snort 2.9.2.3

Valentin Avram valentin.avram at ...3295...
Thu Jul 19 04:51:34 EDT 2012


Hello.

Since snort 2.9.3.0 has been released, I decided to check if this issue has been fixed.

Couldn't find anything in the Changelog about this issue (there is an issue referring to compilation error when active response is disabled, but it was part of snort 2.9.1).

So I downloaded the source of 2.9.3.0, fixed the ./configure (since snort no longer supports outputs to databases, aruba or prelude), and the compilation still fails.

New ./configure:
./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --enable-shared --disable-static --disable-so-with-static-lib --enable-dynamicplugin --enable-zlib --disable-gre --disable-mpls --disable-targetbased --disable-ppm --enable-perfprofiling --enable-linux-smp-stats --disable-inline-init-failopen --enable-pthread --disable-debug --disable-debug-msgs --disable-corefiles --enable-dlclose --disable-active-response --disable-normalizer --disable-reload-error-restart --disable-react --disable-flexresp3 --enable-paf --disable-large-pcap --disable-ipv6 --enable-reload --disable-build-dynamic-examples --disable-profile --disable-ppm-test --disable-intel-soft-cpm --disable-static-daq --disable-rzb-saac

Error compiling:
/bin/sh ../libtool --tag=CC   --mode=link i686-pc-linux-gnu-gcc  -g -O2 -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall  -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o  strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a dynamic-output/plugins/liboutput.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm  -ldl -ldaq -lz -lpthread -lpthread
libtool: link: i686-pc-linux-gnu-gcc -g -O2 -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o  -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a dynamic-output/plugins/liboutput.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -ldnet -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg':
/home/knight/Desktop/tempview/snort-2.9.3/src/dynamic-plugins/sf_dynamic_plugins.c:1559: undefined reference to `Active_SendData'
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled':
/home/knight/Desktop/tempview/snort-2.9.3/src/dynamic-plugins/sf_dynamic_plugins.c:1452: undefined reference to `Active_SetEnabled'
collect2: ld returned 1 exit status
make[3]: *** [snort] Error 1
make[3]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3'
make: *** [all] Error 2

So, as i asked in my previous email: Any news about a patch to fix this issue? Or an estimation on how long will it take or the snort version the patch will be part of?

Thank you for your time.


On 06/29/12 11:25, Valentin Avram wrote:
> Hello.
>
> Any news about a patch to fix this issue? Or an estimation on how long 
> will it take or the snort version the patch will be part of?
>
> Thank you for your time.
>
> On 06/19/12 21:30, Russ Combs wrote:
>> That's a bug.  Thanks for reporting it.
>>
>> On Tue, Jun 19, 2012 at 11:41 AM, Valentin AVRAM 
>> <valentin.avram at ...3295... <mailto:valentin.avram at ...3295...>> wrote:
>>
>>     Hello.
>>
>>     While trying to compile snort 2.9.2.3 to be used as a
>>     sensor-only, I tried to disable all unnecessary features of it
>>     while keeping only the basic functionalities.
>>
>>     I'm running Gentoo Linux so I'm using the USE-flags made
>>     available by the distro's ebuild in order to select the features
>>     I need and drop those which I don't require.
>>
>>     The configure options the ebuild detects from my USE-flags are:
>>
>>     ./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --enable-shared --disable-static --disable-so-with-static-lib --enable-dynamicplugin --enable-zlib --disable-gre --disable-mpls --disable-targetbased --enable-decoder-preprocessor-rules --disable-ppm --enable-perfprofiling --enable-linux-smp-stats --disable-inline-init-failopen --enable-pthread --disable-debug --disable-debug-msgs --disable-corefiles --enable-dlclose --disable-active-response --disable-normalizer --disable-reload-error-restart --disable-react --disable-flexresp3 --enable-paf --disable-large-pcap --disable-aruba --without-mysql --without-odbc --without-postgresql --enable-ipv6 --enable-reload --disable-prelude --disable-build-dynamic-examples --disable-profile --disable-ppm-test --disable-intel-soft-cpm --disable-static-daq --disab
>>     le-rzb-saac --without-oracle
>>
>>     As seen, I decided to disable active-response since it is a basic
>>     sensor, not used in inline mode.
>>
>>     The configure is successful. However, when running make, the
>>     compilation fails with the following error:
>>
>>     /bin/sh ../libtool --tag=CC   --mode=link i686-pc-linux-gnu-gcc  -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall  -Wl,-O1 -Wl,--as-needed -L/usr/lib -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o  strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm  -ldl -ld
>>     aq -lz -lpthread -lpthread
>>     libtool: link: i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -Wl,-O1 -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o  -Wl,--as-needed -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a /usr/lib/libdnet.so -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread
>>     dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg':
>>     sf_dynamic_plugins.c:(.text+0x934): undefined reference to `Active_SendData'
>>     dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled':
>>     sf_dynamic_plugins.c:(.text+0xa17): undefined reference to `Active_SetEnabled'
>>     collect2: ld returned 1 exit status
>>
>>     My question now is the following:
>>     Am I using a bad combination of flags? Why does dynamic_plugins need active-response which I explicitly disabled? And if the flag combination is wrong, why did the configure let me use it?
>>
>>     (for instance, the Gentoo ebuild does not allow me to disable the "dynamic_plugins" USE-flag since I have enabled the "zlib" USE-flag which allows for analysis of compressed HTTP connections)
>>
>>     If the combination of flags are right, then it's a bug in the source code.
>>
>>
>>     I have submitted Gentoo bug #421775 (https://bugs.gentoo.org/show_bug.cgi?id=421775  ) and also attached there a patch which allows the two functions (Active_SetEnabled and Active_SendData) to be visible and just do nothing if active-response is disabled.
>>
>>
>>     However, since it's the first time I'm looking at Snort source code I'm not entirely sure the two Active_ functions should just do nothing, that is I'm not sure that the caller functions expect changes in the data they send to the Active_ functions, so that patch only allows the code to compile, but that may break functionality.
>>
>>
>>     Please have a look at this issue and tell me if I'm using the wrong flag combination, or there is a bug in the code or if the patch should produce a working snort binary.
>>
>>     Thank you for your time.
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120719/d64ca54e/attachment.html>


More information about the Snort-devel mailing list