[Snort-devel] Writing Preprocessor For Snort

Russ Combs rcombs at ...402...
Fri Nov 8 14:51:32 EST 2013


Are you running build.sh and test.sh from the directory in which they are
located, like ./build.sh ?



On Fri, Nov 8, 2013 at 1:08 PM, Amtul Saboor <saboor.amtul at ...2499...> wrote:

> Thanks alot everbody. Specially Russ and Alex!! the dpx 1.6 version worked
> for me. However, i fixed the two following issues myself, explaining for
> others' future guidance:
>
> Somehow, the files build.sh and test.sh are not understanding the correct
> snort path, and that error  (no rule to make file) was arriving due to path
> problem . I manually enter the path in both cases (replaced $Snort with
> /root/snort/ ) and the problem was half solved.
>
> I faced another error in build.sh , i had to comment the second if
> condition in build.sh to make the program run error free. otherwise i was
> facing this error "
>
> ERROR: you must echo SNORT=/path/to/snort/dir > setup.sh first"
>
> Altough I was doing that already.
>
> And to be sure if my output is correct , i am copying it , please let me know if this the thing i should be having:
>
> /test.sh
> ./setup.sh: line 1: /root/snort: is a directory
> Running in IDS mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
>
> Parsing Rules file "test/snort.conf"
> Tagged Packet Limit: 256
> Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor...
>   Loading dynamic preprocessor library lib/snort_dynamicpreprocessor/libdpx.so... done
>
>   Finished Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor
> Log directory = /var/log/snort
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> 4 Snort rules read
>
>     4 detection rules
>     0 decoder rules
>     0 preprocessor rules
> 2 Option Chains linked into 2 Chain Headers
> 0 Dynamic rules
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> +-------------------[Rule Port Counts]---------------------------------------
>
> |             tcp     udp    icmp      ip
> |     src       0       0       0       0
> |     dst       0       0       0       0
> |     any       4       0       0       0
> |      nc       4       0       0       0
>
> |     s+d       0       0       0       0
> +----------------------------------------------------------------------------
>
> +-----------------------[detection-filter-config]------------------------------
> | memory-cap : 1048576 bytes
>
> +-----------------------[detection-filter-rules]-------------------------------
> | none
> -------------------------------------------------------------------------------
>
> +-----------------------[rate-filter-config]-----------------------------------
>
> | memory-cap : 1048576 bytes
> +-----------------------[rate-filter-rules]------------------------------------
> | none
> -------------------------------------------------------------------------------
>
> +-----------------------[event-filter-config]----------------------------------
>
> | memory-cap : 1048576 bytes
> +-----------------------[event-filter-global]----------------------------------
> +-----------------------[event-filter-local]-----------------------------------
> | none
> +-----------------------[suppression]------------------------------------------
>
> | none
> -------------------------------------------------------------------------------
> Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
> Verifying Preprocessor Configurations!
>
> [ Port Based Pattern Matching Memory ]
> pcap DAQ configured to read-file.
> The DAQ version does not support reload.
> Acquiring network traffic from "test/test.pcap".
> Reload thread starting...
> Reload thread started, thread 0xb69a3b70 (9802)
>
>         --== Initialization Complete ==--
>
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.9.5.5 GRE (Build 205)
>    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>
>            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>            Using libpcap version 1.0.0
>            Using PCRE version: 7.8 2008-09-05
>            Using ZLIB version: 1.2.3.3
>
>            Preprocessor Object: dpx  Version 1.6  <Build 1>
>
> Commencing packet processing (pid=9801)
> 3	256	2	0	
> 4	256	2	0	
> 5	256	1	0	
> ===============================================================================
> Run time for packet processing was 0.1496 seconds
>
> Snort processed 6 packets.
> Snort ran for 0 days 0 hours 0 minutes 0 seconds
>    Pkts/sec:            6
> ===============================================================================
> Packet I/O Totals:
>    Received:            6
>
>    Analyzed:            6 (100.000%)
>     Dropped:            0 (  0.000%)
>    Filtered:            0 (  0.000%)
> Outstanding:            0 (  0.000%)
>    Injected:            0
> ===============================================================================
>
> Breakdown by protocol (includes rebuilt packets):
>         Eth:            6 (100.000%)
>        VLAN:            0 (  0.000%)
>         IP4:            6 (100.000%)
>        Frag:            0 (  0.000%)
>        ICMP:            0 (  0.000%)
>
>         UDP:            0 (  0.000%)
>         TCP:            6 (100.000%)
>         IP6:            0 (  0.000%)
>     IP6 Ext:            0 (  0.000%)
>    IP6 Opts:            0 (  0.000%)
>       Frag6:            0 (  0.000%)
>
>       ICMP6:            0 (  0.000%)
>        UDP6:            0 (  0.000%)
>        TCP6:            0 (  0.000%)
>      Teredo:            0 (  0.000%)
>     ICMP-IP:            0 (  0.000%)
>     IP4/IP4:            0 (  0.000%)
>
>     IP4/IP6:            0 (  0.000%)
>     IP6/IP4:            0 (  0.000%)
>     IP6/IP6:            0 (  0.000%)
>         GRE:            0 (  0.000%)
>     GRE Eth:            0 (  0.000%)
>    GRE VLAN:            0 (  0.000%)
>
>     GRE IP4:            0 (  0.000%)
>     GRE IP6:            0 (  0.000%)
> GRE IP6 Ext:            0 (  0.000%)
>    GRE PPTP:            0 (  0.000%)
>     GRE ARP:            0 (  0.000%)
>     GRE IPX:            0 (  0.000%)
>
>    GRE Loop:            0 (  0.000%)
>        MPLS:            0 (  0.000%)
>         ARP:            0 (  0.000%)
>         IPX:            0 (  0.000%)
>    Eth Loop:            0 (  0.000%)
>    Eth Disc:            0 (  0.000%)
>
>    IP4 Disc:            0 (  0.000%)
>    IP6 Disc:            0 (  0.000%)
>    TCP Disc:            0 (  0.000%)
>    UDP Disc:            0 (  0.000%)
>   ICMP Disc:            0 (  0.000%)
> All Discard:            0 (  0.000%)
>
>       Other:            0 (  0.000%)
> Bad Chk Sum:            0 (  0.000%)
>     Bad TTL:            0 (  0.000%)
>      S5 G 1:            0 (  0.000%)
>      S5 G 2:            0 (  0.000%)
>       Total:            6
>
> ===============================================================================
> Action Stats:
>      Alerts:            3 ( 50.000%)
>      Logged:            3 ( 50.000%)
>      Passed:            0 (  0.000%)
> Limits:
>
>       Match:            0
>       Queue:            0
>         Log:            0
>       Event:            0
>       Alert:            0
> Verdicts:
>       Allow:            6 (100.000%)
>       Block:            0 (  0.000%)
>
>     Replace:            0 (  0.000%)
>   Whitelist:            0 (  0.000%)
>   Blacklist:            0 (  0.000%)
>      Ignore:            0 (  0.000%)
> ===============================================================================
>
> Snort exiting
>
>
>
>
> On Fri, Nov 8, 2013 at 4:15 AM, Russ Combs <rcombs at ...402...> wrote:
>
>> The DPX source was out of date with Snort's source.  Try the attached.
>> You shouldn't need to edit build.sh.
>>
>>
>> On Thu, Nov 7, 2013 at 3:06 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>>
>>> Ok this problem is solved. I changed the path manually in build.sh , now
>>> it gives a huge number of errors in dpx.c file These are as follows:
>>>
>>>
>>> make[1]: Entering directory `/usr/src/dpx-1.5/test'
>>> rm -rf .libs _libs
>>> rm -f *.lo
>>> make[1]: Leaving directory `/usr/src/dpx-1.5/test'
>>> Making clean in src
>>> make[1]: Entering directory `/usr/src/dpx-1.5/src'
>>> test -z "libdpx.la" || rm -f libdpx.la
>>> rm -f "./so_locations"
>>> rm -rf .libs _libs
>>> rm -f sf_dynamic_preproc_lib.c sfPolicyUserData.c
>>> rm -f *.o
>>> rm -f *.lo
>>> make[1]: Leaving directory `/usr/src/dpx-1.5/src'
>>> Making clean in .
>>> make[1]: Entering directory `/usr/src/dpx-1.5'
>>> rm -rf .libs _libs
>>> rm -f *.lo
>>> make[1]: Leaving directory `/usr/src/dpx-1.5'
>>> make  all-recursive
>>> make[1]: Entering directory `/usr/src/dpx-1.5'
>>> Making all in src
>>> make[2]: Entering directory `/usr/src/dpx-1.5/src'
>>> cp /root/snort/src/dynamic-examples/include/sf_dynamic_preproc_lib.c
>>> sf_dynamic_preproc_lib.c
>>> cp /root/snort/src/dynamic-examples/include/sfPolicyUserData.c
>>> sfPolicyUserData.c
>>> make  all-am
>>> make[3]: Entering directory `/usr/src/dpx-1.5/src'
>>> /bin/sh ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>>> -I..   -I/root/snort/src/dynamic-examples/include  -g -O2 -DSF_VISIBILITY
>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE   -fvisibility=hidden
>>> -c -o dpx.lo dpx.c
>>> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I..
>>> -I/root/snort/src/dynamic-examples/include -g -O2 -DSF_VISIBILITY
>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE -fvisibility=hidden
>>> -c dpx.c  -fPIC -DPIC -o .libs/dpx.o
>>> dpx.c: In function 'DPX_New':
>>> dpx.c:151: error: too few arguments to function '_dpd.getParserPolicy'
>>> dpx.c: In function 'DPX_Delete':
>>> dpx.c:180: warning: passing argument 1 of 'sfPolicyUserDataIterate' from
>>> incompatible pointer type
>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>> expected 'struct _SnortConfig *' but argument is of type
>>> 'tSfPolicyUserContextId'
>>> dpx.c:180: warning: passing argument 2 of 'sfPolicyUserDataIterate' from
>>> incompatible pointer type
>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>> expected 'tSfPolicyUserContextId' but argument is of type 'int (*)(struct
>>> tSfPolicyUserContext *, tSfPolicyId,  void *)'
>>> dpx.c:180: error: too few arguments to function 'sfPolicyUserDataIterate'
>>> dpx.c: In function 'DPX_Setup':
>>> dpx.c:196: warning: passing argument 2 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorInitFunc' but argument is of type
>>> 'void (*)(char *)'
>>> dpx.c:196: warning: passing argument 3 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorReloadFunc' but argument is of
>>> type 'void (*)(char *)'
>>> dpx.c:196: warning: passing argument 4 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorReloadVerifyFunc' but argument is
>>> of type 'void * (*)(void)'
>>> dpx.c:196: warning: passing argument 5 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorReloadSwapFunc' but argument is
>>> of type 'void (*)(void *)'
>>> dpx.c:196: error: too few arguments to function '_dpd.registerPreproc'
>>> dpx.c: In function 'DPX_Init':
>>> dpx.c:208: warning: passing argument 1 of '_dpd.addPreproc' from
>>> incompatible pointer type
>>> dpx.c:208: note: expected 'struct _SnortConfig *' but argument is of
>>> type 'void (*)(void *, void *)'
>>> dpx.c:208: warning: passing argument 2 of '_dpd.addPreproc' makes
>>> pointer from integer without a cast
>>> dpx.c:208: note: expected 'void (*)(void *, void *)' but argument is of
>>> type 'int'
>>> dpx.c:208: error: too few arguments to function '_dpd.addPreproc'
>>> make[3]: *** [dpx.lo] Error 1
>>> make[3]: Leaving directory `/usr/src/dpx-1.5/src'
>>> make[2]: *** [all] Error 2
>>> make[2]: Leaving directory `/usr/src/dpx-1.5/src'
>>> make[1]: *** [all-recursive] Error 1
>>> make[1]: Leaving directory `/usr/src/dpx-1.5'
>>> make: *** [all] Error 2
>>> Making install in src
>>> make[1]: Entering directory `/usr/src/dpx-1.5/src'
>>> make  install-am
>>> make[2]: Entering directory `/usr/src/dpx-1.5/src'
>>> /bin/sh ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>>> -I..   -I/root/snort/src/dynamic-examples/include  -g -O2 -DSF_VISIBILITY
>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE   -fvisibility=hidden
>>> -c -o dpx.lo dpx.c
>>> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I..
>>> -I/root/snort/src/dynamic-examples/include -g -O2 -DSF_VISIBILITY
>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE -fvisibility=hidden
>>> -c dpx.c  -fPIC -DPIC -o .libs/dpx.o
>>> dpx.c: In function 'DPX_New':
>>> dpx.c:151: error: too few arguments to function '_dpd.getParserPolicy'
>>> dpx.c: In function 'DPX_Delete':
>>> dpx.c:180: warning: passing argument 1 of 'sfPolicyUserDataIterate' from
>>> incompatible pointer type
>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>> expected 'struct _SnortConfig *' but argument is of type
>>> 'tSfPolicyUserContextId'
>>> dpx.c:180: warning: passing argument 2 of 'sfPolicyUserDataIterate' from
>>> incompatible pointer type
>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>> expected 'tSfPolicyUserContextId' but argument is of type 'int (*)(struct
>>> tSfPolicyUserContext *, tSfPolicyId,  void *)'
>>> dpx.c:180: error: too few arguments to function 'sfPolicyUserDataIterate'
>>> dpx.c: In function 'DPX_Setup':
>>> dpx.c:196: warning: passing argument 2 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorInitFunc' but argument is of type
>>> 'void (*)(char *)'
>>> dpx.c:196: warning: passing argument 3 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorReloadFunc' but argument is of
>>> type 'void (*)(char *)'
>>> dpx.c:196: warning: passing argument 4 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorReloadVerifyFunc' but argument is
>>> of type 'void * (*)(void)'
>>> dpx.c:196: warning: passing argument 5 of '_dpd.registerPreproc' from
>>> incompatible pointer type
>>> dpx.c:196: note: expected 'PreprocessorReloadSwapFunc' but argument is
>>> of type 'void (*)(void *)'
>>> dpx.c:196: error: too few arguments to function '_dpd.registerPreproc'
>>> dpx.c: In function 'DPX_Init':
>>> dpx.c:208: warning: passing argument 1 of '_dpd.addPreproc' from
>>> incompatible pointer type
>>> dpx.c:208: note: expected 'struct _SnortConfig *' but argument is of
>>> type 'void (*)(void *, void *)'
>>> dpx.c:208: warning: passing argument 2 of '_dpd.addPreproc' makes
>>> pointer from integer without a cast
>>> dpx.c:208: note: expected 'void (*)(void *, void *)' but argument is of
>>> type 'int'
>>> dpx.c:208: error: too few arguments to function '_dpd.addPreproc'
>>> make[2]: *** [dpx.lo] Error 1
>>> make[2]: Leaving directory `/usr/src/dpx-1.5/src'
>>> make[1]: *** [install] Error 2
>>>
>>> I dont think so many errors should be encountered. Or if they do, what
>>> to do now :)
>>>
>>> Thanks alot for all the help.
>>>
>>> Regards
>>>
>>>
>>> On Thu, Nov 7, 2013 at 11:48 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>>>
>>>> yes i know,  i mentioned the path :) just wrote /path/to/snort for
>>>> explaining here
>>>>
>>>>
>>>> On Thu, Nov 7, 2013 at 10:46 AM, Russ Combs <rcombs at ...402...>wrote:
>>>>
>>>>> "path/to/snort/" should be replaced with your actual path to the Snort
>>>>> source tree.
>>>>>
>>>>>
>>>>>
>>>>> On Thu, Nov 7, 2013 at 1:43 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>>>>>
>>>>>> Thanks Russ, yes src/ is showing up . And i have followed the steps
>>>>>> mentioned by Alex. *Not complicated at all. But still unable to
>>>>>> succeed.*
>>>>>>
>>>>>> When i open setup.sh this line is written inside" SNORT :
>>>>>> path/to/snort/"
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 7, 2013 at 10:23 AM, Russ Combs <rcombs at ...402...>wrote:
>>>>>>
>>>>>>> You are building with dpx ... did you configure setup.sh correctly?
>>>>>>> If you ls $SNORT configure.in and src/ should show up among others.
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Nov 7, 2013 at 12:48 PM, Amtul Saboor <
>>>>>>> saboor.amtul at ...2499...> wrote:
>>>>>>>
>>>>>>>> Yes I have configured with --enable-build-dynamic-examples and also
>>>>>>>> , since I am using version 2.9.5.5, the file
>>>>>>>>
>>>>>>>>  #include "sf_types.h" is already there before #include "snort_debug.h" in dpx.c file.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> But the error persists.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Nov 7, 2013 at 9:41 AM, Russ Combs <rcombs at ...402...>wrote:
>>>>>>>>
>>>>>>>>> Did you configure with --enable-build-dynamic-examples ?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Nov 6, 2013 at 12:34 PM, Amtul Saboor <
>>>>>>>>> saboor.amtul at ...2499...> wrote:
>>>>>>>>>
>>>>>>>>>> Hello
>>>>>>>>>>
>>>>>>>>>> I am Information Security student and I am working on Snort. Want
>>>>>>>>>> to make my own dynamic preprocessor.
>>>>>>>>>>
>>>>>>>>>> I am facing the following error.
>>>>>>>>>>
>>>>>>>>>> make[2]: *** No rule to make target `/usr/local/snort/src/dynamic-examples/include/sf_dynamic_preproc_lib.c', needed by
>>>>>>>>>> `sf_dynamic_preproc_lib.c'.  Stop.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> That error has been addressed in this link :
>>>>>>>>>>
>>>>>>>>>> http://seclists.org/snort/2013/q1/161
>>>>>>>>>>
>>>>>>>>>> *But I unable to understand it.*
>>>>>>>>>>
>>>>>>>>>> Please explain what the person meant by the following sentence (i emailed him but he is not responding):
>>>>>>>>>>
>>>>>>>>>> "
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Well, changed the directory in build.sh to the one containing the required .c files----fixed the previous erro.
>>>>>>>>>> Then a libtool error occured, searched and found an answer by Russ---fixed..."
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> That will be a great help. If you knw what more I should be doing
>>>>>>>>>> for correct installation please guide me about it. I am quite worried about
>>>>>>>>>> it.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Sat, Nov 2, 2013 at 2:13 PM, Amtul Saboor <
>>>>>>>>>> saboor.amtul at ...2499...> wrote:
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Hello*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *I am a computer sciences student and new to Snort. I am trying
>>>>>>>>>>> to create a preprocessor for snort with following guidelines:
>>>>>>>>>>> http://sourceforge.net/apps/mediawiki/snort-ai/index.php?title=Snort_Preprocessors_Kickstart
>>>>>>>>>>> <http://sourceforge.net/apps/mediawiki/snort-ai/index.php?title=Snort_Preprocessors_Kickstart>
>>>>>>>>>>> *
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *But the code gives following errors:*
>>>>>>>>>>>
>>>>>>>>>>> *Unable to find "plugbase.h" No such file or directory*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Unable to find "decode.h" No such file or directory *
>>>>>>>>>>>
>>>>>>>>>>> *One more thing, in which IDE should I compile the code? in
>>>>>>>>>>> linux, is it okey to compile the code using GCC command? Is it compatible
>>>>>>>>>>> with Snort? Sorry for my questions but i need to ask them anyways. *
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *Has anyone tried this before? Let me know. Any help will be
>>>>>>>>>>> appreciated.Thanks n regards*
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Amtul Saboor*
>>>>>>>>>> *Business Development Executive *
>>>>>>>>>>
>>>>>>>>>> *Professionals Agency*
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>> November Webinars for C, C++, Fortran Developers
>>>>>>>>>> Accelerate application performance with scalable programming
>>>>>>>>>> models. Explore
>>>>>>>>>> techniques for threading, error checking, porting, and tuning.
>>>>>>>>>> Get the most
>>>>>>>>>> from the latest Intel processors and coprocessors. See abstracts
>>>>>>>>>> and register
>>>>>>>>>>
>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Snort-devel mailing list
>>>>>>>>>> Snort-devel at lists.sourceforge.net
>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>>>>>>> Archive:
>>>>>>>>>>
>>>>>>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>>>>>>>>>>
>>>>>>>>>> Please visit http://blog.snort.org for the latest news about
>>>>>>>>>> Snort!
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Amtul Saboor*
>>>>>>>> *Business Development Executive *
>>>>>>>>
>>>>>>>> *Professionals Agency*
>>>>>>>>
>>>>>>>>
>>>>>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Amtul Saboor*
>>>>>> *Business Development Executive *
>>>>>>
>>>>>> *Professionals Agency*
>>>>>>
>>>>>>
>>>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Amtul Saboor*
>>>> *Business Development Executive *
>>>>
>>>> *Professionals Agency*
>>>>
>>>>
>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>
>>>
>>>
>>>
>>> --
>>> *Amtul Saboor*
>>> *Business Development Executive *
>>>
>>> *Professionals Agency*
>>>
>>>
>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>
>>
>>
>
>
> --
> *Amtul Saboor*
> *Business Development Executive *
>
> *Professionals Agency*
>
>
> *www.p-itsol.com <http://www.p-itsol.com> *
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20131108/a72ba146/attachment.html>


More information about the Snort-devel mailing list