[Snort-devel] Writing Preprocessor For Snort

Amtul Saboor saboor.amtul at ...2499...
Fri Nov 8 15:01:24 EST 2013


Yes Russ .
On Nov 9, 2013 12:51 AM, "Russ Combs" <rcombs at ...402...> wrote:

> Are you running build.sh and test.sh from the directory in which they are
> located, like ./build.sh ?
>
>
>
> On Fri, Nov 8, 2013 at 1:08 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>
>> Thanks alot everbody. Specially Russ and Alex!! the dpx 1.6 version
>> worked for me. However, i fixed the two following issues myself, explaining
>> for others' future guidance:
>>
>> Somehow, the files build.sh and test.sh are not understanding the correct
>> snort path, and that error  (no rule to make file) was arriving due to path
>> problem . I manually enter the path in both cases (replaced $Snort with
>> /root/snort/ ) and the problem was half solved.
>>
>> I faced another error in build.sh , i had to comment the second if
>> condition in build.sh to make the program run error free. otherwise i was
>> facing this error "
>>
>> ERROR: you must echo SNORT=/path/to/snort/dir > setup.sh first"
>>
>>
>> Altough I was doing that already.
>>
>> And to be sure if my output is correct , i am copying it , please let me know if this the thing i should be having:
>>
>>
>> /test.sh
>> ./setup.sh: line 1: /root/snort: is a directory
>> Running in IDS mode
>>
>>         --== Initializing Snort ==--
>> Initializing Output Plugins!
>> Initializing Preprocessors!
>> Initializing Plug-ins!
>>
>>
>> Parsing Rules file "test/snort.conf"
>> Tagged Packet Limit: 256
>> Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor...
>>   Loading dynamic preprocessor library lib/snort_dynamicpreprocessor/libdpx.so... done
>>
>>
>>   Finished Loading all dynamic preprocessor libs from lib/snort_dynamicpreprocessor
>> Log directory = /var/log/snort
>>
>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>> Initializing rule chains...
>> 4 Snort rules read
>>
>>
>>     4 detection rules
>>     0 decoder rules
>>     0 preprocessor rules
>> 2 Option Chains linked into 2 Chain Headers
>> 0 Dynamic rules
>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> +-------------------[Rule Port Counts]---------------------------------------
>>
>>
>> |             tcp     udp    icmp      ip
>> |     src       0       0       0       0
>> |     dst       0       0       0       0
>> |     any       4       0       0       0
>> |      nc       4       0       0       0
>>
>>
>> |     s+d       0       0       0       0
>> +----------------------------------------------------------------------------
>>
>> +-----------------------[detection-filter-config]------------------------------
>> | memory-cap : 1048576 bytes
>>
>>
>> +-----------------------[detection-filter-rules]-------------------------------
>> | none
>> -------------------------------------------------------------------------------
>>
>> +-----------------------[rate-filter-config]-----------------------------------
>>
>>
>> | memory-cap : 1048576 bytes
>> +-----------------------[rate-filter-rules]------------------------------------
>> | none
>> -------------------------------------------------------------------------------
>>
>> +-----------------------[event-filter-config]----------------------------------
>>
>>
>> | memory-cap : 1048576 bytes
>> +-----------------------[event-filter-global]----------------------------------
>> +-----------------------[event-filter-local]-----------------------------------
>> | none
>> +-----------------------[suppression]------------------------------------------
>>
>>
>> | none
>> -------------------------------------------------------------------------------
>> Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
>> Verifying Preprocessor Configurations!
>>
>>
>> [ Port Based Pattern Matching Memory ]
>> pcap DAQ configured to read-file.
>> The DAQ version does not support reload.
>> Acquiring network traffic from "test/test.pcap".
>> Reload thread starting...
>> Reload thread started, thread 0xb69a3b70 (9802)
>>
>>
>>         --== Initialization Complete ==--
>>
>>    ,,_     -*> Snort! <*-
>>   o"  )~   Version 2.9.5.5 GRE (Build 205)
>>    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>>
>>
>>            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>>            Using libpcap version 1.0.0
>>            Using PCRE version: 7.8 2008-09-05
>>            Using ZLIB version: 1.2.3.3
>>
>>            Preprocessor Object: dpx  Version 1.6  <Build 1>
>>
>>
>> Commencing packet processing (pid=9801)
>> 3	256	2	0	
>> 4	256	2	0	
>> 5	256	1	0	
>> ===============================================================================
>> Run time for packet processing was 0.1496 seconds
>>
>>
>> Snort processed 6 packets.
>> Snort ran for 0 days 0 hours 0 minutes 0 seconds
>>    Pkts/sec:            6
>> ===============================================================================
>> Packet I/O Totals:
>>    Received:            6
>>
>>
>>    Analyzed:            6 (100.000%)
>>     Dropped:            0 (  0.000%)
>>    Filtered:            0 (  0.000%)
>> Outstanding:            0 (  0.000%)
>>    Injected:            0
>> ===============================================================================
>>
>>
>> Breakdown by protocol (includes rebuilt packets):
>>         Eth:            6 (100.000%)
>>        VLAN:            0 (  0.000%)
>>         IP4:            6 (100.000%)
>>        Frag:            0 (  0.000%)
>>        ICMP:            0 (  0.000%)
>>
>>
>>         UDP:            0 (  0.000%)
>>         TCP:            6 (100.000%)
>>         IP6:            0 (  0.000%)
>>     IP6 Ext:            0 (  0.000%)
>>    IP6 Opts:            0 (  0.000%)
>>       Frag6:            0 (  0.000%)
>>
>>
>>       ICMP6:            0 (  0.000%)
>>        UDP6:            0 (  0.000%)
>>        TCP6:            0 (  0.000%)
>>      Teredo:            0 (  0.000%)
>>     ICMP-IP:            0 (  0.000%)
>>     IP4/IP4:            0 (  0.000%)
>>
>>
>>     IP4/IP6:            0 (  0.000%)
>>     IP6/IP4:            0 (  0.000%)
>>     IP6/IP6:            0 (  0.000%)
>>         GRE:            0 (  0.000%)
>>     GRE Eth:            0 (  0.000%)
>>    GRE VLAN:            0 (  0.000%)
>>
>>
>>     GRE IP4:            0 (  0.000%)
>>     GRE IP6:            0 (  0.000%)
>> GRE IP6 Ext:            0 (  0.000%)
>>    GRE PPTP:            0 (  0.000%)
>>     GRE ARP:            0 (  0.000%)
>>     GRE IPX:            0 (  0.000%)
>>
>>
>>    GRE Loop:            0 (  0.000%)
>>        MPLS:            0 (  0.000%)
>>         ARP:            0 (  0.000%)
>>         IPX:            0 (  0.000%)
>>    Eth Loop:            0 (  0.000%)
>>    Eth Disc:            0 (  0.000%)
>>
>>
>>    IP4 Disc:            0 (  0.000%)
>>    IP6 Disc:            0 (  0.000%)
>>    TCP Disc:            0 (  0.000%)
>>    UDP Disc:            0 (  0.000%)
>>   ICMP Disc:            0 (  0.000%)
>> All Discard:            0 (  0.000%)
>>
>>
>>       Other:            0 (  0.000%)
>> Bad Chk Sum:            0 (  0.000%)
>>     Bad TTL:            0 (  0.000%)
>>      S5 G 1:            0 (  0.000%)
>>      S5 G 2:            0 (  0.000%)
>>       Total:            6
>>
>>
>> ===============================================================================
>> Action Stats:
>>      Alerts:            3 ( 50.000%)
>>      Logged:            3 ( 50.000%)
>>      Passed:            0 (  0.000%)
>>
>> Limits:
>>
>>       Match:            0
>>       Queue:            0
>>         Log:            0
>>       Event:            0
>>       Alert:            0
>> Verdicts:
>>       Allow:            6 (100.000%)
>>       Block:            0 (  0.000%)
>>
>>
>>     Replace:            0 (  0.000%)
>>   Whitelist:            0 (  0.000%)
>>   Blacklist:            0 (  0.000%)
>>      Ignore:            0 (  0.000%)
>> ===============================================================================
>>
>>
>> Snort exiting
>>
>>
>>
>>
>> On Fri, Nov 8, 2013 at 4:15 AM, Russ Combs <rcombs at ...402...> wrote:
>>
>>> The DPX source was out of date with Snort's source.  Try the attached.
>>> You shouldn't need to edit build.sh.
>>>
>>>
>>> On Thu, Nov 7, 2013 at 3:06 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>>>
>>>> Ok this problem is solved. I changed the path manually in build.sh ,
>>>> now it gives a huge number of errors in dpx.c file These are as follows:
>>>>
>>>>
>>>> make[1]: Entering directory `/usr/src/dpx-1.5/test'
>>>> rm -rf .libs _libs
>>>> rm -f *.lo
>>>> make[1]: Leaving directory `/usr/src/dpx-1.5/test'
>>>> Making clean in src
>>>> make[1]: Entering directory `/usr/src/dpx-1.5/src'
>>>> test -z "libdpx.la" || rm -f libdpx.la
>>>> rm -f "./so_locations"
>>>> rm -rf .libs _libs
>>>> rm -f sf_dynamic_preproc_lib.c sfPolicyUserData.c
>>>> rm -f *.o
>>>> rm -f *.lo
>>>> make[1]: Leaving directory `/usr/src/dpx-1.5/src'
>>>> Making clean in .
>>>> make[1]: Entering directory `/usr/src/dpx-1.5'
>>>> rm -rf .libs _libs
>>>> rm -f *.lo
>>>> make[1]: Leaving directory `/usr/src/dpx-1.5'
>>>> make  all-recursive
>>>> make[1]: Entering directory `/usr/src/dpx-1.5'
>>>> Making all in src
>>>> make[2]: Entering directory `/usr/src/dpx-1.5/src'
>>>> cp /root/snort/src/dynamic-examples/include/sf_dynamic_preproc_lib.c
>>>> sf_dynamic_preproc_lib.c
>>>> cp /root/snort/src/dynamic-examples/include/sfPolicyUserData.c
>>>> sfPolicyUserData.c
>>>> make  all-am
>>>> make[3]: Entering directory `/usr/src/dpx-1.5/src'
>>>> /bin/sh ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>>>> -I..   -I/root/snort/src/dynamic-examples/include  -g -O2 -DSF_VISIBILITY
>>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE   -fvisibility=hidden
>>>> -c -o dpx.lo dpx.c
>>>> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I..
>>>> -I/root/snort/src/dynamic-examples/include -g -O2 -DSF_VISIBILITY
>>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE -fvisibility=hidden
>>>> -c dpx.c  -fPIC -DPIC -o .libs/dpx.o
>>>> dpx.c: In function 'DPX_New':
>>>> dpx.c:151: error: too few arguments to function '_dpd.getParserPolicy'
>>>> dpx.c: In function 'DPX_Delete':
>>>> dpx.c:180: warning: passing argument 1 of 'sfPolicyUserDataIterate'
>>>> from incompatible pointer type
>>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>>> expected 'struct _SnortConfig *' but argument is of type
>>>> 'tSfPolicyUserContextId'
>>>> dpx.c:180: warning: passing argument 2 of 'sfPolicyUserDataIterate'
>>>> from incompatible pointer type
>>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>>> expected 'tSfPolicyUserContextId' but argument is of type 'int (*)(struct
>>>> tSfPolicyUserContext *, tSfPolicyId,  void *)'
>>>> dpx.c:180: error: too few arguments to function
>>>> 'sfPolicyUserDataIterate'
>>>> dpx.c: In function 'DPX_Setup':
>>>> dpx.c:196: warning: passing argument 2 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorInitFunc' but argument is of
>>>> type 'void (*)(char *)'
>>>> dpx.c:196: warning: passing argument 3 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorReloadFunc' but argument is of
>>>> type 'void (*)(char *)'
>>>> dpx.c:196: warning: passing argument 4 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorReloadVerifyFunc' but argument
>>>> is of type 'void * (*)(void)'
>>>> dpx.c:196: warning: passing argument 5 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorReloadSwapFunc' but argument is
>>>> of type 'void (*)(void *)'
>>>> dpx.c:196: error: too few arguments to function '_dpd.registerPreproc'
>>>> dpx.c: In function 'DPX_Init':
>>>> dpx.c:208: warning: passing argument 1 of '_dpd.addPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:208: note: expected 'struct _SnortConfig *' but argument is of
>>>> type 'void (*)(void *, void *)'
>>>> dpx.c:208: warning: passing argument 2 of '_dpd.addPreproc' makes
>>>> pointer from integer without a cast
>>>> dpx.c:208: note: expected 'void (*)(void *, void *)' but argument is of
>>>> type 'int'
>>>> dpx.c:208: error: too few arguments to function '_dpd.addPreproc'
>>>> make[3]: *** [dpx.lo] Error 1
>>>> make[3]: Leaving directory `/usr/src/dpx-1.5/src'
>>>> make[2]: *** [all] Error 2
>>>> make[2]: Leaving directory `/usr/src/dpx-1.5/src'
>>>> make[1]: *** [all-recursive] Error 1
>>>> make[1]: Leaving directory `/usr/src/dpx-1.5'
>>>> make: *** [all] Error 2
>>>> Making install in src
>>>> make[1]: Entering directory `/usr/src/dpx-1.5/src'
>>>> make  install-am
>>>> make[2]: Entering directory `/usr/src/dpx-1.5/src'
>>>> /bin/sh ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
>>>> -I..   -I/root/snort/src/dynamic-examples/include  -g -O2 -DSF_VISIBILITY
>>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE   -fvisibility=hidden
>>>> -c -o dpx.lo dpx.c
>>>> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I..
>>>> -I/root/snort/src/dynamic-examples/include -g -O2 -DSF_VISIBILITY
>>>> -fvisibility=hidden -fno-strict-aliasing -Wall -DZLIB -DGRE -DMPLS
>>>> -DPPM_MGR -DNDEBUG -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3
>>>> -DSF_WCHAR -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD
>>>> -DNO_NON_ETHER_DECODER -DNORMALIZER -DACTIVE_RESPONSE -fvisibility=hidden
>>>> -c dpx.c  -fPIC -DPIC -o .libs/dpx.o
>>>> dpx.c: In function 'DPX_New':
>>>> dpx.c:151: error: too few arguments to function '_dpd.getParserPolicy'
>>>> dpx.c: In function 'DPX_Delete':
>>>> dpx.c:180: warning: passing argument 1 of 'sfPolicyUserDataIterate'
>>>> from incompatible pointer type
>>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>>> expected 'struct _SnortConfig *' but argument is of type
>>>> 'tSfPolicyUserContextId'
>>>> dpx.c:180: warning: passing argument 2 of 'sfPolicyUserDataIterate'
>>>> from incompatible pointer type
>>>> /root/snort/src/dynamic-examples/include/sfPolicyUserData.h:137: note:
>>>> expected 'tSfPolicyUserContextId' but argument is of type 'int (*)(struct
>>>> tSfPolicyUserContext *, tSfPolicyId,  void *)'
>>>> dpx.c:180: error: too few arguments to function
>>>> 'sfPolicyUserDataIterate'
>>>> dpx.c: In function 'DPX_Setup':
>>>> dpx.c:196: warning: passing argument 2 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorInitFunc' but argument is of
>>>> type 'void (*)(char *)'
>>>> dpx.c:196: warning: passing argument 3 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorReloadFunc' but argument is of
>>>> type 'void (*)(char *)'
>>>> dpx.c:196: warning: passing argument 4 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorReloadVerifyFunc' but argument
>>>> is of type 'void * (*)(void)'
>>>> dpx.c:196: warning: passing argument 5 of '_dpd.registerPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:196: note: expected 'PreprocessorReloadSwapFunc' but argument is
>>>> of type 'void (*)(void *)'
>>>> dpx.c:196: error: too few arguments to function '_dpd.registerPreproc'
>>>> dpx.c: In function 'DPX_Init':
>>>> dpx.c:208: warning: passing argument 1 of '_dpd.addPreproc' from
>>>> incompatible pointer type
>>>> dpx.c:208: note: expected 'struct _SnortConfig *' but argument is of
>>>> type 'void (*)(void *, void *)'
>>>> dpx.c:208: warning: passing argument 2 of '_dpd.addPreproc' makes
>>>> pointer from integer without a cast
>>>> dpx.c:208: note: expected 'void (*)(void *, void *)' but argument is of
>>>> type 'int'
>>>> dpx.c:208: error: too few arguments to function '_dpd.addPreproc'
>>>> make[2]: *** [dpx.lo] Error 1
>>>> make[2]: Leaving directory `/usr/src/dpx-1.5/src'
>>>> make[1]: *** [install] Error 2
>>>>
>>>> I dont think so many errors should be encountered. Or if they do, what
>>>> to do now :)
>>>>
>>>> Thanks alot for all the help.
>>>>
>>>> Regards
>>>>
>>>>
>>>> On Thu, Nov 7, 2013 at 11:48 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>>>>
>>>>> yes i know,  i mentioned the path :) just wrote /path/to/snort for
>>>>> explaining here
>>>>>
>>>>>
>>>>> On Thu, Nov 7, 2013 at 10:46 AM, Russ Combs <rcombs at ...402...>wrote:
>>>>>
>>>>>> "path/to/snort/" should be replaced with your actual path to the
>>>>>> Snort source tree.
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Nov 7, 2013 at 1:43 PM, Amtul Saboor <saboor.amtul at ...2499...>wrote:
>>>>>>
>>>>>>> Thanks Russ, yes src/ is showing up . And i have followed the steps
>>>>>>> mentioned by Alex. *Not complicated at all. But still unable to
>>>>>>> succeed.*
>>>>>>>
>>>>>>> When i open setup.sh this line is written inside" SNORT :
>>>>>>> path/to/snort/"
>>>>>>>
>>>>>>> Regards
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Nov 7, 2013 at 10:23 AM, Russ Combs <rcombs at ...402...>wrote:
>>>>>>>
>>>>>>>> You are building with dpx ... did you configure setup.sh
>>>>>>>> correctly?  If you ls $SNORT configure.in and src/ should show up
>>>>>>>> among others.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Nov 7, 2013 at 12:48 PM, Amtul Saboor <
>>>>>>>> saboor.amtul at ...2499...> wrote:
>>>>>>>>
>>>>>>>>> Yes I have configured with --enable-build-dynamic-examples and
>>>>>>>>> also , since I am using version 2.9.5.5, the file
>>>>>>>>>
>>>>>>>>>  #include "sf_types.h" is already there before #include "snort_debug.h" in dpx.c file.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> But the error persists.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Nov 7, 2013 at 9:41 AM, Russ Combs <rcombs at ...402...>wrote:
>>>>>>>>>
>>>>>>>>>> Did you configure with --enable-build-dynamic-examples ?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Nov 6, 2013 at 12:34 PM, Amtul Saboor <
>>>>>>>>>> saboor.amtul at ...2499...> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello
>>>>>>>>>>>
>>>>>>>>>>> I am Information Security student and I am working on Snort.
>>>>>>>>>>> Want to make my own dynamic preprocessor.
>>>>>>>>>>>
>>>>>>>>>>> I am facing the following error.
>>>>>>>>>>>
>>>>>>>>>>> make[2]: *** No rule to make target `/usr/local/snort/src/dynamic-examples/include/sf_dynamic_preproc_lib.c', needed by
>>>>>>>>>>> `sf_dynamic_preproc_lib.c'.  Stop.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> That error has been addressed in this link :
>>>>>>>>>>>
>>>>>>>>>>> http://seclists.org/snort/2013/q1/161
>>>>>>>>>>>
>>>>>>>>>>> *But I unable to understand it.*
>>>>>>>>>>>
>>>>>>>>>>> Please explain what the person meant by the following sentence (i emailed him but he is not responding):
>>>>>>>>>>>
>>>>>>>>>>> "
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Well, changed the directory in build.sh to the one containing the required .c files----fixed the previous erro.
>>>>>>>>>>> Then a libtool error occured, searched and found an answer by Russ---fixed..."
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> That will be a great help. If you knw what more I should be
>>>>>>>>>>> doing for correct installation please guide me about it. I am quite worried
>>>>>>>>>>> about it.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Regards
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Sat, Nov 2, 2013 at 2:13 PM, Amtul Saboor <
>>>>>>>>>>> saboor.amtul at ...2499...> wrote:
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *Hello*
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *I am a computer sciences student and new to Snort. I am trying
>>>>>>>>>>>> to create a preprocessor for snort with following guidelines:
>>>>>>>>>>>> http://sourceforge.net/apps/mediawiki/snort-ai/index.php?title=Snort_Preprocessors_Kickstart
>>>>>>>>>>>> <http://sourceforge.net/apps/mediawiki/snort-ai/index.php?title=Snort_Preprocessors_Kickstart>
>>>>>>>>>>>> *
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *But the code gives following errors:*
>>>>>>>>>>>>
>>>>>>>>>>>> *Unable to find "plugbase.h" No such file or directory*
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *Unable to find "decode.h" No such file or directory *
>>>>>>>>>>>>
>>>>>>>>>>>> *One more thing, in which IDE should I compile the code? in
>>>>>>>>>>>> linux, is it okey to compile the code using GCC command? Is it compatible
>>>>>>>>>>>> with Snort? Sorry for my questions but i need to ask them anyways. *
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> *Has anyone tried this before? Let me know. Any help will be
>>>>>>>>>>>> appreciated.Thanks n regards*
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Amtul Saboor*
>>>>>>>>>>> *Business Development Executive *
>>>>>>>>>>>
>>>>>>>>>>> *Professionals Agency*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>>>>> November Webinars for C, C++, Fortran Developers
>>>>>>>>>>> Accelerate application performance with scalable programming
>>>>>>>>>>> models. Explore
>>>>>>>>>>> techniques for threading, error checking, porting, and tuning.
>>>>>>>>>>> Get the most
>>>>>>>>>>> from the latest Intel processors and coprocessors. See abstracts
>>>>>>>>>>> and register
>>>>>>>>>>>
>>>>>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Snort-devel mailing list
>>>>>>>>>>> Snort-devel at lists.sourceforge.net
>>>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>>>>>>>>>> Archive:
>>>>>>>>>>>
>>>>>>>>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>>>>>>>>>>>
>>>>>>>>>>> Please visit http://blog.snort.org for the latest news about
>>>>>>>>>>> Snort!
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Amtul Saboor*
>>>>>>>>> *Business Development Executive *
>>>>>>>>>
>>>>>>>>> *Professionals Agency*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Amtul Saboor*
>>>>>>> *Business Development Executive *
>>>>>>>
>>>>>>> *Professionals Agency*
>>>>>>>
>>>>>>>
>>>>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Amtul Saboor*
>>>>> *Business Development Executive *
>>>>>
>>>>> *Professionals Agency*
>>>>>
>>>>>
>>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Amtul Saboor*
>>>> *Business Development Executive *
>>>>
>>>> *Professionals Agency*
>>>>
>>>>
>>>> *www.p-itsol.com <http://www.p-itsol.com> *
>>>>
>>>
>>>
>>
>>
>> --
>> *Amtul Saboor*
>> *Business Development Executive *
>>
>> *Professionals Agency*
>>
>>
>> *www.p-itsol.com <http://www.p-itsol.com> *
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20131108/a8fa8162/attachment.html>


More information about the Snort-devel mailing list