[Snort-devel] Missing all dynamic files - snort won't start

elof at ...969... elof at ...969...
Mon Nov 10 09:31:37 EST 2014


Hi Ryan!

I've got no response to my bugreport below.
Today's run with poudriere still produce the erroneous package with 
/usr/local/lib/snort_dynamicengine/ and 
/usr/local/lib/snort_dynamicpreprocessor/

This will make snort terminate with a fatal error.

Can you please fix ASAP so that one can keep updating ones FreeBSD boxes?

/Elof


On Thu, 6 Nov 2014, elof at ...969... wrote:

>
> Hi Ryan!
>
> Any thoughts to my previous email?
>
> Here's a diff between the contents of the new and old FreeBSD
> ports package:
>
> diff -y --suppress-common-lines /tmp/snort-2.9.7.0.txz.list /tmp/snort-2.9.6.2.txz.list
> /usr/local/share/licenses/snort-2.9.7.0/catalog.mk            |
> /usr/local/share/licenses/snort-2.9.6.2/catalog.mk
> /usr/local/share/licenses/snort-2.9.7.0/LICENSE               |
> /usr/local/share/licenses/snort-2.9.6.2/LICENSE
> /usr/local/share/licenses/snort-2.9.7.0/GPLv2                 |
> /usr/local/share/licenses/snort-2.9.6.2/GPLv2
> /usr/local/include/snort/dynamic_preproc/appId.h              <
> /usr/local/include/snort/dynamic_preproc/file_mail_common.h   <
> /usr/local/include/snort/dynamic_preproc/mpse_methods.h       <
> /usr/local/include/snort/dynamic_preproc/packet_time.h        <
> /usr/local/include/snort/dynamic_preproc/session_api.h        <
> /usr/local/include/snort/dynamic_preproc/sfdebug.h            <
> /usr/local/include/snort/dynamic_preproc/sidechannel_define.h <
> /usr/local/include/snort/dynamic_preproc/sip_common.h         <
> /usr/local/include/snort/dynamic_preproc/ssl_config.h         <
> /usr/local/include/snort/dynamic_preproc/ssl_ha.h             <
> /usr/local/include/snort/dynamic_preproc/ssl_include.h        <
> /usr/local/include/snort/dynamic_preproc/ssl_inspect.h        <
> /usr/local/include/snort/dynamic_preproc/ssl_session.h        <
> /usr/local/lib/snort_dynamicengine/libsf_engine.a             |
> /usr/local/lib/snort/dynamicengine/libsf_engine.a
> /usr/local/lib/snort_dynamicengine/libsf_engine.so            |
> /usr/local/lib/snort/dynamicengine/libsf_engine.so
> /usr/local/lib/snort_dynamicengine/libsf_engine.so.0          |
> /usr/local/lib/snort/dynamicengine/libsf_engine.so.0
> /usr/local/lib/snort_dynamicengine/libsf_engine.so.0.0.0      |
> /usr/local/lib/snort/dynamicengine/libsf_engine.so.0.0.0
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.a |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dce2_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.a |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dnp3_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.a  |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_prep |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_prep
> /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.a  |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_gtp_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_gtp_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.a |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_imap_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
> /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
> /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
> /usr/local/lib/snort_dynamicpreprocessor/libsf_modbus_preproc |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_modbus_preproc
> /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.a  |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_pop_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
> /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
> /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
> /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_pre |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_reputation_pre
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.a  |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sdf_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.a  |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sip_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_sip_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.s |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.s
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a  |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.a  |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.a
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so |
> /usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
> /usr/local/share/doc/snort/OpenDetectorDeveloperGuide.pdf     <
> /usr/local/share/doc/snort/README.appid                       <
>                                                               >
> /usr/local/share/doc/snort/README.rzb_saac
> /usr/local/src/snort_dynamicsrc/appId.h                       <
> /usr/local/src/snort_dynamicsrc/file_mail_common.h            <
> /usr/local/src/snort_dynamicsrc/mpse_methods.h                <
> /usr/local/src/snort_dynamicsrc/session_api.h                 <
> /usr/local/src/snort_dynamicsrc/sfdebug.h                     <
> /usr/local/src/snort_dynamicsrc/sfparser.c                    <
> /usr/local/src/snort_dynamicsrc/sidechannel_define.h          <
> /usr/local/src/snort_dynamicsrc/sip_common.h                  <
> /usr/local/src/snort_dynamicsrc/ssl.c                         <
> /usr/local/src/snort_dynamicsrc/ssl.h                         <
> /usr/local/src/snort_dynamicsrc/ssl_config.c                  <
> /usr/local/src/snort_dynamicsrc/ssl_config.h                  <
> /usr/local/src/snort_dynamicsrc/ssl_ha.c                      <
> /usr/local/src/snort_dynamicsrc/ssl_ha.h                      <
> /usr/local/src/snort_dynamicsrc/ssl_include.h                 <
> /usr/local/src/snort_dynamicsrc/ssl_inspect.c                 <
> /usr/local/src/snort_dynamicsrc/ssl_inspect.h                 <
> /usr/local/src/snort_dynamicsrc/ssl_session.h                 <
>                                                               >
> /usr/local/lib/snort/dynamicpreprocessor/
>                                                               >
> /usr/local/lib/snort/dynamicengine/
>
>
>
> The packages were built using these options:
> cat poudriere.d/100amd64-options/security_snort/options
> # This file is auto-generated by 'make config'.
> # Options for snort-2.9.7.0
> _OPTIONS_READ=snort-2.9.7.0
> _FILE_COMPLETE_OPTIONS_LIST=DOCS GRE IPV6 LRGPCAP NONETHER NORMALIZER
> PERFPROFILE REACT SOURCEFIRE ZLIB BARNYARD PULLEDPORK DBGSNORT
> OPTIONS_FILE_SET+=DOCS
> OPTIONS_FILE_UNSET+=GRE
> OPTIONS_FILE_UNSET+=IPV6
> OPTIONS_FILE_UNSET+=LRGPCAP
> OPTIONS_FILE_UNSET+=NONETHER
> OPTIONS_FILE_SET+=NORMALIZER
> OPTIONS_FILE_SET+=PERFPROFILE
> OPTIONS_FILE_UNSET+=REACT
> OPTIONS_FILE_UNSET+=SOURCEFIRE
> OPTIONS_FILE_SET+=ZLIB
> OPTIONS_FILE_UNSET+=BARNYARD
> OPTIONS_FILE_UNSET+=PULLEDPORK
> OPTIONS_FILE_UNSET+=DBGSNORT
>
>
>
> BTW, I see that the options have changed in the 2.9.7.0 port. These two
> options have disappeared:
> OPTIONS_FILE_UNSET+=MPLS
> OPTIONS_FILE_UNSET+=TARGETBASED
>
> Is this as intended? I think they should not be removed. Can you please
> add them back?
>
> (
> In fact, there are more options that should be selectable. Not that I need
> any of them right now, but for correctness and for the future, they should
> be added and selectable IMHO.
> Here's a full list of options from snort 2.9.7.0 source:
> Optional Features:
>   --disable-option-checking  ignore unrecognized --enable/--with options
>   --disable-FEATURE       do not include FEATURE (same as
> --enable-FEATURE=no)
>   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
>   --enable-silent-rules   less verbose build output (undo: "make V=1")
>   --disable-silent-rules  verbose build output (undo: "make V=0")
>   --enable-maintainer-mode
>                           enable make rules and dependencies not useful
> (and
>                           sometimes confusing) to the casual installer
>   --enable-dependency-tracking
>                           do not reject slow dependency extractors
>   --disable-dependency-tracking
>                           speeds up one-time build
>   --enable-shared[=PKGS]  build shared libraries [default=yes]
>   --enable-static[=PKGS]  build static libraries [default=yes]
>   --enable-fast-install[=PKGS]
>                           optimize for fast installation [default=yes]
>   --disable-libtool-lock  avoid locking (might break parallel builds)
>   --enable-64bit-gcc       Try to compile 64bit (only tested on Sparc
> Solaris 9 and 10).
>   --enable-so-with-static-lib  Enable linking of dynamically loaded
> preprocessors with a static preprocessor library
>   --enable-control-socket  Enable the control socket
>   --enable-side-channel    Enable the side channel (Experimental)
>   --disable-static-daq     Link static DAQ modules.
>   --enable-build-dynamic-examples   Enable building of example dynamically
> loaded preprocessor and rule (off by default)
>   --disable-dlclose        Only use if you are developing dynamic
> preprocessors or shared object rules.  Disable (--disable-dlclose) for
> testing valgrind leaks in dynamic libraries so a usable backtrace is re$
>   --disable-lzma           Disable LZMA Decompression
>   --disable-gre            Disable GRE and IP in IP encapsulation support
>   --disable-mpls           Disable MPLS support
>   --disable-targetbased    Disable Target-Based Support in Stream, Frag,
> and Rules (adds pthread support implicitly)
>   --disable-ppm            Disable packet/rule performance monitor
>   --disable-perfprofiling  Disable preprocessor and rule performance
> profiling
>   --enable-linux-smp-stats Enable statistics reporting through proc
>   --enable-inline-init-failopen  Enable Fail Open during initialization
> for Inline Mode (adds pthread support implicitly)
>   --disable-pthread        Disable pthread support
>   --enable-debug-msgs      Enable debug printing options (bugreports and
> developers only)
>   --enable-debug           Enable debugging options (bugreports and
> developers only)
>   --enable-gdb             Enable gdb debugging information
>   --enable-profile         Enable profiling options (developers only)
>   --disable-ppm-test       Disable packet/rule performance monitor
>   --enable-sourcefire      Enable Sourcefire specific build options,
> encompasing --enable-perfprofiling and --enable-ppm
>   --disable-corefiles      Prevent Snort from generating core files
>   --disable-active-response Disable reject injection
>   --disable-normalizer     Disable packet/stream normalizations
>   --disable-reload         Disable reloading a configuration without
> restarting
>   --disable-reload-error-restart   Disable restarting on reload error
>   --enable-ha              Enable high-availability state sharing
> (Experimental)
>   --enable-non-ether-decoders  Enable non Ethernet decoders.
>   --disable-react          Disable interception and termination of
> offending HTTP accesses
>   --disable-flexresp3      Disable flexible responses (v3) on hostile
> connection attempts
>   --enable-intel-soft-cpm  Enable Intel Soft CPM support
>   --enable-shared-rep      Enable use of Shared Memory for Reputation
> (Linux only)
>   --enable-large-pcap      Enable support for pcaps larger than 2 GB
>   --enable-file-inspect   Build with extended file inspection features.
>                           (Experimental)
>   --enable-open-appid     Build with application id support.
> (Experimental)
> )
>
> /Elof
>
>
> ---------- Forwarded message ----------
> From: elof at ...969...
> To: snort-devel mailinglist <snort-devel at lists.sourceforge.net>
> Cc: zi at ...151...
> Date: Wed, 5 Nov 2014 18:15:45 +0100 (CET)
> Subject: [Snort-devel] Missing all dynamic files - snort won't start
>
>
> ERROR: /foo/etc/snort.conf(125) Could not stat dynamic
> module path "/usr/local/lib/snort/dynamicengine/libsf_engine.so": No such
> file or directory.
> Fatal Error, Quitting..
>
>
>
>
> I don't know if this is a FreeBSD ports issue or something new in snort
> 2.9.7.0 in general, but it seems all the dynamic libs have moved.
>
> So, my snort.conf expect to find its libs here:
> /usr/local/lib/snort/dynamic_output
> /usr/local/lib/snort/dynamic_preproc
> /usr/local/lib/snort/dynamicengine
> /usr/local/lib/snort/dynamicpreprocessor
>
> ...while the new snort package puts some here:
>
> /usr/local/lib/snort/dynamic_output/libsf_dynamic_output.a
> /usr/local/lib/snort/dynamic_preproc/libsf_dynamic_preproc.a
>
> ...and the rest of the files here:
>
> /usr/local/lib/snort_dynamicengine/*
> /usr/local/lib/snort_dynamicpreprocessor/*
>
>
> 1)
> Is this a typo, where snort_dynamicengine and snort_dynamicpreprocessor
> should have a slash instead of an underscore ?
> If not, why move *some* files to new dirs? Confusing.
>
>
>
>
>
> 2)
> The snort.conf included in the package contain the same configuration
> statements as I use in my current snort.conf:
>    dynamicpreprocessor directory /usr/local/lib/snort/dynamicpreprocessor/
>    dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so
>
> The dir /usr/local/lib/snort/dynamicpreprocessor/ is empty and
> /usr/local/lib/snort/dynamicengine/libsf_engine.so does not exist.
>
> So either fix the paths in 1) or update the example snort.conf included in
> the package with correct paths.
>
>
>
>
> 3)
> If this wasn't a typo and files have really moved, please make a note of
> it in the ports/UPDATING log, since this is a major change that will cause
> snort to quit with a fatal error.
> (last log entry is 20120723 when the database output module got deprecated)
>
> /Elof
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>




More information about the Snort-devel mailing list