[Snort-devel] [Snort++] Trying to integrate a custom Inspector

Ronin CS ronincs17 at ...2499...
Wed May 3 15:42:25 EDT 2017


Thank you Marcin!

Using the codec example provided by Albert Lewis and these steps, I managed
to integrate my code into Snort!
One last question, does the --enable-debug-msgs option makes visible the
text inside a LogMessage() method?

Ronin.

On Wed, May 3, 2017 at 11:22 AM, Marcin Dulak <marcin.dulak at ...2499...>
wrote:

> Hi,
>
> you are missing a change to extra/configure.ac - this is how the process
> may look like:
>
> autoreconf -isvf
> ./configure --prefix=/tmp/snort --exec_prefix=/tmp/snort
> --disable-static-daq --enable-debug-msgs --enable-debug
> make install
> cd extra
> sed -i '/dpx/asrc/inspectors/test/Makefile \\' ./configure.ac
> cp -r src/inspectors/dpx/ src/inspectors/test
> mv src/inspectors/test/dpx.cc src/inspectors/test/test.cc
> sed -i 's/dpx/test/g' src/inspectors/test/Makefile.am
> sed -i 's/dpx/dpx \\/' src/inspectors/Makefile.am&& sed -i '/dpx/atest'
> src/inspectors/Makefile.am
> autoreconf -isvf
> PKG_CONFIG_PATH=../ ./configure --prefix=/tmp/snort
> make install
>
> Marcin
>
>
> On Mon, May 1, 2017 at 11:14 PM, Ronin CS <ronincs17 at ...2499...> wrote:
>
>> Hello guys,
>>
>> I'm trying to learn more about Snort++ and Inspectors as I develop my own
>> module to test on it, but I'm having a lot of issues while building the
>> extras again.
>>
>> So far, I've created a super simple Inspector, that all it does is print
>> basic packet information everytime it goes through the "eval" method.
>>
>> I'm taking the "DPX Inspector" as a basis for my Inspector, so I've
>> created a new folder inside /extra/inspectors, let's say, "test", and
>> inside of it I have the Inspector itself "test.cc" and two other files
>> copied from "dpx" directory, "CMakeLists.txt" and "Makefile.am".
>>
>> I've modified these last two files to match my new Inspector. Same for
>> the files at /extra/inspectors.
>>
>> But when I try to build it using "make", I receive:
>>
>> make[4]: Leaving directory '/home/ronin/snort_src/snort3-
>> master/extra/src/inspectors/dpx'
>> make[3]: Leaving directory '/home/ronin/snort_src/snort3-
>> master/extra/src/inspectors/dpx'
>> Making install in test
>> make[3]: Entering directory '/home/ronin/snort_src/snort3-
>> master/extra/src/inspectors/test'
>> make[3]: *** No rule to make target 'install'.  Stop.
>> make[3]: Leaving directory '/home/ronin/snort_src/snort3-
>> master/extra/src/inspectors/test'
>> Makefile:369: recipe for target 'install-recursive' failed
>> make[2]: *** [install-recursive] Error 1
>> make[2]: Leaving directory '/home/ronin/snort_src/snort3-
>> master/extra/src/inspectors'
>> Makefile:373: recipe for target 'install-recursive' failed
>> make[1]: *** [install-recursive] Error 1
>> make[1]: Leaving directory '/home/ronin/snort_src/snort3-
>> master/extra/src'
>> Makefile:407: recipe for target 'install-recursive' failed
>> make: *** [install-recursive] Error 1
>>
>> To be honest, I don't know the correct way to do it (integrate a new
>> Inspector). I've searched for references but I couldn't find anything.
>>
>> Ronin.
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>> Archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20170503/d273c046/attachment.html>


More information about the Snort-devel mailing list