[Snort-users] best practices when compiling with --enable-inline on Fedora

Florin Andrei florin at ...13138...
Sun Mar 27 13:01:02 EST 2005


I've been hit by this problem:

http://snort-inline.sourceforge.net/FAQ.html#compiling

The snort-inline FAQ is fairly clear describing the problem and a
possible solution. That's fine.

The thing is, i'm not a big fan of doing "cd /usr/include; mv linux
linux.orig" on a system that's otherwise 100% managed by RPM (although i
will do that if there's no other way), so here is what i tried:
The Fedora kernel does include some headers, they're
in /lib/modules/`uname -r`/build/include but when i tried to take a
quick and dirty shortcut and use them to compile Snort with inline
features, it failed in a different way:

####################################################
$ export CFLAGS="-I/lib/modules/`uname -r`/build/include"
$ ./configure --enable-perfmonitor --enable-linux-smp-stats --enable-
inline
[snip]
$ make
[snip]
Making all in output-plugins
make[3]: Entering directory `/home/florin/work/snort-2.3.2/src/output-
plugins'
gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -
I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -
I../../src/detection-plugins -I../../src/preprocessors -
I../../src/preprocessors/flow -I../../src/preprocessors/portscan  -
I../../src/preprocessors/flow/int-snort  -
I../../src/preprocessors/HttpInspect/include  -I/usr/include/pcre -
I/usr/include  -I/lib/modules/2.6.10-1.770_FC3/build/include -Wall -
DUSE_SF_STATS -DLINUX_SMP -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE -
D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f
'spo_alert_fast.c' || echo './'`spo_alert_fast.c
In file included
from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:27,
                 from ../../src/plugbase.h:42,
                 from spo_alert_fast.c:44:
/lib/modules/2.6.10-1.770_FC3/build/include/linux/config.h:6:2: #error
including kernel header in userspace; use the glibc headers instead!
In file included
from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28,
                 from ../../src/plugbase.h:42,
                 from spo_alert_fast.c:44:
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:12: error:
redefinition of `struct timespec'
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:18: error:
redefinition of `struct timeval'
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:23: error:
redefinition of `struct timezone'
In file included
from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14,

from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28,
                 from ../../src/plugbase.h:42,
                 from spo_alert_fast.c:44:
/lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:126:1: warning:
"FD_SET" redefined
[snip, there's a huge pile of errors afterwards]
####################################################

Next step would be to start messing around with the kernel-*.src.rpm
package, but i'd like to hear some other opinions first.

-- 
Florin Andrei

http://florin.myip.org/





More information about the Snort-users mailing list