[Snort-users] Re: [Snort-inline-users] best practices when compiling with --enable-inline on Fedora

Will Metcalf william.metcalf at ...11827...
Sun Mar 27 16:06:11 EST 2005


The only fix I know is the one in the FAQ.  As far as the libnet
question you posted, If you would like to rewrite the flexresp and
inline reject stuff for libnet 1.1.x go for it.

Regards,

Will


On Sun, 27 Mar 2005 13:00:24 -0800, Florin Andrei
<florin at ...13138...> wrote:
> I've been hit by this problem:
> 
> http://snort-inline.sourceforge.net/FAQ.html#compiling
> 
> The snort-inline FAQ is fairly clear describing the problem and a
> possible solution. That's fine.
> 
> The thing is, i'm not a big fan of doing "cd /usr/include; mv linux
> linux.orig" on a system that's otherwise 100% managed by RPM (although i
> will do that if there's no other way), so here is what i tried:
> The Fedora kernel does include some headers, they're
> in /lib/modules/`uname -r`/build/include but when i tried to take a
> quick and dirty shortcut and use them to compile Snort with inline
> features, it failed in a different way:
> 
> ####################################################
> $ export CFLAGS="-I/lib/modules/`uname -r`/build/include"
> $ ./configure --enable-perfmonitor --enable-linux-smp-stats --enable-
> inline
> [snip]
> $ make
> [snip]
> Making all in output-plugins
> make[3]: Entering directory `/home/florin/work/snort-2.3.2/src/output-
> plugins'
> gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -
> I../../src/sfutil -I/usr/include/pcap -I../../src/output-plugins -
> I../../src/detection-plugins -I../../src/preprocessors -
> I../../src/preprocessors/flow -I../../src/preprocessors/portscan  -
> I../../src/preprocessors/flow/int-snort  -
> I../../src/preprocessors/HttpInspect/include  -I/usr/include/pcre -
> I/usr/include  -I/lib/modules/2.6.10-1.770_FC3/build/include -Wall -
> DUSE_SF_STATS -DLINUX_SMP -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE -
> D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f
> 'spo_alert_fast.c' || echo './'`spo_alert_fast.c
> In file included
> from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:27,
>                  from ../../src/plugbase.h:42,
>                  from spo_alert_fast.c:44:
> /lib/modules/2.6.10-1.770_FC3/build/include/linux/config.h:6:2: #error
> including kernel header in userspace; use the glibc headers instead!
> In file included
> from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6,
> 
> from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14,
> 
> from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28,
>                  from ../../src/plugbase.h:42,
>                  from spo_alert_fast.c:44:
> /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:12: error:
> redefinition of `struct timespec'
> /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:18: error:
> redefinition of `struct timeval'
> /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:23: error:
> redefinition of `struct timezone'
> In file included
> from /lib/modules/2.6.10-1.770_FC3/build/include/linux/jiffies.h:6,
> 
> from /lib/modules/2.6.10-1.770_FC3/build/include/net/dst.h:14,
> 
> from /lib/modules/2.6.10-1.770_FC3/build/include/net/route.h:28,
>                  from ../../src/plugbase.h:42,
>                  from spo_alert_fast.c:44:
> /lib/modules/2.6.10-1.770_FC3/build/include/linux/time.h:126:1: warning:
> "FD_SET" redefined
> [snip, there's a huge pile of errors afterwards]
> ####################################################
> 
> Next step would be to start messing around with the kernel-*.src.rpm
> package, but i'd like to hear some other opinions first.
> 
> --
> Florin Andrei
> 
> http://florin.myip.org/
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-inline-users mailing list
> Snort-inline-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>




More information about the Snort-users mailing list