[Snort-users] Snort 2.9.0.1 & OpenBSD 4.8 build problems

Russ Combs rcombs at ...1935...
Fri Nov 5 12:21:01 EDT 2010


On Fri, Nov 5, 2010 at 12:18 PM, Russ Combs <rcombs at ...1935...> wrote:

> Did you configure Snort with --enable-dynamicplugin?
>

Actually, that should have said try configuring with --enable-dynamicplugin.

Also, can you send your DAQ config.log and output of make when you don't
disable ipfw?

>
> On Fri, Nov 5, 2010 at 12:04 PM, Ross Lawrie <ross at ...15039...> wrote:
>
>> On Fri, 2010-11-05 at 10:52 +0100, rmkml wrote:
>> > Hi Ross,
>> > Could you disable ipfw in daq please?
>> > If not work, please resend (snort) config.log.
>> > Regards
>> > Rmkml
>> >
>> >
>> >
>> > On Thu, 4 Nov 2010, Ross Lawrie wrote:
>> >
>> > >
>> > > On 2010-11-04, at 4:20 PM, Russ Combs wrote:
>> > >
>> > >
>> > >
>> > >       On Thu, Nov 4, 2010 at 7:01 PM, Ross Lawrie <ross at ...15039...>
>> wrote:
>> > >             On Thu, 2010-11-04 at 18:18 -0400, Russ Combs wrote:
>> > >             >
>> > >             >
>> > > > On Thu, Nov 4, 2010 at 6:12 PM, JJC <cummingsj at ...11827...> wrote:
>> > > >         quickest way for you is to add this to the snort ./configure
>> > > >         options
>> > > >
>> > > >         --disable-static-daq
>> > > >
>> > > >         then when you start snort, add this:
>> > > >
>> > > >         --daq-dir=/usr/local/lib/daq/
>> > > >
>> > > >         and voila
>> > > >
>> > > > The above is an excellent workaround.  If you want to debug farther:
>> > > >
>> > > > nm /usr/local/lib/libdaq_static.a | grep daq_load_modules
>> > > >
>> > > > and send the output.  I'm guessing that you will see something like:
>> > > >
>> > > > 00000000000005ab T daq_load_modules
>> > > >
>> > > > Which means the symbol is there but isn't being found by configure's
>> > > > test program.
>> > > >
>> > > > Let me know.
>> > > >
>> > > >
>> > > >
>> > > >         JJC
>> > > >
>> > > >
>> > > >         On Thu, Nov 4, 2010 at 3:38 PM, Ross Lawrie
>> > > >         <ross at ...15039...> wrote:
>> > > >         > Hi,
>> > > >         >
>> > > >         > I was hoping someone might be able to offer some advice.
>> > > >          I'm
>> > > >         > encountered problems installing Snort 2.9.0.1 on OpenBSD
>> > > >         4.8.  I have
>> > > >         > installed an updated libpcap (1.1.1), libdnet (1.12) and
>> DAQ
>> > > >         (0.3)
>> > > >         > without any obvious problems.  DAQ seems to install its
>> > > >         libraries
>> > > >         > correctly:
>> > > >         >
>> > > >         > ls -al /usr/local/lib/libdaq*
>> > > >         > -rw-r--r--  1 root  wheel  40382 Nov  4 14:26 libdaq.a
>> > > >         > -rwxr-xr-x  1 root  wheel    926 Nov  4 14:26 libdaq.la
>> > > >         > -rwxr-xr-x  1 root  wheel  37400 Nov  4 14:26
>> libdaq.so.0.1
>> > > >         > -rw-r--r--  1 root  wheel  41460 Nov  4 14:26
>> > > >         libdaq_static.a
>> > > >         > -rwxr-xr-x  1 root  wheel    907 Nov  4 14:26
>> > > >         libdaq_static.la
>> > > >         > -rw-r--r--  1 root  wheel  61164 Nov  4 14:27
>> > > >         libdaq_static_modules.a
>> > > >         > -rwxr-xr-x  1 root  wheel    931 Nov  4 14:27
>> > > >         libdaq_static_modules.la
>> > > >         >
>> > > >         > I'm able to run daq-modules-config and confirm that it is
>> in
>> > > >         my path:
>> > > >         >
>> > > >         > daq-modules-config --static --libs
>> > > >         > -L/usr/local/lib -ldaq_static_modules
>> > > >         >
>> > > >         > ldconfig sees the libdaq library:
>> > > >         >
>> > > >         > ldconfig -Rv /usr/local/lib 2>&1 | grep daq
>> > > >         > Adding /usr/local/lib/libdaq.so.0.1
>> > > >         >
>> > > >         > However when I try to configure Snort I receive this
>> error:
>> > > >         >
>> > > >         > ...
>> > > >         > checking for pcap_datalink in -lpcap... yes
>> > > >         > checking for pcap_lex_destroy... no
>> > > >         > checking for pcap_lib_version... yes
>> > > >         > checking pcre.h usability... yes
>> > > >         > checking pcre.h presence... yes
>> > > >         > checking for pcre.h... yes
>> > > >         > checking for pcre_compile in -lpcre... yes
>> > > >         > checking for libpcre version 6.0 or greater... yes
>> > > >         > checking dnet.h usability... yes
>> > > >         > checking dnet.h presence... yes
>> > > >         > checking for dnet.h... yes
>> > > >         > checking for eth_set in -ldnet... yes
>> > > >         > checking for dlsym in -ldl... no
>> > > >         > checking for dlsym in -lc... yes
>> > > >         > checking for daq_load_modules in -ldaq_static... no
>> > > >         >
>> > > >         >   ERROR!  daq_static library not found, go get it from
>> > > >         >   http://www.snort.org/.
>> > > >         >
>> > > >         > The configure string I'm using for Snort is:
>> > > >         >
>> > > >         > ./configure \
>> > > >         > --sysconfdir=/etc/snort \
>> > > >         > --with-daq-includes=/usr/local/include \
>> > > >         > --with-daq-libraries=/usr/local/lib \
>> > > >         > --with-libpcap-includes=/usr/local/include \
>> > > >         > --with-libpcap-libraries=/usr/local/lib \
>> > > >         > --with-dnet-includes=/usr/local/include \
>> > > >         > --with-dnet-libraries=/usr/local/lib
>> > > >         >
>> > > >         > I've seen some suggestion that building DAQ without the
>> ipfw
>> > > >         module
>> > > >         > could help, but I still encounter the same issue.
>> > > >         >
>> > > >         > Appreciate any suggestions,
>> > > >         >
>> > > >         > Ross.
>> > > >         >
>> > > >
>> > >
>> > >
>> > > Hi,
>> > >
>> > > JJC: that worked however it looks like Snort's not
>> > > building /usr/local/lib/snort_dynamicengine/libsf_engine.so for some
>> > > reason now.
>> > >
>> > > Nov  4 15:48:19 snort[17745]: FATAL ERROR: parser.c(5235) Could not
>> stat
>> > > dynamic module path
>> > > "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or
>> > > directory.
>> > >
>> > >
>> > > Russ: You're right, the output looks much like you anticipated:
>> > >
>> > > nm /usr/local/lib/libdaq_static.a | grep daq_load_modules
>> > > 000008c0 T daq_load_modules
>> > >
>> > > I've attached two config.log files, one generated when I try to
>> include
>> > > the static daq libraries, and the other when I configure without them.
>> > >
>> > > Definitely appreciate the help, I haven't had any problems in the past
>> > > and this one just has me banging my head against the wall.
>> > >
>> > >
>> > > OK, now try this:
>> > >
>> > > sudo ldconfig -p | grep daq
>> > >
>> > > Edit /etc/ld.so.conf and add a line with /usr/local/lib.  Then:
>> > >
>> > > sudo ldconfig -v | grep daq
>> > >
>> > >
>> > > ldconfig's not quite the same on OpenBSD, but I can confirm that the
>> directory containing daq (/usr/local/lib) is already in the hints for
>> ldconfig:
>> > >
>> > > ldconfig -rv | grep daq
>> > >         search directories:
>> /usr/lib:/usr/X11R6/lib:/usr/local/lib:/usr/local/lib/daq:/usr/local/lib/snort_dynamicengine:/usr/local/lib/snort_dynamicpreprocessor
>> > >         112:-ldaq.0.1 => /usr/local/lib/libdaq.so.0.1
>> > >
>> > > Ross.
>> > >
>> > >
>> > >
>>
>> How frustrating and embarrassing; I know that I tried this several times
>> over the last few days as I'd seen it mentioned in one of the few
>> threads I'd found with similar issues -- and I'd had no results from it.
>>
>> Anyway, this time (with --disable-ipfw-module used for DAQ 0.3) Snort
>> was able to configure and build.
>>
>> That said, I'm now encountering this issue when trying to start Snort:
>>
>> FATAL ERROR: parser.c(5235) Could not stat dynamic module path
>> "/usr/local/lib/snort_dynamicengine/libsf_engine.so": No such file or
>> directory.
>>
>> Sure enough, that file doesn't exist (no so files are in either
>> snort_dynamicengine or snort_dynamicprocessor) and I noticed this (or
>> similar) several times during the make:
>>
>> ...
>> /bin/sh ../../../libtool --tag=CC    --mode=link gcc  -g -O2
>> -fvisibility=hidden -fno-strict-aliasing -Wall  -shared -export-dynamic
>> -module -L/usr/local/lib -L/usr/local/lib -Wl,-R/usr/local/lib -lpcre
>> -L/usr/local/lib -ldnet -L/usr/local/lib -o libsf_engine.la
>> -rpath /usr/local/lib/snort_dynamicengine bmh.lo
>> sf_snort_detection_engine.lo  sf_snort_plugin_api.lo
>> sf_snort_plugin_byte.lo  sf_snort_plugin_content.lo
>> sf_snort_plugin_hdropts.lo  sf_snort_plugin_loop.lo
>> sf_snort_plugin_pcre.lo  sf_snort_plugin_rc4.lo  sfhashfcn.lo sfghash.lo
>> sfprimetable.lo sf_ip.lo  -ldaq_static -lpcre -lpcap -lm -lm
>> -L/usr/local/lib -ldaq_static_modules
>>
>> *** Warning: This system can not link to static lib
>> archive /usr/local/lib/libdaq_static.la.
>> *** I have the capability to make that library automatically link in
>> when
>> *** you link to this library.  But I can only do this if you have a
>> *** shared version of the library, which you do not appear to have.
>> *** But as you try to build a module library, libtool will still create
>> *** a static module, that should work as long as the dlopening
>> application
>> *** is linked with the -dlopen flag to resolve symbols at runtime.
>> libtool: link: ar
>> cru .libs/libsf_engine.a .libs/bmh.o .libs/sf_snort_detection_engine.o
>> .libs/sf_snort_plugin_api.o .libs/sf_snort_plugin_byte.o
>> .libs/sf_snort_plugin_content.o .libs/sf_snort_plugin_hdropts.o
>> .libs/sf_snort_plugin_loop.o .libs/sf_snort_plugin_pcre.o
>> .libs/sf_snort_plugin_rc4.o .libs/sfhashfcn.o .libs/sfghash.o
>> .libs/sfprimetable.o .libs/sf_ip.
>> ...
>>
>> I've attached my config.log in case it provides insight.
>>
>> Ross.
>>
>>
>> ------------------------------------------------------------------------------
>> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
>> David G. Thomson, author of the best-selling book "Blueprint to a
>> Billion" shares his insights and actions to help propel your
>> business during the next growth cycle. Listen Now!
>> http://p.sf.net/sfu/SAP-dev2dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101105/ae204874/attachment.html>


More information about the Snort-users mailing list