[Snort-users] [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1

PR oly562 at ...11827...
Sun Aug 19 14:16:59 EDT 2012


again, im starting to think find clues that this is indeed a 32bit to
64bit issue: here is what i found on wikipedia regarding -fPIC

Such a library can be created with GCC by compiling the source file
containing the new globals to be linked, with the -fpic or -fPIC
option,[33] and linking with the -shared option.[34] The library has
access to external symbols declared in the program like any other
library.

It is also possible to use debugger-based techniques on Unix-like
systems.[35]


also is there a tar that is 64bit, and not built for 32bit cpus?

i think that would solve the daq/snort issue. 

your thoughts?

pete


On Sun, 2012-08-19 at 09:52 -0700, PR wrote:

> here is the ./configure and make, i dont get past make... see below
> full stdout... suggestions? im running 10.04 Desktop 64bit arch,
> acidbase, trying to upgrade from 2.8.x to 2.9.x...
> 
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012$ cd daq-1.1.1/
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012/daq-1.1.1
> $ ./configure 
> checking for a BSD-compatible install... /usr/bin/install -c
> checking whether build environment is sane... yes
> checking for a thread-safe mkdir -p... /bin/mkdir -p
> checking for gawk... gawk
> checking whether make sets $(MAKE)... yes
> checking for gcc... gcc
> checking for C compiler default output file name... a.out
> checking whether the C compiler works... yes
> checking whether we are cross compiling... no
> checking for suffix of executables... 
> checking for suffix of object files... o
> checking whether we are using the GNU C compiler... yes
> checking whether gcc accepts -g... yes
> checking for gcc option to accept ISO C89... none needed
> checking for style of include used by make... GNU
> checking dependency style of gcc... gcc3
> checking build system type... x86_64-unknown-linux-gnu
> checking host system type... x86_64-unknown-linux-gnu
> checking for a sed that does not truncate output... /bin/sed
> checking for grep that handles long lines and -e... /bin/grep
> checking for egrep... /bin/grep -E
> checking for fgrep... /bin/grep -F
> checking for ld used by gcc... /usr/bin/ld
> checking if the linker (/usr/bin/ld) is GNU ld... yes
> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
> checking the name lister (/usr/bin/nm -B) interface... BSD nm
> checking whether ln -s works... yes
> checking the maximum length of command line arguments... 1572864
> checking whether the shell understands some XSI constructs... yes
> checking whether the shell understands "+="... yes
> checking for /usr/bin/ld option to reload object files... -r
> checking for objdump... objdump
> checking how to recognize dependent libraries... pass_all
> checking for ar... ar
> checking for strip... strip
> checking for ranlib... ranlib
> checking command to parse /usr/bin/nm -B output from gcc object... ok
> checking how to run the C preprocessor... gcc -E
> checking for ANSI C header files... yes
> checking for sys/types.h... yes
> checking for sys/stat.h... yes
> checking for stdlib.h... yes
> checking for string.h... yes
> checking for memory.h... yes
> checking for strings.h... yes
> checking for inttypes.h... yes
> checking for stdint.h... yes
> checking for unistd.h... yes
> checking for dlfcn.h... yes
> checking for objdir... .libs
> checking if gcc supports -fno-rtti -fno-exceptions... no
> checking for gcc option to produce PIC... -fPIC -DPIC
> checking if gcc PIC flag -fPIC -DPIC works... yes
> checking if gcc static flag -static works... yes
> checking if gcc supports -c -o file.o... yes
> checking if gcc supports -c -o file.o... (cached) yes
> checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports
> shared libraries... yes
> checking whether -lc should be explicitly linked in... no
> checking dynamic linker characteristics... GNU/Linux ld.so
> checking how to hardcode library paths into programs... immediate
> checking whether stripping libraries is possible... yes
> checking if libtool supports shared libraries... yes
> checking whether to build shared libraries... yes
> checking whether to build static libraries... yes
> checking for visibility support... yes
> checking CFLAGS for gcc -Wall... -Wall
> checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings
> checking CFLAGS for gcc -Wsign-compare... -Wsign-compare
> checking CFLAGS for gcc -Wcast-align... -Wcast-align
> checking CFLAGS for gcc -Wextra... -Wextra
> checking CFLAGS for gcc -Wformat... -Wformat
> checking CFLAGS for gcc -Wformat-security... -Wformat-security
> checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter
> checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing
> checking CFLAGS for gcc -fdiagnostics-show-option...
> -fdiagnostics-show-option
> checking CFLAGS for gcc -pedantic -std=c99 -D_GNU_SOURCE... -pedantic
> -std=c99 -D_GNU_SOURCE
> checking for getaddrinfo... yes
> checking for flex... flex
> checking for flex 2.4 or higher... yes
> checking for bison... bison
> checking linux/if_ether.h usability... yes
> checking linux/if_ether.h presence... yes
> checking for linux/if_ether.h... yes
> checking linux/if_packet.h usability... yes
> checking linux/if_packet.h presence... yes
> checking for linux/if_packet.h... yes
> checking pcap.h usability... yes
> checking pcap.h presence... yes
> checking for pcap.h... yes
> checking for pcap_lib_version in -lpcap... yes
> checking netinet/in.h usability... yes
> checking netinet/in.h presence... yes
> checking for netinet/in.h... yes
> checking libipq.h usability... yes
> checking libipq.h presence... yes
> checking for libipq.h... yes
> checking for linux/netfilter.h... yes
> checking for netinet/in.h... (cached) yes
> checking libnetfilter_queue/libnetfilter_queue.h usability... no
> checking libnetfilter_queue/libnetfilter_queue.h presence... no
> checking for libnetfilter_queue/libnetfilter_queue.h... no
> checking for linux/netfilter.h... (cached) yes
> checking for pcap.h... (cached) yes
> checking for pcap_lib_version... checking for pcap_lib_version in
> -lpcap... (cached) yes
> checking for libpcap version >= "1.0.0"... yes
> checking dnet.h usability... yes
> checking dnet.h presence... yes
> checking for dnet.h... yes
> checking dumbnet.h usability... no
> checking dumbnet.h presence... no
> checking for dumbnet.h... no
> checking for eth_set in -ldnet... yes
> checking for eth_set in -ldumbnet... no
> checking for dlopen in -ldl... yes
> checking for inttypes.h... (cached) yes
> checking for memory.h... (cached) yes
> checking netdb.h usability... yes
> checking netdb.h presence... yes
> checking for netdb.h... yes
> checking for netinet/in.h... (cached) yes
> checking for stdint.h... (cached) yes
> checking for stdlib.h... (cached) yes
> checking for string.h... (cached) yes
> checking sys/ioctl.h usability... yes
> checking sys/ioctl.h presence... yes
> checking for sys/ioctl.h... yes
> checking sys/param.h usability... yes
> checking sys/param.h presence... yes
> checking for sys/param.h... yes
> checking sys/socket.h usability... yes
> checking sys/socket.h presence... yes
> checking for sys/socket.h... yes
> checking sys/time.h usability... yes
> checking sys/time.h presence... yes
> checking for sys/time.h... yes
> checking for unistd.h... (cached) yes
> checking for inline... inline
> checking for size_t... yes
> checking for uint16_t... yes
> checking for uint32_t... yes
> checking for uint64_t... yes
> checking for uint8_t... yes
> checking for stdlib.h... (cached) yes
> checking for GNU libc compatible malloc... yes
> checking for stdlib.h... (cached) yes
> checking for unistd.h... (cached) yes
> checking for getpagesize... yes
> checking for working mmap... yes
> checking for gethostbyname... yes
> checking for getpagesize... (cached) yes
> checking for memset... yes
> checking for munmap... yes
> checking for socket... yes
> checking for strchr... yes
> checking for strcspn... yes
> checking for strdup... yes
> checking for strerror... yes
> checking for strrchr... yes
> checking for strstr... yes
> checking for strtoul... yes
> configure: creating ./config.status
> config.status: creating Makefile
> config.status: creating api/Makefile
> config.status: creating os-daq-modules/Makefile
> config.status: creating os-daq-modules/daq-modules-config
> config.status: creating sfbpf/Makefile
> config.status: creating config.h
> config.status: config.h is unchanged
> config.status: executing depfiles commands
> config.status: executing libtool commands
> 
> Build AFPacket DAQ module.. : yes
> Build Dump DAQ module...... : yes
> Build IPFW DAQ module...... : yes
> Build IPQ DAQ module....... : yes
> Build NFQ DAQ module....... : no
> Build PCAP DAQ module...... : yes
> 
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012/daq-1.1.1$ make
> make  all-recursive
> make[1]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1'
> Making all in api
> make[2]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/api'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/api'
> Making all in sfbpf
> make[2]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf'
> Making all in os-daq-modules
> make[2]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/os-daq-modules'
> /bin/bash ../libtool --tag=CC   --mode=link gcc -DBUILDING_SO -g -O2
> -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align
> -Wextra -Wformat -Wformat-security -Wno-unused-parameter
> -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99
> -D_GNU_SOURCE -module -export-dynamic -avoid-version -shared
> -L/usr/local/lib -ldnet   -o daq_ipq.la -rpath /usr/local/lib/daq
> daq_ipq_la-daq_ipq.lo -lipq -L/usr/local/lib
> -ldnet ../sfbpf/libsfbpf.la 
> libtool: link: gcc -shared  .libs/daq_ipq_la-daq_ipq.o   -Wl,-rpath
> -Wl,/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf/.libs -L/usr/local/lib -lipq /usr/local/lib/libdnet ../sfbpf/.libs/libsfbpf.so    -Wl,-soname -Wl,daq_ipq.so -o .libs/daq_ipq.so
> /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/libipq.a(libipq.o): relocation R_X86_64_32S against `ipq_errmap' can not be used when making a shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/libipq.a: could
> not read symbols: Bad value
> collect2: ld returned 1 exit status
> make[2]: *** [daq_ipq.la] Error 1
> make[2]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/os-daq-modules'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1'
> make: *** [all] Error 2
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012/daq-1.1.1$ 
> 
> 
> frustrating i tell ya... pete
> 
> On Tue, 2012-08-14 at 14:45 -0700, PR wrote:
> 
> > here are the files for daq.
> > 
> > make.out and config.log
> > 
> > When install snort 2.9.x of course, is says, daq is not installed.
> > so... first get daq as Joel suggests. thanks for your help, really!
> > 
> > i simply want a nice easy way to update snort just like the good old
> > days. ;)
> > 
> > pete
> > 
> > 
> > On Mon, 2012-08-13 at 09:28 -0400, Victor Roemer wrote: 
> > 
> > > So your using snort-2.9.3 and daq-1.1.1 
> > > 
> > > 
> > > Could you send your 'config.log' and make output to us for
> > > analysis.
> > > 
> > > 
> > > The 'config.log' is generated after running 
> > > 
> > > 
> > > $ ./configure
> > > 
> > > 
> > > When capturing the make output, we prefer to just have everything,
> > > via
> > > 
> > > 
> > > $ make &> make.out
> > > 
> > > 
> > > Then send us those files.
> > > 
> > > 
> > > Other information which we find useful is OS and OS version and
> > > gcc version.
> > > 
> > > 
> > > Thanks!
> > > 
> > > 
> > > 
> > >         Begin forwarded message: 
> > >         
> > >         
> > >         > From: PR <oly562 at ...11827...>
> > >         > 
> > >         > Subject: Re: [Snort-sigs] Snort-sigs Digest, Vol 75,
> > >         > Issue 1
> > >         > 
> > >         > Date: August 6, 2012 3:23:49 PM EDT
> > >         > 
> > >         > To: Joel Esler <jesler at ...1935...>
> > >         > 
> > >         > 
> > >         > sorry i used wrong nomenclature. i am at 2930 aka 2.9.3,
> > >         > its daq at this point. when i try to install snort it
> > >         > points to daq not installed, then daq points to error
> > >         > use -fPIC. so what does -fPIC mean? cant find info about
> > >         > it... any suggestions? oh and i remove each failed
> > >         > compile, and untar each time. justa heads up, i know how
> > >         > to compile from source, but somethings i need help with
> > >         > like -fPIC
> > >         > 
> > >         > On Mon, 2012-08-06 at 13:24 -0400, Joel Esler wrote:
> > >         > 
> > >         > > I'm telling you that 2900 isn't supported.  You should
> > >         > > update to 2930 which is supported. 
> > >         > > 
> > >         > > 
> > >         > > 
> > >         > > On Aug 6, 2012, at 1:19 PM, PR <oly562 at ...11827...>
> > >         > > wrote:
> > >         > > 
> > >         > > 
> > >         > > > im downloading from
> > >         > > > http://www.snort.org/snort-downloads
> > >         > > > 
> > >         > > > you are telling me they are not supported? huh???
> > >         > > > 
> > >         > > > On Mon, 2012-08-06 at 08:51 -0400, Joel Esler
> > >         > > > wrote: 
> > >         > > > 
> > >         > > > > On Aug 5, 2012, at 7:46 PM, PR <oly562 at ...11827...>
> > >         > > > > wrote:
> > >         > > > > 
> > >         > > > > 
> > >         > > > > > your thoughts? good link? simple cmd
> > >         > > > > > instructions, maybe print your history for last
> > >         > > > > > time you did this? little help, starting to get
> > >         > > > > > annoyed when snort switches from 2800/2900
> > >         > > > > > version, and its NOT simple as it could be.  
> > >         > > > > 
> > >         > > > > 
> > >         > > > > 2900 isn't even supported anymore.
> > >         > > > > 
> > >         > > > > 
> > >         > > > > http://www.snort.org/vrt/rules/eol_policy 
> > >         > > > > 
> > >         > > > > 
> > >         > > > > 
> > >         > > > > --
> > >         > > > > Joel Esler
> > >         > > > > Senior Research Engineer, VRT
> > >         > > > > OpenSource Community Manager
> > >         > > > > Sourcefire 
> > >         > > 
> > >         > > 
> > >         > > 
> > >         
> > >         
> > >         
> > >         
> > > 
> > > 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120819/3c81ef0d/attachment.html>


More information about the Snort-users mailing list