[Snort-users] [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1

Victor Roemer vroemer at ...1935...
Mon Aug 20 08:41:28 EDT 2012


I'll investigate this further, but it seems that be a problem with how
iptables was compiled (seems Gento users have an issue with this)

How did you install iptables and its dependencies?

In the mean time, if you don't need the IPQ daq I would disable it.

./configure --disable-ipq-module



On Sun, Aug 19, 2012 at 2:16 PM, PR <oly562 at ...11827...> wrote:

> **
> again, im starting to think find clues that this is indeed a 32bit to
> 64bit issue: here is what i found on wikipedia regarding -fPIC
>
> Such a library can be created with GCC<http://en.wikipedia.org/wiki/GNU_Compiler_Collection>by compiling the source file containing the new globals to be linked, with
> the -fpic or -fPIC option,[<http://en.wikipedia.org/wiki/DLL_injection#cite_note-32>
> 33 <http://en.wikipedia.org/wiki/DLL_injection#cite_note-32>]<http://en.wikipedia.org/wiki/DLL_injection#cite_note-32>and linking with the
> -shared option.[ <http://en.wikipedia.org/wiki/DLL_injection#cite_note-33>
> 34 <http://en.wikipedia.org/wiki/DLL_injection#cite_note-33>]<http://en.wikipedia.org/wiki/DLL_injection#cite_note-33>The library has access to external symbols declared in the program like any
> other library.
>
> It is also possible to use debugger-based techniques on Unix-like systems.
> [ <http://en.wikipedia.org/wiki/DLL_injection#cite_note-34>35<http://en.wikipedia.org/wiki/DLL_injection#cite_note-34>
> ] <http://en.wikipedia.org/wiki/DLL_injection#cite_note-34>
>
>
> also is there a tar that is 64bit, and not built for 32bit cpus?
>
> i think that would solve the daq/snort issue.
>
> your thoughts?
>
> pete
>
>
>
> On Sun, 2012-08-19 at 09:52 -0700, PR wrote:
>
> here is the ./configure and make, i dont get past make... see below full
> stdout... suggestions? im running 10.04 Desktop 64bit arch, acidbase,
> trying to upgrade from 2.8.x to 2.9.x...
>
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012$ cd daq-1.1.1/
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012/daq-1.1.1$ ./configure
> checking for a BSD-compatible install... /usr/bin/install -c
> checking whether build environment is sane... yes
> checking for a thread-safe mkdir -p... /bin/mkdir -p
> checking for gawk... gawk
> checking whether make sets $(MAKE)... yes
> checking for gcc... gcc
> checking for C compiler default output file name... a.out
> checking whether the C compiler works... yes
> checking whether we are cross compiling... no
> checking for suffix of executables...
> checking for suffix of object files... o
> checking whether we are using the GNU C compiler... yes
> checking whether gcc accepts -g... yes
> checking for gcc option to accept ISO C89... none needed
> checking for style of include used by make... GNU
> checking dependency style of gcc... gcc3
> checking build system type... x86_64-unknown-linux-gnu
> checking host system type... x86_64-unknown-linux-gnu
> checking for a sed that does not truncate output... /bin/sed
> checking for grep that handles long lines and -e... /bin/grep
> checking for egrep... /bin/grep -E
> checking for fgrep... /bin/grep -F
> checking for ld used by gcc... /usr/bin/ld
> checking if the linker (/usr/bin/ld) is GNU ld... yes
> checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
> checking the name lister (/usr/bin/nm -B) interface... BSD nm
> checking whether ln -s works... yes
> checking the maximum length of command line arguments... 1572864
> checking whether the shell understands some XSI constructs... yes
> checking whether the shell understands "+="... yes
> checking for /usr/bin/ld option to reload object files... -r
> checking for objdump... objdump
> checking how to recognize dependent libraries... pass_all
> checking for ar... ar
> checking for strip... strip
> checking for ranlib... ranlib
> checking command to parse /usr/bin/nm -B output from gcc object... ok
> checking how to run the C preprocessor... gcc -E
> checking for ANSI C header files... yes
> checking for sys/types.h... yes
> checking for sys/stat.h... yes
> checking for stdlib.h... yes
> checking for string.h... yes
> checking for memory.h... yes
> checking for strings.h... yes
> checking for inttypes.h... yes
> checking for stdint.h... yes
> checking for unistd.h... yes
> checking for dlfcn.h... yes
> checking for objdir... .libs
> checking if gcc supports -fno-rtti -fno-exceptions... no
> checking for gcc option to produce PIC... -fPIC -DPIC
> checking if gcc PIC flag -fPIC -DPIC works... yes
> checking if gcc static flag -static works... yes
> checking if gcc supports -c -o file.o... yes
> checking if gcc supports -c -o file.o... (cached) yes
> checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports
> shared libraries... yes
> checking whether -lc should be explicitly linked in... no
> checking dynamic linker characteristics... GNU/Linux ld.so
> checking how to hardcode library paths into programs... immediate
> checking whether stripping libraries is possible... yes
> checking if libtool supports shared libraries... yes
> checking whether to build shared libraries... yes
> checking whether to build static libraries... yes
> checking for visibility support... yes
> checking CFLAGS for gcc -Wall... -Wall
> checking CFLAGS for gcc -Wwrite-strings... -Wwrite-strings
> checking CFLAGS for gcc -Wsign-compare... -Wsign-compare
> checking CFLAGS for gcc -Wcast-align... -Wcast-align
> checking CFLAGS for gcc -Wextra... -Wextra
> checking CFLAGS for gcc -Wformat... -Wformat
> checking CFLAGS for gcc -Wformat-security... -Wformat-security
> checking CFLAGS for gcc -Wno-unused-parameter... -Wno-unused-parameter
> checking CFLAGS for gcc -fno-strict-aliasing... -fno-strict-aliasing
> checking CFLAGS for gcc -fdiagnostics-show-option...
> -fdiagnostics-show-option
> checking CFLAGS for gcc -pedantic -std=c99 -D_GNU_SOURCE... -pedantic
> -std=c99 -D_GNU_SOURCE
> checking for getaddrinfo... yes
> checking for flex... flex
> checking for flex 2.4 or higher... yes
> checking for bison... bison
> checking linux/if_ether.h usability... yes
> checking linux/if_ether.h presence... yes
> checking for linux/if_ether.h... yes
> checking linux/if_packet.h usability... yes
> checking linux/if_packet.h presence... yes
> checking for linux/if_packet.h... yes
> checking pcap.h usability... yes
> checking pcap.h presence... yes
> checking for pcap.h... yes
> checking for pcap_lib_version in -lpcap... yes
> checking netinet/in.h usability... yes
> checking netinet/in.h presence... yes
> checking for netinet/in.h... yes
> checking libipq.h usability... yes
> checking libipq.h presence... yes
> checking for libipq.h... yes
> checking for linux/netfilter.h... yes
> checking for netinet/in.h... (cached) yes
> checking libnetfilter_queue/libnetfilter_queue.h usability... no
> checking libnetfilter_queue/libnetfilter_queue.h presence... no
> checking for libnetfilter_queue/libnetfilter_queue.h... no
> checking for linux/netfilter.h... (cached) yes
> checking for pcap.h... (cached) yes
> checking for pcap_lib_version... checking for pcap_lib_version in
> -lpcap... (cached) yes
> checking for libpcap version >= "1.0.0"... yes
> checking dnet.h usability... yes
> checking dnet.h presence... yes
> checking for dnet.h... yes
> checking dumbnet.h usability... no
> checking dumbnet.h presence... no
> checking for dumbnet.h... no
> checking for eth_set in -ldnet... yes
> checking for eth_set in -ldumbnet... no
> checking for dlopen in -ldl... yes
> checking for inttypes.h... (cached) yes
> checking for memory.h... (cached) yes
> checking netdb.h usability... yes
> checking netdb.h presence... yes
> checking for netdb.h... yes
> checking for netinet/in.h... (cached) yes
> checking for stdint.h... (cached) yes
> checking for stdlib.h... (cached) yes
> checking for string.h... (cached) yes
> checking sys/ioctl.h usability... yes
> checking sys/ioctl.h presence... yes
> checking for sys/ioctl.h... yes
> checking sys/param.h usability... yes
> checking sys/param.h presence... yes
> checking for sys/param.h... yes
> checking sys/socket.h usability... yes
> checking sys/socket.h presence... yes
> checking for sys/socket.h... yes
> checking sys/time.h usability... yes
> checking sys/time.h presence... yes
> checking for sys/time.h... yes
> checking for unistd.h... (cached) yes
> checking for inline... inline
> checking for size_t... yes
> checking for uint16_t... yes
> checking for uint32_t... yes
> checking for uint64_t... yes
> checking for uint8_t... yes
> checking for stdlib.h... (cached) yes
> checking for GNU libc compatible malloc... yes
> checking for stdlib.h... (cached) yes
> checking for unistd.h... (cached) yes
> checking for getpagesize... yes
> checking for working mmap... yes
> checking for gethostbyname... yes
> checking for getpagesize... (cached) yes
> checking for memset... yes
> checking for munmap... yes
> checking for socket... yes
> checking for strchr... yes
> checking for strcspn... yes
> checking for strdup... yes
> checking for strerror... yes
> checking for strrchr... yes
> checking for strstr... yes
> checking for strtoul... yes
> configure: creating ./config.status
> config.status: creating Makefile
> config.status: creating api/Makefile
> config.status: creating os-daq-modules/Makefile
> config.status: creating os-daq-modules/daq-modules-config
> config.status: creating sfbpf/Makefile
> config.status: creating config.h
> config.status: config.h is unchanged
> config.status: executing depfiles commands
> config.status: executing libtool commands
>
> Build AFPacket DAQ module.. : yes
> Build Dump DAQ module...... : yes
> Build IPFW DAQ module...... : yes
> Build IPQ DAQ module....... : yes
> Build NFQ DAQ module....... : no
> Build PCAP DAQ module...... : yes
>
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012/daq-1.1.1$ make
> make  all-recursive
> make[1]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1'
> Making all in api
> make[2]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/api'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/api'
> Making all in sfbpf
> make[2]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf'
> Making all in os-daq-modules
> make[2]: Entering directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/os-daq-modules'
> /bin/bash ../libtool --tag=CC   --mode=link gcc -DBUILDING_SO -g -O2
> -fvisibility=hidden -Wall -Wwrite-strings -Wsign-compare -Wcast-align
> -Wextra -Wformat -Wformat-security -Wno-unused-parameter
> -fno-strict-aliasing -fdiagnostics-show-option -pedantic -std=c99
> -D_GNU_SOURCE -module -export-dynamic -avoid-version -shared
> -L/usr/local/lib -ldnet   -o daq_ipq.la -rpath /usr/local/lib/daq
> daq_ipq_la-daq_ipq.lo -lipq -L/usr/local/lib -ldnet ../sfbpf/libsfbpf.la
> libtool: link: gcc -shared  .libs/daq_ipq_la-daq_ipq.o   -Wl,-rpath
> -Wl,/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/sfbpf/.libs
> -L/usr/local/lib -lipq /usr/local/lib/libdnet ../sfbpf/.libs/libsfbpf.so
> -Wl,-soname -Wl,daq_ipq.so -o .libs/daq_ipq.so
> /usr/bin/ld:
> /usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/libipq.a(libipq.o):
> relocation R_X86_64_32S against `ipq_errmap' can not be used when making a
> shared object; recompile with -fPIC
> /usr/lib/gcc/x86_64-linux-gnu/4.4.3/../../../../lib/libipq.a: could not
> read symbols: Bad value
> collect2: ld returned 1 exit status
> make[2]: *** [daq_ipq.la] Error 1
> make[2]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1/os-daq-modules'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory
> `/home/unixrealm/Downloads/Programs/Snort-2012/daq-1.1.1'
> make: *** [all] Error 2
> unixrealm at ...15760...:~/Downloads/Programs/Snort-2012/daq-1.1.1$
>
>
> frustrating i tell ya... pete
>
> On Tue, 2012-08-14 at 14:45 -0700, PR wrote:
>
> here are the files for daq.
>
> make.out and config.log
>
> When install snort 2.9.x of course, is says, daq is not installed. so...
> first get daq as Joel suggests. thanks for your help, really!
>
> i simply want a nice easy way to update snort just like the good old days.
> ;)
>
> pete
>
>
> On Mon, 2012-08-13 at 09:28 -0400, Victor Roemer wrote:
>
> So your using snort-2.9.3 and daq-1.1.1
>
>
> Could you send your 'config.log' and make output to us for analysis.
>
>
> The 'config.log' is generated after running
>
>
> $ ./configure
>
>
> When capturing the make output, we prefer to just have everything, via
>
>
> $ make &> make.out
>
>
> Then send us those files.
>
>
> Other information which we find useful is OS and OS version and gcc
> version.
>
>
> Thanks!
>
>
>  Begin forwarded message:
>
>  *From: *PR <oly562 at ...11827...>
>
> *Subject: Re: [Snort-sigs] Snort-sigs Digest, Vol 75, Issue 1*
>
> *Date: *August 6, 2012 3:23:49 PM EDT
>
> *To: *Joel Esler <jesler at ...1935...>
>
>
> sorry i used wrong nomenclature. i am at 2930 aka 2.9.3, its daq at this
> point. when i try to install snort it points to daq not installed, then daq
> points to error use -fPIC. so what does -fPIC mean? cant find info about
> it... any suggestions? oh and i remove each failed compile, and untar each
> time. justa heads up, i know how to compile from source, but somethings i
> need help with like -fPIC
>
> On Mon, 2012-08-06 at 13:24 -0400, Joel Esler wrote:
>
> I'm telling you that 2900 isn't supported.  You should update to 2930
> which is supported.
>
>
>
> On Aug 6, 2012, at 1:19 PM, PR <oly562 at ...11827...> wrote:
>
>  im downloading from http://www.snort.org/snort-downloads
>
> you are telling me they are not supported? huh???
>
> On Mon, 2012-08-06 at 08:51 -0400, Joel Esler wrote:
>
> On Aug 5, 2012, at 7:46 PM, PR <oly562 at ...11827...> wrote:
>
>  your thoughts? good link? simple cmd instructions, maybe print your
> history for last time you did this? little help, starting to get annoyed
> when snort switches from 2800/2900 version, and its NOT simple as it could
> be.
>
>
> 2900 isn't even supported anymore.
>
>
> http://www.snort.org/vrt/rules/eol_policy
>
>
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120820/7395e4af/attachment.html>


More information about the Snort-users mailing list