[Snort-users] Snort missing C99 patch

Michael Altizer mialtize at ...589...
Fri Nov 21 12:27:24 EST 2014

Sounds like the DAQ library you have is an alpha/beta version, which is 
what that check was put in to detect (it has the new function, but an 
old version of the struct definition).  If you look at daq_common.h, you 
should see that the DAQ_DP_key_t structure looks like this:

typedef struct _DAQ_DP_key_t {
     uint32_t af;                /* AF_INET or AF_INET6 */
     union {
         struct in_addr src_ip4;
         struct in6_addr src_ip6;
     } sa;
     union {
         struct in_addr dst_ip4;
         struct in6_addr dst_ip6;
     } da;
     uint8_t protocol;           /* TCP or UDP (IPPROTO_TCP or 
     uint16_t src_port;          /* TCP/UDP source port */
     uint16_t dst_port;          /* TCP/UDP destination port */
     uint16_t address_space_id;  /* Address Space ID */
     uint16_t tunnel_type;       /* Tunnel type */
     uint16_t vlan_id;           /* VLAN ID */
     uint16_t vlan_cnots;
} DAQ_DP_key_t;

Note the named 'sa' and 'da' unions.  If it doesn't look like that, you 
need to update with the final version of libdaq 2.0.4, which is 
available on the snort.org website.  I just verified that the src.rpm 
there has the right version of the headers.

On 11/21/2014 11:16 AM, Terry John wrote:
> I’m trying to update an existing version of snort on Centos 
> 6.5. I was disappointed to see that Snort no longer provides RPM’s for 
> Centos 6 so I rpmbuilt my own from the src.rpm files.
> That daq built ok but the snort still insisted on looking for the old 
> libdnet v 1.11 so I decided to compile from source using 
> snort- .
> I did a yum update on the daq and that seems ok. But when I did a 
> ./configure –enable-sourcefire as suggested in the setup guide 
> (https://www.snort.org/documents/4) I got the error:
> checking for daq_dp_add_dc... yes
> checking for struct _DAQ_DP_key_t.sa.src_ip4... no
>    ERROR!  daq library missing C99 patch, upgrade to >=2.0.4, go get 
> it from
> http://www.snort.org/.
> From a clean install on a virtualbox using the same daq rpm snort 
> compiles fine. Could t be a problem that the daq RPM can’t do a clean 
> update on an existing system?
> Thanks
> Terry
> The Manheim group of companies within the UK comprises: Manheim Europe 
> Limited (registered number: 03183918), Manheim Auctions Limited 
> (registered number: 00448761), Manheim Retail Services Limited 
> (registered number: 02838588), Motors.co.uk Limited (registered 
> number: 05975777), Real Time Communications Limited (registered 
> number: 04277845) and Complete Automotive Solutions Limited 
> (registered number: 05302535). Each of these companies is registered 
> in England and Wales with the registered office address of Central 
> House, Leeds Road, Rothwell, Leeds LS26 0JE. The Manheim group of 
> companies operates under various brand/trading names including Manheim 
> Inspection Services, Manheim Auctions, Manheim Direct, Manheim 
> De-fleet and Manheim Aftersales Solutions.
> V:0CF72C13B2AC
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141121/c8629a64/attachment.html>

More information about the Snort-users mailing list