There is a check in libnet.h:
#if !(__linux__)
#include <netinet/ip_var.h>
#else /* __linux__ */
#if (HAVE_NET_ETHERNET_H)
#include <net/ethernet.h>
#endif /* HAVE_NET_ETHERNET_H */
#endif /* __linux__ */
Just curious what the output is from configuring libnet. On a 64bit
Fedora Core 6, I get warnings about being an unsupported OS. Also,
HAVE_NET_ETHERNET_H does not get defined. Not sure why I didn't have
the same problem.
David Thibault wrote:
OK, so I set my libnet-headers.h back the way they were before Todd's
previously suggested edit, then I tried option 1 below, and it compiled.
I will give it a spin and post to the group after verifying that
inline works properly. I anticipate that it will since it compiled
properly.
Thanks, Todd!
Dave
On 2/21/08, *Todd Wease* <twease@sourcefire.com
<mailto:twease@sourcefire.com>> wrote:
Two other things to try:
1) Under your Snort source directory in src/inline.c, try adding the
following line just under #include <libnet.h>:
#include <net/ethernet.h>
If this does not work, try:
2) In src/inline.h, just under #include "snort.h", try adding the
following:
struct ether_addr
{
u_char ether_addr_octet[6];
};
and see if that works. Let us know.
Thanks,
Todd
David Thibault wrote:
> Nope, same (or similar) error:
> gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I../src/sfutil
> -I/usr/include/pcap -I../src/output-plugins
-I../src/detection-plugins
> -I../src/dynamic-plugins -I../src/preprocessors
> -I../src/preprocessors/flow -I../src/preprocessors/portscan
> -I../src/preprocessors/flow/int-snort
> -I../src/preprocessors/HttpInspect/include
> -I../src/preprocessors/Stream5 -I../src/target-based
> -I/usr/local/snort/include -I/usr/local/snort/include
> -I/usr/local/snort/include -I/usr/local/snort/include
> -I/usr/local/snort/include -fno-strict-aliasing -g -O2 -Wall
> -DDYNAMIC_PLUGIN -DGIDS -DLIBNET_LIL_ENDIAN -fno-strict-aliasing
-c inline.c
> inline.c: In function 'InitInlinePostConfig':
> inline.c:183: warning: pointer targets in passing argument 11 of
> 'libnet_build_ip' differ in signedness
> inline.c:186: warning: pointer targets in passing argument 10 of
> 'libnet_build_tcp' differ in signedness
> inline.c:190: warning: pointer targets in passing argument 11 of
> 'libnet_build_ip' differ in signedness
> inline.c:192: warning: pointer targets in passing argument 13 of
> 'libnet_build_icmp_unreach' differ in signedness
> inline.c:201: warning: pointer targets in passing argument 11 of
> 'libnet_build_ip' differ in signedness
> inline.c:204: warning: pointer targets in passing argument 10 of
> 'libnet_build_tcp' differ in signedness
> inline.c:208: warning: pointer targets in passing argument 11 of
> 'libnet_build_ip' differ in signedness
> inline.c:210: warning: pointer targets in passing argument 13 of
> 'libnet_build_icmp_unreach' differ in signedness
> inline.c: In function 'IpqLoop':
> inline.c:282: warning: implicit declaration of function 'sig_check'
> inline.c: In function 'RejectSocket':
> inline.c:454: warning: pointer targets in passing argument 1 of
> 'libnet_do_checksum' differ in signedness
> inline.c:461: warning: pointer targets in passing argument 2 of
> 'libnet_write_ip' differ in signedness
> inline.c:494: warning: pointer targets in passing argument 1 of
> 'libnet_do_checksum' differ in signedness
> inline.c:502: warning: pointer targets in passing argument 2 of
> 'libnet_write_ip' differ in signedness
> inline.c: In function 'RejectLayer2':
> inline.c:594: error: dereferencing pointer to incomplete type
> inline.c:629: warning: pointer targets in passing argument 1 of
> 'libnet_do_checksum' differ in signedness
> inline.c:635: warning: pointer targets in passing argument 1 of
> 'libnet_do_checksum' differ in signedness
> inline.c:642: warning: pointer targets in passing argument 6 of
> 'libnet_build_ethernet' differ in signedness
> inline.c:649: warning: pointer targets in passing argument 3 of
> 'libnet_write_link_layer' differ in signedness
> inline.c:683: warning: pointer targets in passing argument 1 of
> 'libnet_do_checksum' differ in signedness
> inline.c:689: warning: pointer targets in passing argument 1 of
> 'libnet_do_checksum' differ in signedness
> inline.c:697: warning: pointer targets in passing argument 6 of
> 'libnet_build_ethernet' differ in signedness
> inline.c:707: warning: pointer targets in passing argument 3 of
> 'libnet_write_link_layer' differ in signedness
> make[3]: *** [inline.o] Error 1
> make[3]: Leaving directory `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src>
> <http://2.8.0.1/src>'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src>
> <http://2.8.0.1/src>'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/home/davidt/snort/snort-2.8.0.1
<http://2.8.0.1>
> <http://2.8.0.1>'
> make: *** [all] Error 2
>
> This time I left off the other --enable-* statements and just
went with
> the following configure command (still pointing to all my libs
and incs
> just in case):
> ./configure --enable-inline
> --with-libpcap-includes=/usr/local/snort/include
> --with-libpcap-libraries=/usr/local/snort/lib
> --with-libpcre-includes=/usr/local/snort/include
> --with-libpcre-libraries=/usr/local/snort/lib
> --with-libnet-includes=/usr/local/snort/include
> --with-libnet-libraries=/usr/local/snort/lib
> --with-dnet-includes=/usr/local/snort/include
> --with-dnet-libraries=/usr/local/snort/lib
>
> Best,
> Dave
>
> On 2/21/08, *David Thibault* <dave@itstrategypartners.com
<mailto:dave@itstrategypartners.com>
> <mailto:dave@itstrategypartners.com
<mailto:dave@itstrategypartners.com>>> wrote:
>
> Thanks, Todd. I will try that and post the results.
>
>
> Best,
> Dave
>
>
> On 2/21/08, *Todd Wease* <twease@sourcefire.com
<mailto:twease@sourcefire.com>
> <mailto:twease@sourcefire.com
<mailto:twease@sourcefire.com>>> wrote:
>
> David,
>
> My only guess is that "struct ether_addr" is not getting
defined
> on your
> system. Try editing libnet-headers.h (most likely in
> /usr/include/libnet). At or around line 391, remove the #if
> (!__GLIBC__) / #endif lines and see if that solves the
> problem. If not,
> please repost results.
>
> Thanks,
> Todd
>
>
> David Thibault wrote:
> > Hello all,
> >
> > I have been banging my head against the keyboard for 2
days
> now...=) I
>
> > am trying to install Snort 2.8.0.1 <http://2.8.0.1>
<http://2.8.0.1>
> <http://2.8.0.1> on Centos 5.1. I
>
> > have tried using RPMs for the library and include
> dependencies, and
> > tried with compiling everything from source. Every time I
> > --enable-inline I get the following errors:
> >
> > make[3]: Entering directory
> `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src> <http://2.8.0.1/src>
>
> > <http://2.8.0.1/src>'
>
> > gcc -m64 -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src
> -I../src/sfutil
> > -I/usr/include/pcap -I../src/output-plugins
> -I../src/detection-plugins
> > -I../src/dynamic-plugins -I../src/preprocessors
> > -I../src/preprocessors/flow
-I../src/preprocessors/portscan
> > -I../src/preprocessors/flow/int-snort
> > -I../src/preprocessors/HttpInspect/include
> > -I../src/preprocessors/Stream5 -I../src/target-based
> > -I/usr/local/snort/include -I/usr/local/snort/include
> > -I/usr/local/snort/include -I/usr/local/snort/include
> > -I/usr/include/mysql -DENABLE_MYSQL
-I/usr/local/snort/include
> > -fno-strict-aliasing -O0 -g -Wall -pthread
-I/usr/local/include
> > -DDYNAMIC_PLUGIN -DGIDS -DLIBNET_LIL_ENDIAN
> -fno-strict-aliasing -c inline.c
> > inline.c: In function 'InitInlinePostConfig':
> > inline.c:183: warning: pointer targets in passing
argument 11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:186: warning: pointer targets in passing
argument 10 of
> > 'libnet_build_tcp' differ in signedness
> > inline.c:190: warning: pointer targets in passing
argument 11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:192: warning: pointer targets in passing
argument 13 of
> > 'libnet_build_icmp_unreach' differ in signedness
> > inline.c:201: warning: pointer targets in passing
argument 11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:204: warning: pointer targets in passing
argument 10 of
> > 'libnet_build_tcp' differ in signedness
> > inline.c:208: warning: pointer targets in passing
argument 11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:210: warning: pointer targets in passing
argument 13 of
> > 'libnet_build_icmp_unreach' differ in signedness
> > inline.c: In function 'IpqLoop':
> > inline.c:282: warning: implicit declaration of function
> 'sig_check'
> > inline.c: In function 'RejectSocket':
> > inline.c:454: warning: pointer targets in passing
argument 1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:461: warning: pointer targets in passing
argument 2 of
> > 'libnet_write_ip' differ in signedness
> > inline.c:494: warning: pointer targets in passing
argument 1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:502: warning: pointer targets in passing
argument 2 of
> > 'libnet_write_ip' differ in signedness
> > inline.c: In function 'RejectLayer2':
> > inline.c:594: error: dereferencing pointer to
incomplete type
> > inline.c:629: warning: pointer targets in passing
argument 1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:635: warning: pointer targets in passing
argument 1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:642: warning: pointer targets in passing
argument 6 of
> > 'libnet_build_ethernet' differ in signedness
> > inline.c:649: warning: pointer targets in passing
argument 3 of
> > 'libnet_write_link_layer' differ in signedness
> > inline.c:683: warning: pointer targets in passing
argument 1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:689: warning: pointer targets in passing
argument 1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:697: warning: pointer targets in passing
argument 6 of
> > 'libnet_build_ethernet' differ in signedness
> > inline.c:707: warning: pointer targets in passing
argument 3 of
> > 'libnet_write_link_layer' differ in signedness
> > make[3]: *** [inline.o] Error 1
> > make[3]: Leaving directory
> `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src> <http://2.8.0.1/src>
>
> > <http://2.8.0.1/src>'
>
> > make[2]: *** [all-recursive] Error 1
> > make[2]: Leaving directory
> `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src> <http://2.8.0.1/src>
>
> > <http://2.8.0.1/src>'
>
> > make[1]: *** [all-recursive] Error 1
> > make[1]: Leaving directory
`/home/davidt/snort/snort-2.8.0.1 <http://2.8.0.1>
> <http://2.8.0.1>
>
> > <http://2.8.0.1>'
>
> >
> > Note that I am on x86_64 architecture, if that makes a
> difference. For
> > this attempt, I used the following library versions to
fulfill
> dependencies:
> > 1) libpcap-0.9.8 compiled from source.
> > 2) pcre-7.6 compiled from source.
> > 3) libnet-1.0.2a compiled from source (I have seen the
> problems people
> > have had with the 1.1.2 version coming from RPMs).
> > 4) libdnet-1.11 compiled from source.
> > 5) mysql-5.0.22-2.2.el5_1.1 from RPM.
> > 6) libprelude-0.9.16.2 compiled from source.
> > 7) iptables-devel-1.3.5-1.2.1 from RPM
> >
> > Here's the configure directive I'm using:
> > ./configure --prefix=/usr/local/snort --enable-64bit-gcc
> > --enable-prelude --enable-inline
> > --with-libpcap-includes=/usr/local/snort/include
> > --with-libpcap-libraries=/usr/local/snort/lib
> > --with-libpcre-includes=/usr/local/snort/include
> > --with-libpcre-libraries=/usr/local/snort/lib
> > --with-libnet-includes=/usr/local/snort/include
> > --with-libnet-libraries=/usr/local/snort/lib
> > --with-dnet-includes=/usr/local/snort/include
> > --with-dnet-libraries=/usr/local/snort/lib
--with-mysql=/usr/bin
> > --with-mysql-includes=/usr/include
> --with-mysql-libraries=/usr/lib64
> > --with-libprelude-prefix=/usr/local
> --with-libipq-includes=/usr/include
> > --with-libipq-libraries=/usr/lib64
> >
> > I am happy to provide more info if necessary.
> >
> > As an aside, I'm also having problems with flexresp2
> compilation, but
> > that's a separate issue. At this point I'd like to try
inline
> first and
> > see how it works before falling back on flexresp2.
> >
> > TIA,
> > Dave
> >
> >
>
> >
>
------------------------------------------------------------------------
> >
> >
>
-------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> >
> >
> >
>
------------------------------------------------------------------------
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users@lists.sourceforge.net
<mailto:Snort-users@lists.sourceforge.net>
> <mailto:Snort-users@lists.sourceforge.net
<mailto:Snort-users@lists.sourceforge.net>>
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
