I think that is normal if you don't already have libnet installed.
David Thibault wrote:
I have attached the config.log from my Libnet-1.0.2a source directory.
It does show some complaints about not finding libnet_build_ip.
Dave
On 2/21/08, *Todd Wease* <twease@sourcefire.com
<mailto:twease@sourcefire.com>> wrote:
There is a check in libnet.h:
#if !(__linux__)
#include <netinet/ip_var.h>
#else /* __linux__ */
#if (HAVE_NET_ETHERNET_H)
#include <net/ethernet.h>
#endif /* HAVE_NET_ETHERNET_H */
#endif /* __linux__ */
Just curious what the output is from configuring libnet. On a 64bit
Fedora Core 6, I get warnings about being an unsupported OS. Also,
HAVE_NET_ETHERNET_H does not get defined. Not sure why I didn't have
the same problem.
David Thibault wrote:
> OK, so I set my libnet-headers.h back the way they were before Todd's
> previously suggested edit, then I tried option 1 below, and it
compiled.
> I will give it a spin and post to the group after verifying that
> inline works properly. I anticipate that it will since it compiled
> properly.
>
> Thanks, Todd!
> Dave
>
> On 2/21/08, *Todd Wease* <twease@sourcefire.com
<mailto:twease@sourcefire.com>
> <mailto:twease@sourcefire.com <mailto:twease@sourcefire.com>>> wrote:
>
> Two other things to try:
>
> 1) Under your Snort source directory in src/inline.c, try
adding the
> following line just under #include <libnet.h>:
>
> #include <net/ethernet.h>
>
> If this does not work, try:
>
> 2) In src/inline.h, just under #include "snort.h", try adding the
> following:
>
> struct ether_addr
> {
> u_char ether_addr_octet[6];
> };
>
> and see if that works. Let us know.
>
>
> Thanks,
> Todd
>
> David Thibault wrote:
>
> > Nope, same (or similar) error:
> > gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src -I../src/sfutil
> > -I/usr/include/pcap -I../src/output-plugins
> -I../src/detection-plugins
> > -I../src/dynamic-plugins -I../src/preprocessors
> > -I../src/preprocessors/flow -I../src/preprocessors/portscan
> > -I../src/preprocessors/flow/int-snort
> > -I../src/preprocessors/HttpInspect/include
> > -I../src/preprocessors/Stream5 -I../src/target-based
> > -I/usr/local/snort/include -I/usr/local/snort/include
> > -I/usr/local/snort/include -I/usr/local/snort/include
> > -I/usr/local/snort/include -fno-strict-aliasing -g -O2 -Wall
> > -DDYNAMIC_PLUGIN -DGIDS -DLIBNET_LIL_ENDIAN
-fno-strict-aliasing
> -c inline.c
> > inline.c: In function 'InitInlinePostConfig':
> > inline.c:183: warning: pointer targets in passing argument
11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:186: warning: pointer targets in passing argument
10 of
> > 'libnet_build_tcp' differ in signedness
> > inline.c:190: warning: pointer targets in passing argument
11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:192: warning: pointer targets in passing argument
13 of
> > 'libnet_build_icmp_unreach' differ in signedness
> > inline.c:201: warning: pointer targets in passing argument
11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:204: warning: pointer targets in passing argument
10 of
> > 'libnet_build_tcp' differ in signedness
> > inline.c:208: warning: pointer targets in passing argument
11 of
> > 'libnet_build_ip' differ in signedness
> > inline.c:210: warning: pointer targets in passing argument
13 of
> > 'libnet_build_icmp_unreach' differ in signedness
> > inline.c: In function 'IpqLoop':
> > inline.c:282: warning: implicit declaration of function
'sig_check'
> > inline.c: In function 'RejectSocket':
> > inline.c:454: warning: pointer targets in passing argument
1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:461: warning: pointer targets in passing argument
2 of
> > 'libnet_write_ip' differ in signedness
> > inline.c:494: warning: pointer targets in passing argument
1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:502: warning: pointer targets in passing argument
2 of
> > 'libnet_write_ip' differ in signedness
> > inline.c: In function 'RejectLayer2':
> > inline.c:594: error: dereferencing pointer to incomplete type
> > inline.c:629: warning: pointer targets in passing argument
1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:635: warning: pointer targets in passing argument
1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:642: warning: pointer targets in passing argument
6 of
> > 'libnet_build_ethernet' differ in signedness
> > inline.c:649: warning: pointer targets in passing argument
3 of
> > 'libnet_write_link_layer' differ in signedness
> > inline.c:683: warning: pointer targets in passing argument
1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:689: warning: pointer targets in passing argument
1 of
> > 'libnet_do_checksum' differ in signedness
> > inline.c:697: warning: pointer targets in passing argument
6 of
> > 'libnet_build_ethernet' differ in signedness
> > inline.c:707: warning: pointer targets in passing argument
3 of
> > 'libnet_write_link_layer' differ in signedness
> > make[3]: *** [inline.o] Error 1
> > make[3]: Leaving directory
`/home/davidt/snort/snort-2.8.0.1/src <http://2.8.0.1/src>
> <http://2.8.0.1/src>
>
> > <http://2.8.0.1/src>'
> > make[2]: *** [all-recursive] Error 1
> > make[2]: Leaving directory
`/home/davidt/snort/snort-2.8.0.1/src <http://2.8.0.1/src>
> <http://2.8.0.1/src>
> > <http://2.8.0.1/src>'
> > make[1]: *** [all-recursive] Error 1
> > make[1]: Leaving directory
`/home/davidt/snort/snort-2.8.0.1 <http://2.8.0.1>
> <http://2.8.0.1>
> > <http://2.8.0.1>'
>
> > make: *** [all] Error 2
> >
> > This time I left off the other --enable-* statements and just
> went with
> > the following configure command (still pointing to all my libs
> and incs
> > just in case):
> > ./configure --enable-inline
> > --with-libpcap-includes=/usr/local/snort/include
> > --with-libpcap-libraries=/usr/local/snort/lib
> > --with-libpcre-includes=/usr/local/snort/include
> > --with-libpcre-libraries=/usr/local/snort/lib
> > --with-libnet-includes=/usr/local/snort/include
> > --with-libnet-libraries=/usr/local/snort/lib
> > --with-dnet-includes=/usr/local/snort/include
> > --with-dnet-libraries=/usr/local/snort/lib
> >
> > Best,
> > Dave
> >
> > On 2/21/08, *David Thibault* <dave@itstrategypartners.com
<mailto:dave@itstrategypartners.com>
> <mailto:dave@itstrategypartners.com
<mailto:dave@itstrategypartners.com>>
>
> > <mailto:dave@itstrategypartners.com
<mailto:dave@itstrategypartners.com>
> <mailto:dave@itstrategypartners.com
<mailto:dave@itstrategypartners.com>>>> wrote:
> >
> > Thanks, Todd. I will try that and post the results.
> >
> >
> > Best,
> > Dave
> >
> >
> > On 2/21/08, *Todd Wease* <twease@sourcefire.com
<mailto:twease@sourcefire.com>
> <mailto:twease@sourcefire.com <mailto:twease@sourcefire.com>>
>
> > <mailto:twease@sourcefire.com
<mailto:twease@sourcefire.com>
> <mailto:twease@sourcefire.com
<mailto:twease@sourcefire.com>>>> wrote:
> >
> > David,
> >
> > My only guess is that "struct ether_addr" is not
getting
> defined
> > on your
> > system. Try editing libnet-headers.h (most likely in
> > /usr/include/libnet). At or around line 391,
remove the #if
> > (!__GLIBC__) / #endif lines and see if that solves the
> > problem. If not,
> > please repost results.
> >
> > Thanks,
> > Todd
> >
> >
> > David Thibault wrote:
> > > Hello all,
> > >
> > > I have been banging my head against the
keyboard for 2
> days
> > now...=) I
> >
> > > am trying to install Snort 2.8.0.1
<http://2.8.0.1> <http://2.8.0.1>
> <http://2.8.0.1>
> > <http://2.8.0.1> on Centos 5.1. I
> >
> > > have tried using RPMs for the library and include
> > dependencies, and
> > > tried with compiling everything from
source. Every time I
> > > --enable-inline I get the following errors:
> > >
> > > make[3]: Entering directory
> > `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src>
> <http://2.8.0.1/src> <http://2.8.0.1/src>
> >
> > > <http://2.8.0.1/src>'
> >
> > > gcc -m64 -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../src
> > -I../src/sfutil
> > > -I/usr/include/pcap -I../src/output-plugins
> > -I../src/detection-plugins
> > > -I../src/dynamic-plugins -I../src/preprocessors
> > > -I../src/preprocessors/flow
> -I../src/preprocessors/portscan
> > > -I../src/preprocessors/flow/int-snort
> > > -I../src/preprocessors/HttpInspect/include
> > > -I../src/preprocessors/Stream5
-I../src/target-based
> > > -I/usr/local/snort/include
-I/usr/local/snort/include
> > > -I/usr/local/snort/include
-I/usr/local/snort/include
> > > -I/usr/include/mysql -DENABLE_MYSQL
> -I/usr/local/snort/include
> > > -fno-strict-aliasing -O0 -g -Wall -pthread
> -I/usr/local/include
> > > -DDYNAMIC_PLUGIN -DGIDS -DLIBNET_LIL_ENDIAN
> > -fno-strict-aliasing -c inline.c
> > > inline.c: In function 'InitInlinePostConfig':
> > > inline.c:183: warning: pointer targets in passing
> argument 11 of
> > > 'libnet_build_ip' differ in signedness
> > > inline.c:186: warning: pointer targets in passing
> argument 10 of
> > > 'libnet_build_tcp' differ in signedness
> > > inline.c:190: warning: pointer targets in passing
> argument 11 of
> > > 'libnet_build_ip' differ in signedness
> > > inline.c:192: warning: pointer targets in passing
> argument 13 of
> > > 'libnet_build_icmp_unreach' differ in signedness
> > > inline.c:201: warning: pointer targets in passing
> argument 11 of
> > > 'libnet_build_ip' differ in signedness
> > > inline.c:204: warning: pointer targets in passing
> argument 10 of
> > > 'libnet_build_tcp' differ in signedness
> > > inline.c:208: warning: pointer targets in passing
> argument 11 of
> > > 'libnet_build_ip' differ in signedness
> > > inline.c:210: warning: pointer targets in passing
> argument 13 of
> > > 'libnet_build_icmp_unreach' differ in signedness
> > > inline.c: In function 'IpqLoop':
> > > inline.c:282: warning: implicit declaration of
function
> > 'sig_check'
> > > inline.c: In function 'RejectSocket':
> > > inline.c:454: warning: pointer targets in passing
> argument 1 of
> > > 'libnet_do_checksum' differ in signedness
> > > inline.c:461: warning: pointer targets in passing
> argument 2 of
> > > 'libnet_write_ip' differ in signedness
> > > inline.c:494: warning: pointer targets in passing
> argument 1 of
> > > 'libnet_do_checksum' differ in signedness
> > > inline.c:502: warning: pointer targets in passing
> argument 2 of
> > > 'libnet_write_ip' differ in signedness
> > > inline.c: In function 'RejectLayer2':
> > > inline.c:594: error: dereferencing pointer to
> incomplete type
> > > inline.c:629: warning: pointer targets in passing
> argument 1 of
> > > 'libnet_do_checksum' differ in signedness
> > > inline.c:635: warning: pointer targets in passing
> argument 1 of
> > > 'libnet_do_checksum' differ in signedness
> > > inline.c:642: warning: pointer targets in passing
> argument 6 of
> > > 'libnet_build_ethernet' differ in signedness
> > > inline.c:649: warning: pointer targets in passing
> argument 3 of
> > > 'libnet_write_link_layer' differ in signedness
> > > inline.c:683: warning: pointer targets in passing
> argument 1 of
> > > 'libnet_do_checksum' differ in signedness
> > > inline.c:689: warning: pointer targets in passing
> argument 1 of
> > > 'libnet_do_checksum' differ in signedness
> > > inline.c:697: warning: pointer targets in passing
> argument 6 of
> > > 'libnet_build_ethernet' differ in signedness
> > > inline.c:707: warning: pointer targets in passing
> argument 3 of
> > > 'libnet_write_link_layer' differ in signedness
> > > make[3]: *** [inline.o] Error 1
> > > make[3]: Leaving directory
> > `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src>
> <http://2.8.0.1/src> <http://2.8.0.1/src>
> >
> > > <http://2.8.0.1/src>'
> >
> > > make[2]: *** [all-recursive] Error 1
> > > make[2]: Leaving directory
> > `/home/davidt/snort/snort-2.8.0.1/src
<http://2.8.0.1/src>
> <http://2.8.0.1/src> <http://2.8.0.1/src>
> >
> > > <http://2.8.0.1/src>'
> >
> > > make[1]: *** [all-recursive] Error 1
> > > make[1]: Leaving directory
> `/home/davidt/snort/snort-2.8.0.1 <http://2.8.0.1>
<http://2.8.0.1>
> > <http://2.8.0.1>
> >
> > > <http://2.8.0.1>'
> >
> > >
> > > Note that I am on x86_64 architecture, if that
makes a
> > difference. For
> > > this attempt, I used the following library
versions to
> fulfill
> > dependencies:
> > > 1) libpcap-0.9.8 compiled from source.
> > > 2) pcre-7.6 compiled from source.
> > > 3) libnet-1.0.2a compiled from source (I have
seen the
> > problems people
> > > have had with the 1.1.2 version coming from RPMs).
> > > 4) libdnet-1.11 compiled from source.
> > > 5) mysql-5.0.22-2.2.el5_1.1 from RPM.
> > > 6) libprelude-0.9.16.2 compiled from source.
> > > 7) iptables-devel-1.3.5-1.2.1 from RPM
> > >
> > > Here's the configure directive I'm using:
> > > ./configure --prefix=/usr/local/snort
--enable-64bit-gcc
> > > --enable-prelude --enable-inline
> > > --with-libpcap-includes=/usr/local/snort/include
> > > --with-libpcap-libraries=/usr/local/snort/lib
> > > --with-libpcre-includes=/usr/local/snort/include
> > > --with-libpcre-libraries=/usr/local/snort/lib
> > > --with-libnet-includes=/usr/local/snort/include
> > > --with-libnet-libraries=/usr/local/snort/lib
> > > --with-dnet-includes=/usr/local/snort/include
> > > --with-dnet-libraries=/usr/local/snort/lib
> --with-mysql=/usr/bin
> > > --with-mysql-includes=/usr/include
> > --with-mysql-libraries=/usr/lib64
> > > --with-libprelude-prefix=/usr/local
> > --with-libipq-includes=/usr/include
> > > --with-libipq-libraries=/usr/lib64
> > >
> > > I am happy to provide more info if necessary.
> > >
> > > As an aside, I'm also having problems with
flexresp2
> > compilation, but
> > > that's a separate issue. At this point I'd like
to try
> inline
> > first and
> > > see how it works before falling back on flexresp2.
> > >
> > > TIA,
> > > Dave
> > >
> > >
> >
> > >
> >
>
------------------------------------------------------------------------
> > >
> > >
> >
>
-------------------------------------------------------------------------
> > > This SF.net email is sponsored by: Microsoft
> > > Defy all challenges. Microsoft(R) Visual Studio
2008.
> >
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > >
> > >
> > >
> >
>
------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users@lists.sourceforge.net
<mailto:Snort-users@lists.sourceforge.net>
> <mailto:Snort-users@lists.sourceforge.net
<mailto:Snort-users@lists.sourceforge.net>>
>
> > <mailto:Snort-users@lists.sourceforge.net
<mailto:Snort-users@lists.sourceforge.net>
> <mailto:Snort-users@lists.sourceforge.net
<mailto:Snort-users@lists.sourceforge.net>>>
>
> > > Go to this URL to change user options or
unsubscribe:
> >
> https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> >
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >
> >
> >
> >
>
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
