On Tue, May 29, 2012 at 09:54:11PM +0200, Markus Lude wrote: > On Tue, May 29, 2012 at 11:27:08AM +0100, Community - Dogn?dis wrote: > > On 05/28/2012 10:47 PM, Markus Lude wrote: > > > builds on i386 and sparc64, so far tested with unflavored version on > > > i386. > > > > Hi, > > Glad you're working on this again. > > I've been running Lawrence (lteo@) version for a while, 2.9.2 without > > issues. > > I only have an amd64/5.0 (with the libcap diff applied) for tests so > > all of this has been there.
I agree with Rodolfo, thank you for working on this again.. your ports are so much better than mine! :) > > But I can't get yours to download because of dl.snort.org on MASTER_SITES, > > I was using www.snort.org before, so I changed it and it works. > > Did dl.snort.org work for you without issues? > > It worked somewere in the past, I changed it. Thanks for the hint. In case it helps, http://www.snort.org/snort-downloads/cli also has notes on URLs that you can use to download the distfiles. > > After that I got a build error on snort: > > /usr/bin/ld: /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): > > relocation R_X86_64_32S can not be used when making a shar > > ed object; recompile with -fPIC > > /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): could not read > > symbols: Bad value > > collect2: ld returned 1 exit status > > Error while executing cc -shared -fPIC -DPIC -o .libs/libsf_engine.so -O2 > > -pipe -DSF_VISIBILITY -fvisibility=hidden -fno-strict-alia > > sing -Wall -shared -Wl,-R/usr/local/lib .libs/bmh.o > > .libs/sf_snort_detection_engine.o .libs/sf_snort_plugin_api.o > > .libs/sf_snort_plu > > gin_byte.o .libs/sf_snort_plugin_content.o .libs/sf_snort_plugin_hdropts.o > > .libs/sf_snort_plugin_loop.o .libs/sf_snort_plugin_pcre.o > > .libs/sf_snort_plugin_rc4.o .libs/sf_decompression.o .libs/sfhashfcn.o > > .libs/sfghash.o .libs/sfprimetable.o .libs/sf_ip.o -L.libs - > > Wl,-whole-archive /usr/local/lib/libdaq_static.a -Wl,-no-whole-archive > > -ldnet -lpcre -lm -Wl,-whole-archive /usr/local/lib/libdaq_st > > atic_modules.a -Wl,-no-whole-archive -lsfbpf -lpcap -lz -lpthread > > *** Error code 2 > > > > Tracked it down to daq port. I also was using: > > CFLAGS="-fPIC" > > which is missing, so I added it and built daq again. > > And now snort builds without any probs. > > Just did light running with it and seems to run. > > This seems only to appear on amd64. I added it. > I also removed comments which were left over from former versions. Now I remember why that -fPIC was there in my own version :) I have done quick tests with your daq and Snort 2.9.2.3 ports on amd64 and they work fine, where I was able to trigger a test alert. Only comment is perhaps the "preprocessor reputation" block in snort.conf should be commented out, because it causes the following error if users use the port's snort.conf as-is: Reputation config: ERROR: /etc/snort/snort.conf(511) => Unable to open address file /etc/snort/../rules/white_list.rules, Error: No such file or directory Fatal Error, Quitting.. Furthermore, README.reputation has the following warning about the reputation preprocessor: ########################################## # THIS CODE IS STILL EXPERIMENTAL! # DO NOT USE IN PRODUCTION ENVIRONMENTS. # Please send any issues to the Snort team ########################################## I will test some more. Thank you, Lawrence
