Re: net/snort update to 2.9.2.3
On 05/28/2012 10:47 PM, Markus Lude wrote: builds on i386 and sparc64, so far tested with unflavored version on i386. Hi, Glad you're working on this again. I've been running Lawrence (lteo@) version for a while, 2.9.2 without issues. I only have an amd64/5.0 (with the libcap diff applied) for tests so all of this has been there. But I can't get yours to download because of dl.snort.org on MASTER_SITES, I was using www.snort.org before, so I changed it and it works. Did dl.snort.org work for you without issues? After that I got a build error on snort: /usr/bin/ld: /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): relocation R_X86_64_32S can not be used when making a shar ed object; recompile with -fPIC /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): could not read symbols: Bad value collect2: ld returned 1 exit status Error while executing cc -shared -fPIC -DPIC -o .libs/libsf_engine.so -O2 -pipe -DSF_VISIBILITY -fvisibility=hidden -fno-strict-alia sing -Wall -shared -Wl,-R/usr/local/lib .libs/bmh.o .libs/sf_snort_detection_engine.o .libs/sf_snort_plugin_api.o .libs/sf_snort_plu gin_byte.o .libs/sf_snort_plugin_content.o .libs/sf_snort_plugin_hdropts.o .libs/sf_snort_plugin_loop.o .libs/sf_snort_plugin_pcre.o .libs/sf_snort_plugin_rc4.o .libs/sf_decompression.o .libs/sfhashfcn.o .libs/sfghash.o .libs/sfprimetable.o .libs/sf_ip.o -L.libs - Wl,-whole-archive /usr/local/lib/libdaq_static.a -Wl,-no-whole-archive -ldnet -lpcre -lm -Wl,-whole-archive /usr/local/lib/libdaq_st atic_modules.a -Wl,-no-whole-archive -lsfbpf -lpcap -lz -lpthread *** Error code 2 Tracked it down to daq port. I also was using: CFLAGS=-fPIC which is missing, so I added it and built daq again. And now snort builds without any probs. Just did light running with it and seems to run. The database and prelude output plugins is deprecated for 2.9.2 and will be removed for 2.9.3. Should we remove them now too or in another separate diff later? If snort itself is going to remove it I would say remove it as well now. -- Cheers, Rodolfo Gouveia Sponsored by Dognaedis Community Project http://www.dognaedis.com
Re: net/snort update to 2.9.2.3
On Tue, May 29, 2012 at 11:27:08AM +0100, Community - Dognædis wrote: On 05/28/2012 10:47 PM, Markus Lude wrote: builds on i386 and sparc64, so far tested with unflavored version on i386. Hi, Glad you're working on this again. I've been running Lawrence (lteo@) version for a while, 2.9.2 without issues. I only have an amd64/5.0 (with the libcap diff applied) for tests so all of this has been there. But I can't get yours to download because of dl.snort.org on MASTER_SITES, I was using www.snort.org before, so I changed it and it works. Did dl.snort.org work for you without issues? It worked somewere in the past, I changed it. Thanks for the hint. After that I got a build error on snort: /usr/bin/ld: /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): relocation R_X86_64_32S can not be used when making a shar ed object; recompile with -fPIC /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): could not read symbols: Bad value collect2: ld returned 1 exit status Error while executing cc -shared -fPIC -DPIC -o .libs/libsf_engine.so -O2 -pipe -DSF_VISIBILITY -fvisibility=hidden -fno-strict-alia sing -Wall -shared -Wl,-R/usr/local/lib .libs/bmh.o .libs/sf_snort_detection_engine.o .libs/sf_snort_plugin_api.o .libs/sf_snort_plu gin_byte.o .libs/sf_snort_plugin_content.o .libs/sf_snort_plugin_hdropts.o .libs/sf_snort_plugin_loop.o .libs/sf_snort_plugin_pcre.o .libs/sf_snort_plugin_rc4.o .libs/sf_decompression.o .libs/sfhashfcn.o .libs/sfghash.o .libs/sfprimetable.o .libs/sf_ip.o -L.libs - Wl,-whole-archive /usr/local/lib/libdaq_static.a -Wl,-no-whole-archive -ldnet -lpcre -lm -Wl,-whole-archive /usr/local/lib/libdaq_st atic_modules.a -Wl,-no-whole-archive -lsfbpf -lpcap -lz -lpthread *** Error code 2 Tracked it down to daq port. I also was using: CFLAGS=-fPIC which is missing, so I added it and built daq again. And now snort builds without any probs. Just did light running with it and seems to run. This seems only to appear on amd64. I added it. I also removed comments which were left over from former versions. Updated tarball for daq-0.6.2 attached. Regards, Markus daq-062_ver2.tar.gz Description: application/tar-gz
Re: net/snort update to 2.9.2.3
On Tue, May 29, 2012 at 09:54:11PM +0200, Markus Lude wrote: On Tue, May 29, 2012 at 11:27:08AM +0100, Community - Dogn?dis wrote: On 05/28/2012 10:47 PM, Markus Lude wrote: builds on i386 and sparc64, so far tested with unflavored version on i386. Hi, Glad you're working on this again. I've been running Lawrence (lteo@) version for a while, 2.9.2 without issues. I only have an amd64/5.0 (with the libcap diff applied) for tests so all of this has been there. I agree with Rodolfo, thank you for working on this again.. your ports are so much better than mine! :) But I can't get yours to download because of dl.snort.org on MASTER_SITES, I was using www.snort.org before, so I changed it and it works. Did dl.snort.org work for you without issues? It worked somewere in the past, I changed it. Thanks for the hint. In case it helps, http://www.snort.org/snort-downloads/cli also has notes on URLs that you can use to download the distfiles. After that I got a build error on snort: /usr/bin/ld: /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): relocation R_X86_64_32S can not be used when making a shar ed object; recompile with -fPIC /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): could not read symbols: Bad value collect2: ld returned 1 exit status Error while executing cc -shared -fPIC -DPIC -o .libs/libsf_engine.so -O2 -pipe -DSF_VISIBILITY -fvisibility=hidden -fno-strict-alia sing -Wall -shared -Wl,-R/usr/local/lib .libs/bmh.o .libs/sf_snort_detection_engine.o .libs/sf_snort_plugin_api.o .libs/sf_snort_plu gin_byte.o .libs/sf_snort_plugin_content.o .libs/sf_snort_plugin_hdropts.o .libs/sf_snort_plugin_loop.o .libs/sf_snort_plugin_pcre.o .libs/sf_snort_plugin_rc4.o .libs/sf_decompression.o .libs/sfhashfcn.o .libs/sfghash.o .libs/sfprimetable.o .libs/sf_ip.o -L.libs - Wl,-whole-archive /usr/local/lib/libdaq_static.a -Wl,-no-whole-archive -ldnet -lpcre -lm -Wl,-whole-archive /usr/local/lib/libdaq_st atic_modules.a -Wl,-no-whole-archive -lsfbpf -lpcap -lz -lpthread *** Error code 2 Tracked it down to daq port. I also was using: CFLAGS=-fPIC which is missing, so I added it and built daq again. And now snort builds without any probs. Just did light running with it and seems to run. This seems only to appear on amd64. I added it. I also removed comments which were left over from former versions. Now I remember why that -fPIC was there in my own version :) I have done quick tests with your daq and Snort 2.9.2.3 ports on amd64 and they work fine, where I was able to trigger a test alert. Only comment is perhaps the preprocessor reputation block in snort.conf should be commented out, because it causes the following error if users use the port's snort.conf as-is: Reputation config: ERROR: /etc/snort/snort.conf(511) = Unable to open address file /etc/snort/../rules/white_list.rules, Error: No such file or directory Fatal Error, Quitting.. Furthermore, README.reputation has the following warning about the reputation preprocessor: ## # THIS CODE IS STILL EXPERIMENTAL! # DO NOT USE IN PRODUCTION ENVIRONMENTS. # Please send any issues to the Snort team ## I will test some more. Thank you, Lawrence
Re: net/snort update to 2.9.2.3
On Tue, May 29, 2012 at 09:54:11PM +0200, Markus Lude wrote: On Tue, May 29, 2012 at 11:27:08AM +0100, Community - Dogn?dis wrote: On 05/28/2012 10:47 PM, Markus Lude wrote: builds on i386 and sparc64, so far tested with unflavored version on i386. Hi, Glad you're working on this again. I've been running Lawrence (lteo@) version for a while, 2.9.2 without issues. I only have an amd64/5.0 (with the libcap diff applied) for tests so all of this has been there. But I can't get yours to download because of dl.snort.org on MASTER_SITES, I was using www.snort.org before, so I changed it and it works. Did dl.snort.org work for you without issues? It worked somewere in the past, I changed it. Thanks for the hint. After that I got a build error on snort: /usr/bin/ld: /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): relocation R_X86_64_32S can not be used when making a shar ed object; recompile with -fPIC /usr/local/lib/libdaq_static.a(libdaq_static_la-daq_base.o): could not read symbols: Bad value collect2: ld returned 1 exit status Error while executing cc -shared -fPIC -DPIC -o .libs/libsf_engine.so -O2 -pipe -DSF_VISIBILITY -fvisibility=hidden -fno-strict-alia sing -Wall -shared -Wl,-R/usr/local/lib .libs/bmh.o .libs/sf_snort_detection_engine.o .libs/sf_snort_plugin_api.o .libs/sf_snort_plu gin_byte.o .libs/sf_snort_plugin_content.o .libs/sf_snort_plugin_hdropts.o .libs/sf_snort_plugin_loop.o .libs/sf_snort_plugin_pcre.o .libs/sf_snort_plugin_rc4.o .libs/sf_decompression.o .libs/sfhashfcn.o .libs/sfghash.o .libs/sfprimetable.o .libs/sf_ip.o -L.libs - Wl,-whole-archive /usr/local/lib/libdaq_static.a -Wl,-no-whole-archive -ldnet -lpcre -lm -Wl,-whole-archive /usr/local/lib/libdaq_st atic_modules.a -Wl,-no-whole-archive -lsfbpf -lpcap -lz -lpthread *** Error code 2 Tracked it down to daq port. I also was using: CFLAGS=-fPIC which is missing, so I added it and built daq again. And now snort builds without any probs. Just did light running with it and seems to run. This seems only to appear on amd64. I added it. I also removed comments which were left over from former versions. Updated tarball for daq-0.6.2 attached. No no no. Don't create more nasty hacks like this. Linking non-PIC code to shared libraries is not portable. Get upstream to fix this properly and use the shared library that is already built. This issue is not specific to OpenBSD either. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: net/snort update to 2.9.2.3
On 2012/05/28 23:47, Markus Lude wrote: I dropped the flexresp flavor, configure param --enable-flexresp3 is now default. I need some help with pkg markers to deal with this. just @pkgpath net/snort,flexresp should be enough; to test: build a new package including this marker, copy it to some directory (e.g. /tmp), install the old snort-flexresp package, PKG_PATH=/tmp/ sudo pkg_add -u and check that it gets updated.
