I can confirm this too! I update my lab snort sensor every couple days
from CVS, and have been running 1.9x for couple months now. But sometime
last week, someone(CMG!) made changes to spp_http_decode.c
I can NOT compile snort on any of my 4.5/4.6 FreeBSD boxes. I think the
developers are using freebsd on MAC OS X, so the header files might
differ a bit, I'm not sure.
Here is some info about the header files in question....
<headers>
$FreeBSD: src/sys/sys/socket.h,v 1.39.2.7 2001/07/03 11:02:01 ume Exp$
$FreeBSD: src/sys/netinet/in.h,v 1.48.2.8 2002/05/02 02:36:50 silby Exp$
$FreeBSD: src/sys/netinet6/in6.h,v 1.7.2.6 2002/04/28 05:40:26 suz Exp$
$Id: spp_http_decode.c,v 1.42 2002/05/27 17:05:04 chrisgreen Exp $
</headers>
As you can see, in.h and in6.h have been updated recently but socket.h
hasn't been touched for awhile, so I don't think its a "freebsd" issue,
but who knows, it could be. Maybe Kris Kennaway can work with Chris
Green and Iron out these issues. I'll help in anyway I can, I'm just not
a snort or freebsd developer, just a user. ;)

oh ya, Snort 1.8.7beta* works fine still, so luckly the "change" hasn't
made it to the 1.8.x branch yet!
**WORKS**
-*> Snort! <*-
Version 1.8.7beta6 (Build 121)
-*> Snort! <*-
Version 1.9-dev (Build 134)<- Last build that I could compile on fbsd4.5
**BROKE**
Current CVS Build (not sure the build # cuz its never compiled)

<changelog>
2002-05-20 Chris Green <cmgsourcefire.com>

         * src/preprocessors/spp_http_decode.c:
           - added newer unidecode function from rfp
           - added "internal_alerts" keyword
2002-05-27 Chris Green <cmgsourcefire.com>

         * src/preprocessors/spp_http_decode.c
           (SetPorts):
         - fatal error on invalid port description
</changelog>

>> Making all in preprocessors
>> gmake[3]: Entering directory
>> `/afs1/sources/CVSUPDATE/snort/src/preprocessors'
>> gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
>> -I../../src/output-plugins -I../../src/detection-plugins
>> -I../../src/preprocessors -I/usr/local/include/mysql -DENABLE_MYSQL -g
>> -O2 -Wall -c spp_http_decode.c
>> In file included from spp_http_decode.c:30:
>> /usr/include/sys/socket.h:52: syntax error before `sa_family_t'
>> /usr/include/sys/socket.h:52: warning: data definition has no type or
>> storage class
>> /usr/include/sys/socket.h:163: syntax error before `u_char'
>> /usr/include/sys/socket.h:174: syntax error before `u_short'
>> /usr/include/sys/socket.h:188: syntax error before `u_char'
>> /usr/include/sys/socket.h:190: `int64_t' undeclared here (not in a
>> function)
>> /usr/include/sys/socket.h:190: `u_char' undeclared here (not in a
>> function)
>> /usr/include/sys/socket.h:190: size of array `__ss_pad1' is too large
>> /usr/include/sys/socket.h:191: syntax error before `int64_t'
>> /usr/include/sys/socket.h:192: `u_char' undeclared here (not in a
>> function)
>> /usr/include/sys/socket.h:192: `int64_t' undeclared here (not in a
>> function)
>> /usr/include/sys/socket.h:192: `u_char' undeclared here (not in a
>> function)
>> /usr/include/sys/socket.h:192: `int64_t' undeclared here (not in a
>> function)
>> /usr/include/sys/socket.h:359: syntax error before `pid_t'
>> /usr/include/sys/socket.h:364: syntax error before `gid_t'
>> /usr/include/sys/socket.h:399: syntax error before `u_short'
>> /usr/include/sys/socket.h:407: syntax error before `caddr_t'
>> /usr/include/sys/socket.h:411: syntax error before `caddr_t'
>> /usr/include/sys/socket.h:444: syntax error before `recv'
>> /usr/include/sys/socket.h:444: warning: data definition has no type or
>> storage class
>> /usr/include/sys/socket.h:445: syntax error before `recvfrom'
>> /usr/include/sys/socket.h:445: warning: data definition has no type or
>> storage class
>> /usr/include/sys/socket.h:446: syntax error before `recvmsg'
>> /usr/include/netinet/in.h:285: syntax error before `u_char'
>> In file included from /usr/include/netinet/in.h:467,
>> from spp_http_decode.c:31:
>> /usr/include/netinet6/in6.h:122: syntax error before `u_int8_t'
>> /usr/include/netinet6/in6.h:144: syntax error before `u_int8_t'
>> /usr/include/netinet6/in6.h:149: syntax error before `u_int32_t'
>> /usr/include/netinet6/in6.h:612: syntax error before `*'
>> /usr/include/netinet6/in6.h:614: syntax error before `*'
>> /usr/include/netinet6/in6.h:614: warning: data definition has no type or
>> storage class
>> /usr/include/netinet6/in6.h:615: syntax error before `u_int8_t'
>> /usr/include/netinet6/in6.h:616: syntax error before `u_int8_t'
>> /usr/include/netinet6/in6.h:631: syntax error before `u_int8_t'
>> /usr/include/netinet6/in6.h:636: syntax error before `u_int8_t'
>> /usr/include/netinet6/in6.h:638: syntax error before `u_int8_t'
>> gmake[3]: *** [spp_http_decode.o] Error 1

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]