snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] snort-3.0.0b3 on FreeBSD 7.2 UUID

Re: [Snort-users] snort-3.0.0b3 on FreeBSD 7.2 UUID library fail

From: Russ Combs <rcombs_at_nospam>
Date: Fri May 22 2009 - 15:29:55 GMT
To: Richard Bejtlich <taosecurity@gmail.com>


Richard,

The only FreeBSD system I got access to doesn't seem to support a distinct thread ID access method. Below is a patch that you can use as a workaround.

It uses process ID in lieu of thread ID. This primarily affects log statements. The only area where it will affect performance is with CPU affinity - all threads will be assigned the same CPU - unless getpid() actually returns a thread ID on those systems.

Let me know if this gets you going or if you you find a better solution.

Thanks
Russ

Index: s_util/include/s_thread.h



RCS file:
/usr/cvsroot/sfeng/ims/sfsnort/sfips/src/s_util/include/s_thread.h,v retrieving revision 1.37
diff -u -B -b -r1.37 s_thread.h
--- s_util/include/s_thread.h 26 Nov 2008 18:53:44 -0000 1.37 +++ s_util/include/s_thread.h 22 May 2009 15:22:24 -0000 @@ -39,7 +39,8 @@
#include "s_types.h"
#include "s_cpuclock.h"

-static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); } +//static ALWAYS_INLINE pid_t s_gettid(void) { return syscall(__NR_gettid); }
+static ALWAYS_INLINE pid_t s_gettid(void) { return getpid(); }

 SO_PUBLIC int s_set_affinity(int cpu);

On Thu, May 7, 2009 at 6:53 PM, Richard Bejtlich <taosecurity@gmail.com>wrote: > On Thu, May 7, 2009 at 5:49 PM, Russ Combs <rcombs@sourcefire.com> wrote: > > After installing the uuid libs, configure still couldn't find them. (It > > could find the header, but not the actual lib.) > > > > configure:19250: checking for uuid_generate in -luuid > > configure:19285: gcc -o conftest -g -fno-strict-aliasing > > -fvisibility=hidden -I/usr/local/include/lua51 -fno-strict-aliasing > > -I/usr/local/include -L/usr/local/lib/lua51 -L/usr/lib conftest.c -luuid > > -lm -lpthread -lrt >&5 > > /usr/bin/ld: cannot find -luuid > > Try this: > > > > export LDFLAGS="-L/usr/local/lib" > > > > and then configure. > > > > Russ > > Thanks Rmkml and Russ! I got the following to work until I had to > "make" (shown later) > > fbsd7# setenv CPPFLAGS "-I/usr/local/lib" > fbsd7# setenv LDFLAGS "-L/usr/local/lib" > > fbsd7# pkg_add -r bison > > fbsd7# ./configure --prefix=/usr/local/snortsp-3.0.0b3 --with-uuid-lib=e2fs > > Then I encountered a new error: > > fbsd7# make && make install > make all-recursive > Making all in src > Making all in s_util > Making all in include > Making all in libsbpf > /bin/sh ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H > -I. -I../../.. -I../../.. -I../../../src/s_util/libsbpf/bpf > -I../../../src/s_util/libsbpf/net -I../../../src/s_util > -I../../../src/s_util/include -I../../../src/data_source > -I../../../src/data_source/daq -I../../../src/data_source/decode > -I../../../src/data_source/flow -I../../../src/platform > -I../../../src/comms -I../../../src/analysis -I../../../src/output > -I.. -I/usr/local/include/lua51 -I/usr/local/lib > -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include > -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing > -fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF > .deps/libsbpf_la-s_bpf_filter.Tpo -c -o libsbpf_la-s_bpf_filter.lo > `test -f 'bpf/s_bpf_filter.c' || echo './'`bpf/s_bpf_filter.c > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../.. > -I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net > -I../../../src/s_util -I../../../src/s_util/include > -I../../../src/data_source -I../../../src/data_source/daq > -I../../../src/data_source/decode -I../../../src/data_source/flow > -I../../../src/platform -I../../../src/comms -I../../../src/analysis > -I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib > -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include > -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing > -fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF > .deps/libsbpf_la-s_bpf_filter.Tpo -c bpf/s_bpf_filter.c -fPIC -DPIC > -o .libs/libsbpf_la-s_bpf_filter.o > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../.. > -I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net > -I../../../src/s_util -I../../../src/s_util/include > -I../../../src/data_source -I../../../src/data_source/daq > -I../../../src/data_source/decode -I../../../src/data_source/flow > -I../../../src/platform -I../../../src/comms -I../../../src/analysis > -I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib > -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include > -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing > -fvisibility=hidden -O2 -MT libsbpf_la-s_bpf_filter.lo -MD -MP -MF > .deps/libsbpf_la-s_bpf_filter.Tpo -c bpf/s_bpf_filter.c -o > libsbpf_la-s_bpf_filter.o >/dev/null 2>&1 > mv -f .deps/libsbpf_la-s_bpf_filter.Tpo .deps/libsbpf_la-s_bpf_filter.Plo > /bin/sh ../../../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H > -I. -I../../.. -I../../.. -I../../../src/s_util/libsbpf/bpf > -I../../../src/s_util/libsbpf/net -I../../../src/s_util > -I../../../src/s_util/include -I../../../src/data_source > -I../../../src/data_source/daq -I../../../src/data_source/decode > -I../../../src/data_source/flow -I../../../src/platform > -I../../../src/comms -I../../../src/analysis -I../../../src/output > -I.. -I/usr/local/include/lua51 -I/usr/local/lib > -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include > -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing > -fvisibility=hidden -O2 -MT libsbpf_la-s_gencode.lo -MD -MP -MF > .deps/libsbpf_la-s_gencode.Tpo -c -o libsbpf_la-s_gencode.lo `test -f > 'bpf/s_gencode.c' || echo './'`bpf/s_gencode.c > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../../.. -I../../.. > -I../../../src/s_util/libsbpf/bpf -I../../../src/s_util/libsbpf/net > -I../../../src/s_util -I../../../src/s_util/include > -I../../../src/data_source -I../../../src/data_source/daq > -I../../../src/data_source/decode -I../../../src/data_source/flow > -I../../../src/platform -I../../../src/comms -I../../../src/analysis > -I../../../src/output -I.. -I/usr/local/include/lua51 -I/usr/local/lib > -I/usr/local/include/lua51 -fno-strict-aliasing -I/usr/local/include > -Wall -DBUILDING_SO -Dyylval=s_bpf_lval -g -fno-strict-aliasing > -fvisibility=hidden -O2 -MT libsbpf_la-s_gencode.lo -MD -MP -MF > .deps/libsbpf_la-s_gencode.Tpo -c bpf/s_gencode.c -fPIC -DPIC -o > .libs/libsbpf_la-s_gencode.o > In file included from bpf/s_gencode.c:62: > ../../../src/s_util/include/s_thread.h:36:26: error: linux/unistd.h: > No such file or directory > In file included from bpf/s_gencode.c:62: > ../../../src/s_util/include/s_thread.h: In function 's_gettid': > ../../../src/s_util/include/s_thread.h:42: error: '__NR_gettid' > undeclared (first use in this function) > ../../../src/s_util/include/s_thread.h:42: error: (Each undeclared > identifier is reported only once > ../../../src/s_util/include/s_thread.h:42: error: for each function it > appears in.) > *** Error code 1 > > Stop in /usr/local/src/snortsp-3.0.0b3/src/s_util/libsbpf. > *** Error code 1 > > Stop in /usr/local/src/snortsp-3.0.0b3/src/s_util. > *** Error code 1 > > Stop in /usr/local/src/snortsp-3.0.0b3/src. > *** Error code 1 > > Stop in /usr/local/src/snortsp-3.0.0b3. > *** Error code 1 > > Stop in /usr/local/src/snortsp-3.0.0b3. > > Anyone recognize that? > > Thank you, > > Richard >

------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com



Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users