search

firnsy / barnyard2

Barnyard2 is a dedicated spooler for Snort's unified2 binary output format.
GNU General Public License v2.0
344 stars 190 forks source link

Will not compile with libpcap.1.9.0 #245

Open csbflyer opened 5 years ago

csbflyer commented 5 years ago

I am unable to make barnyard2-master with the latest libpcap.1.9.0. Works fine with libpcap.1.8.1. Below is the error I receive:

make all-recursive make[1]: Entering directory /home/analyst/installation_files/barnyard2-master' Making all in src make[2]: Entering directory/home/analyst/installation_files/barnyard2-master/src' Making all in sfutil make[3]: Entering directory /home/analyst/installation_files/barnyard2-master/src/sfutil' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c getopt_long.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sfmemcap.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sfprimetable.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sfxhash.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_ip.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_iph.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_ipvar.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_textlog.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_vartable.c rm -f libsfutil.a ar cru libsfutil.a getopt_long.o sfmemcap.o sfprimetable.o sfxhash.o sf_ip.o sf_iph.o sf_ipvar.o sf_textlog.o sf_vartable.o ranlib libsfutil.a make[3]: Leaving directory/home/analyst/installation_files/barnyard2-master/src/sfutil' Making all in output-plugins make[3]: Entering directory /home/analyst/installation_files/barnyard2-master/src/output-plugins' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_arubaaction.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_bro.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_cef.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_csv.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_fast.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_full.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_fwsam.c make[3]: Leaving directory/home/analyst/installation_files/barnyard2-master/src/output-plugins' make[2]: Leaving directory /home/analyst/installation_files/barnyard2-master/src' make[1]: Leaving directory/home/analyst/installation_files/barnyard2-master' In file included from ../decode.h:49:0, from ../plugbase.h:70, from ../spooler.h:32, from ../barnyard2.h:52, from spo_alert_fwsam.c:91: /opt/snort/include/sfbpf_dlt.h:642:0: warning: "DLT_IEEE802_15_4" redefined [enabled by default]

define DLT_IEEE802_15_4 195

^ In file included from /opt/snort/include/pcap/bpf.h:109:0, from /opt/snort/include/pcap/pcap.h:88, from /opt/snort/include/pcap.h:43, from ../barnyard2.h:46, from spo_alert_fwsam.c:91: /opt/snort/include/pcap/dlt.h:749:0: note: this is the location of the previous definition

define DLT_IEEE802_15_4 DLT_IEEE802_15_4_WITHFCS

^ In file included from /opt/snort/include/pcap.h:43:0, from ../barnyard2.h:46, from spo_alert_fwsam.c:91: /opt/snort/include/pcap/pcap.h:950:18: error: two or more data types in declaration specifiers

define SOCKET int

              ^

spo_alert_fwsam.c:118:13: note: in expansion of macro ‘SOCKET’ typedef int SOCKET; ^ spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration [enabled by default] typedef int SOCKET; ^ spo_alert_fwsam.c: In function ‘AlertFWsam’: spo_alert_fwsam.c:981:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable] ClassType *cn = NULL; ^ spo_alert_fwsam.c:973:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable] static unsigned short lastbsp[FWSAM_REPET_BLOCKS]; ^ make[3]: [spo_alert_fwsam.o] Error 1 make[2]: [all-recursive] Error 1 make[1]: [all-recursive] Error 1 make: [all] Error 2

csbflyer commented 5 years ago

This occurs when trying to compile with libpcap.1.9.0 snort, libpcap and daq all exist in /opt/snort.

q2dg commented 5 years ago

Well, it seems this project is pretty abandoned, isn't?

YBSNNLRX commented 5 years ago

I have the same problem as you,Have you solved it?

csbflyer commented 5 years ago

I switched to previous version of libpcap, however, you can compile barnyard2 in separate directory from snort with libpcap 1.9.0. /opt/snort /opt/barnyard2

YBSNNLRX commented 5 years ago

I switched to libpcap-1.8.1 or libpcap-1.5.3,then compile barnyard2 also display below error : make all-recursive make[1]: Entering directory/etc/snort/barnyard2' Making all in src make[2]: Entering directory /etc/snort/barnyard2/src' Making all in sfutil make[3]: Entering directory/etc/snort/barnyard2/src/sfutil' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c getopt_long.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sfmemcap.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sfprimetable.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sfxhash.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_ip.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_iph.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_ipvar.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_textlog.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_vartable.c rm -f libsfutil.a ar cru libsfutil.a getopt_long.o sfmemcap.o sfprimetable.o sfxhash.o sf_ip.o sf_iph.o sf_ipvar.o sf_textlog.o sf_vartable.o ranlib libsfutil.a make[3]: Leaving directory /etc/snort/barnyard2/src/sfutil' Making all in output-plugins make[3]: Entering directory/etc/snort/barnyard2/src/output-plugins' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_arubaaction.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_bro.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_cef.c spo_alert_cef.c: In function ‘AlertCEF’: spo_alert_cef.c:500:15: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable] ClassType cn; ^ gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_csv.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_fast.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_full.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_fwsam.c spo_alert_fwsam.c: In function ‘AlertFWsam’: spo_alert_fwsam.c:966:5: error: unknown type name ‘SOCKET’ SOCKET stationsocket; ^ spo_alert_fwsam.c:981:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable] ClassType cn = NULL; ^ spo_alert_fwsam.c:980:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable] SigNode *sn = NULL; ^ spo_alert_fwsam.c:973:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable] static unsigned short lastbsp[FWSAM_REPET_BLOCKS]; ^ spo_alert_fwsam.c: In function ‘FWsamCheckOut’: spo_alert_fwsam.c:1392:5: error: unknown type name ‘SOCKET’ SOCKET stationsocket; ^ spo_alert_fwsam.c: In function ‘FWsamCheckIn’: spo_alert_fwsam.c:1543:5: error: unknown type name ‘SOCKET’ SOCKET stationsocket; ^ make[3]: [spo_alert_fwsam.o] Error 1 make[3]: Leaving directory `/etc/snort/barnyard2/src/output-plugins' make[2]: [all-recursive] Error 1 make[2]: Leaving directory /etc/snort/barnyard2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory/etc/snort/barnyard2' make: *** [all] Error 2`

csbflyer commented 5 years ago

This worked for me: Make snort & libpcap 1.9 in /opt/snort Make barnyard2 in /opt/barnyard2

NathanGibbs3 commented 5 years ago

So as long as snort and barnyard2 are in separate directories, it's possible to build them both with libpcap 1.9. Am I understanding that correctly?

YBSNNLRX commented 5 years ago

Actually snort and barnyard2 is in separate directories, but this error is along exist,I haven't found a solution yet. Do you think it necessary for me to reinstall it?

miladstar77 commented 5 years ago

Hi you can compile with libpcap-1.8.1

YBSNNLRX commented 5 years ago

Thanks,then I successfully reinstalled it with libpcap-1.8.1.

Gerjo commented 4 years ago

My pull request here fixes this particular issue: https://github.com/firnsy/barnyard2/pull/254

ParagVadher commented 4 years ago

My pull request here fixes this particular issue: #254

I am grateful for this great service! Thank you so very much.

FalcoGer commented 4 years ago

My pull request here fixes this particular issue: #254

Works fine. Thank you. Why isn't this merged yet?

519seven commented 3 years ago

@Gerjo Thank you for the fix! I applied this fix, too: https://github.com/firnsy/barnyard2/issues/252 and things are moving along now.

miladstar77 commented 3 years ago

Hi It's compatible with libpcap 1.8.1

On Wed, Nov 11, 2020, 03:15 Mehrshad notifications@github.com wrote:

Hi you can compile with libpcap-1.8.1

How ?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/firnsy/barnyard2/issues/245#issuecomment-725035128, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMFN7SPWZYSFAIPX33XGU33SPHGAHANCNFSM4GRG4IFQ .

Atsuyakitamago commented 2 years ago

I'm sorry for my poor English.

My environment is Ubuntu 20.04 LTS.

I have some questions.

I use "apt" command to manage package.

(1) Which libpcap means "libpcap-dev" or "libpcap0.8" ?

(2) What should I do to uninstall libpcap 1.9.1 and install libpcap 1.8.1 ?

(3) I unistalled libpcap-dev 1.9.1 and installed libpcap-dev 1.8.1.

Then, when I executed "snort -V", result includes a sentence of "Using libpcap version 1.9.1".

What should I do to make this sentence "Using libpcap version 1.8.1"?

I'm sorry for many questions.

NathanGibbs3 commented 2 years ago

What you did in (3) should allow you to build barnyard2. It does not matter which libpcap snort is using.

Atsuyakitamago commented 2 years ago

Sorry for the late reply. It worked. Thank you very much!

Camanche827 commented 10 months ago

Hi to all! I have a problem! I'm trying to build barnyard2 on ubuntu 22.04. But some errors arise. As i saw from previous comments it happens because of libpcap 1.9.1. If its true, please provide me with strict commands for reinstalling libpcap to 1.8.1 version! Thank you!

Camanche827 commented 10 months ago

Thanks,then I successfully reinstalled it with libpcap-1.8.1.

Hello! Do you still remember how you reinstall libpcap?