From munk@munk.me.uk  Tue Sep  5 20:36:30 2006
Return-Path: <munk@munk.me.uk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4DBCB16A4DD;
	Tue,  5 Sep 2006 20:36:30 +0000 (UTC)
	(envelope-from munk@munk.me.uk)
Received: from munk.me.uk (mail.munk.me.uk [213.152.51.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E0CC343D58;
	Tue,  5 Sep 2006 20:36:12 +0000 (GMT)
	(envelope-from munk@munk.me.uk)
Received: from munk by munk.me.uk with local (Exim 4.63 (FreeBSD))
	(envelope-from <munk@munk.me.uk>)
	id 1GKheU-0001FW-3j; Tue, 05 Sep 2006 21:36:10 +0100
Message-Id: <20060905203609.GA4247@munk.me.uk>
Date: Tue, 5 Sep 2006 21:36:10 +0100
From: Jez Hancock <jez.hancock@munk.me.uk>
Sender: Jez Hancock <munk@munk.me.uk>
Reply-To: Jez Hancock <jez.hancock@munk.me.uk>
To: FreeBSD-gnats-submit@freebsd.org
Cc: clsung@FreeBSD.org, snort-users@lists.sourceforge.net
Subject: Snort make build fails on FreeBSD 4.11

>Number:         102922
>Category:       ports
>Synopsis:       Snort make build fails on FreeBSD 4.11
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    clsung
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 05 20:40:18 GMT 2006
>Closed-Date:    Wed Sep 06 06:16:27 GMT 2006
>Last-Modified:  Wed Sep 06 06:16:27 GMT 2006
>Originator:     Jez Hancock
>Release:        FreeBSD 4.11-STABLE i386
>Organization:
n/a
>Environment:
FreeBSD users.munk.me.uk 4.11-STABLE FreeBSD 4.11-STABLE #0:=
 Thu Apr 27 02:47:55 BST 2006 root@users.munk.nu:/usr/obj/usr/src/sys/MUNKB=
OXEN i386

>Description:
Build of snort 2.6.0 fails on FreeBSD 4.11.  Seems to be a problem
building the dynamic-rule target(?) 'all-am' - make build is successful
when run with the -DWITHOUT_DYNAMIC flag on FreeBSD 4.11.

Apparently the build is ok on 6.x maintainer - only 4.x seems to be
affected, unsure of 5.x.

In researching the problem I came across a similar problem with snort
here:

http://marc.theaimsgroup.com/?l=3Dsnort-users&m=3D102319926701636&w=3D2

which was resolved here:

http://marc.theaimsgroup.com/?l=3Dsnort-users&m=3D102322142426677&w=3D2

although how relevant that fix is to this problem I can't say - the
message was:

cvs update - sys/types.h should be before socket.h

so I'm wondering if this problem has something to do with header files
not being included on FreeBSD 4.11 that are involved in the dynamic rule
processing section of the code?  May be way off though.  cc'ing to
snort-users list in the hope the snort developers might have some
insight in the issue.


Output of errors listed below:

[18:18:10] root@users /home/munk/ports/security/snort#=1B[105C  ; make build
=3D=3D=3D>  Building for snort-2.6.0
make  all-recursive
Making all in src
<snip>
Making all in dynamic-rule
cp ../include/sfsnort_dynamic_detection_lib.c sfsnort_dynamic_detection_lib=
=2Ec
cp ../include/sfsnort_dynamic_detection_lib.h sfsnort_dynamic_detection_lib=
=2Eh
make  all-am
/bin/sh /usr/local/bin/libtool --mode=3Dcompile --tag=3DCC cc -DHAVE_CONFIG=
_H  -I. -I. -I../../.. -I../include  -I/usr/local/include -I/usr/local/incl=
ude/mysql -DENABLE_MYSQL   -O -pipe -Wall -DDYNAMIC_PLUGIN -c -o sfsnort_dy=
namic_detection_lib.lo sfsnort_dynamic_detection_lib.c
mkdir .libs
 cc -DHAVE_CONFIG_H -I. -I. -I../../.. -I../include -I/usr/local/include -I=
/usr/local/include/mysql -DENABLE_MYSQL -O -pipe -Wall -DDYNAMIC_PLUGIN -c =
sfsnort_dynamic_detection_lib.c  -fPIC -DPIC -o .libs/sfsnort_dynamic_detec=
tion_lib.o
In file included from ../include/sf_snort_plugin_api.h:39,
                 from sfsnort_dynamic_detection_lib.c:2:
/usr/include/netinet/in.h:235: syntax error before `in_addr_t'
/usr/include/netinet/in.h:287: syntax error before `u_char'
In file included from /usr/include/netinet/in.h:493,
                 from ../include/sf_snort_plugin_api.h:39,
                 from sfsnort_dynamic_detection_lib.c:2:
/usr/include/netinet6/in6.h:122: syntax error before `u_int8_t'
/usr/include/netinet6/in6.h:144: syntax error before `u_int8_t'
/usr/include/netinet6/in6.h:149: syntax error before `u_int32_t'
/usr/include/netinet6/in6.h:612: syntax error before `*'
/usr/include/netinet6/in6.h:613: warning: type defaults to `int' in declara=
tion of `inet6_option_append'
/usr/include/netinet6/in6.h:614: syntax error before `*'
/usr/include/netinet6/in6.h:614: warning: type defaults to `int' in declara=
tion of `inet6_option_alloc'
/usr/include/netinet6/in6.h:614: warning: data definition has no type or st=
orage class
/usr/include/netinet6/in6.h:615: syntax error before `u_int8_t'
/usr/include/netinet6/in6.h:616: syntax error before `u_int8_t'
/usr/include/netinet6/in6.h:631: syntax error before `u_int8_t'
/usr/include/netinet6/in6.h:636: syntax error before `u_int8_t'
/usr/include/netinet6/in6.h:638: syntax error before `u_int8_t'
*** Error code 1

Stop in /home/munk/ports/security/snort/work/snort-2.6.0/src/dynamic-exampl=
es/dynamic-rule.
*** Error code 1

Stop in /home/munk/ports/security/snort/work/snort-2.6.0/src/dynamic-exampl=
es/dynamic-rule.
*** Error code 1

Stop in /home/munk/ports/security/snort/work/snort-2.6.0/src/dynamic-exampl=
es.
*** Error code 1

Stop in /home/munk/ports/security/snort/work/snort-2.6.0/src/dynamic-exampl=
es.
*** Error code 1

Stop in /home/munk/ports/security/snort/work/snort-2.6.0/src.
*** Error code 1

Stop in /home/munk/ports/security/snort/work/snort-2.6.0.
*** Error code 1

Stop in /home/munk/ports/security/snort/work/snort-2.6.0.
*** Error code 1

Stop in /home/munk/ports/security/snort.

>How-To-Repeat:
cvsup to latest ports tree.

cd /usr/ports/security/snort
make clean build

>Fix:
Temporary workaround for users who don't require dynamic rule
functionality as mentioned above is to pass -DWITHOUT_DYNAMIC flag to
make:

cd /usr/ports/security/snort
make -DWITHOUT_DYNAMIC clean install

However the default port installed snort.conf file will need changing as
per the message displayed by the port when installing WITHOUT_DYNAMIC.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->clsung 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Sep 5 22:22:38 UTC 2006 
Responsible-Changed-Why:  
Over to maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=102922 

Adding to audit trail from misfiled PR ports/102932:

Date: Tue, 5 Sep 2006 23:28:10 -0500
From: Nigel Houghton <nigel@sourcefire.com>
 
 I see the resolution to this bug was "make -DWITHOUT_DYNAMIC clean
 install" and quite correctly the message states that the default
 snort.conf will need changing accordingly. Attached is a patch to 
 the default snort.conf if it is built without dynamic support.
 
 +--------------------------------------------------------------------+
      Nigel Houghton      Research Engineer       Sourcefire Inc.
                    Vulnerability Research Team
 
          There is no theory of evolution, just a list
             of creatures Vin Diesel allows to live.
 
 --- snort.conf.orig	2006-09-05 23:09:25.000000000 -0500
 +++ snort.conf	2006-09-05 23:12:07.000000000 -0500
 @@ -108,7 +108,7 @@
  # Path to your rules files (this can be a relative path)
  # Note for Windows users:  You are advised to make this an absolute path,
  # such as:  c:\snort\rules
 -var RULE_PATH ../rules
 +var RULE_PATH ./rules
  
  # Configure the snort decoder
  # ============================
 @@ -179,7 +179,7 @@
  # Load all dynamic preprocessors from the install path
  # (same as command line option --dynamic-preprocessor-lib-dir)
  #
 -dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
 +#dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
  #
  # Load a specific dynamic preprocessor library from the install path
  # (same as command line option --dynamic-preprocessor-lib)
 @@ -189,7 +189,7 @@
  # Load a dynamic engine from the install path
  # (same as command line option --dynamic-engine-lib)
  #
 -dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
 +#dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
  #
  # Load all dynamic rules libraries from the install path
  # (same as command line option --dynamic-detection-lib-dir)
 @@ -515,32 +515,32 @@
  # or use commandline option
  # --dynamic-preprocessor-lib <full path to libsf_ftptelnet_preproc.so>
  
 -preprocessor ftp_telnet: global \
 -   encrypted_traffic yes \
 -   inspection_type stateful
 -
 -preprocessor ftp_telnet_protocol: telnet \
 -   normalize \
 -   ayt_attack_thresh 200
 +#preprocessor ftp_telnet: global \
 +#   encrypted_traffic yes \
 +#   inspection_type stateful
 +
 +#preprocessor ftp_telnet_protocol: telnet \
 +#   normalize \
 +#   ayt_attack_thresh 200
  
  # This is consistent with the FTP rules as of 18 Sept 2004.
  # CWD can have param length of 200
  # MODE has an additional mode of Z (compressed)
  # Check for string formats in USER & PASS commands
  # Check nDTM commands that set modification time on the file.
 -preprocessor ftp_telnet_protocol: ftp server default \
 -   def_max_param_len 100 \
 -   alt_max_param_len 200 { CWD } \
 -   cmd_validity MODE < char ASBCZ > \
 -   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
 -   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
 -   telnet_cmds yes \
 -   data_chan
 -
 -preprocessor ftp_telnet_protocol: ftp client default \
 -   max_resp_len 256 \
 -   bounce yes \
 -   telnet_cmds yes
 +#preprocessor ftp_telnet_protocol: ftp server default \
 +#   def_max_param_len 100 \
 +#   alt_max_param_len 200 { CWD } \
 +#   cmd_validity MODE < char ASBCZ > \
 +#   cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
 +#   chk_str_fmt { USER PASS RNFR RNTO SITE MKD } \
 +#   telnet_cmds yes \
 +#   data_chan
 +
 +#preprocessor ftp_telnet_protocol: ftp client default \
 +#   max_resp_len 256 \
 +#   bounce yes \
 +#   telnet_cmds yes
  
  # smtp: SMTP normalizer, protocol enforcement and buffer overflow
  # ---------------------------------------------------------------------------
 @@ -561,15 +561,15 @@
  # or use commandline option
  # --dynamic-preprocessor-lib <full path to libsf_smtp_preproc.so>
  
 -preprocessor smtp: \
 -  ports { 25 } \
 -  inspection_type stateful \
 -  normalize cmds \
 -  normalize_cmds { EXPN VRFY RCPT } \
 -  alt_max_command_line_len 260 { MAIL } \
 -  alt_max_command_line_len 300 { RCPT } \
 -  alt_max_command_line_len 500 { HELP HELO ETRN } \
 -  alt_max_command_line_len 255 { EXPN VRFY }
 +#preprocessor smtp: \
 +#  ports { 25 } \
 +#  inspection_type stateful \
 +#  normalize cmds \
 +#  normalize_cmds { EXPN VRFY RCPT } \
 +#  alt_max_command_line_len 260 { MAIL } \
 +#  alt_max_command_line_len 300 { RCPT } \
 +#  alt_max_command_line_len 500 { HELP HELO ETRN } \
 +#  alt_max_command_line_len 255 { EXPN VRFY }
  
  # sfPortscan
  # ----------
 
State-Changed-From-To: open->closed 
State-Changed-By: clsung 
State-Changed-When: Wed Sep 6 06:15:14 UTC 2006 
State-Changed-Why:  
Committed. I made an extra patch to reorder netinet/in.h and sys/types.h. 
Thank you for your information. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=102922 
>Unformatted:
