[Snort-inline-users] Re: snort_inline-2.0.5 build error on RHEL3

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not sure what RedHat has done with its kernel headers.  I actually had to 
do the following in order to get snort_inline to compile in RedHat 9.0 
with the default kernel and kernel headers:

1.  Download the kernel source (best to get stable latest and greatest 
from www.kernel.org).
2.  Build kernel from scratch (feel free to use RedHat's .config file).
3.  mv /usr/include/linux /usr/include/linux.orig
4.  cd /usr/include
5.  ln -s /usr/src/linux<new kernel source>/include/linux linux
    (on my box: ln -s /usr/src/linux-2.4.22/include/linux linux)
    Why do we do this?  We are doing this to use the new kernel headers 
vice the older ones installed on your default RedHat install located in 
/usr/include/linux.
6.  Download the iptables source (www.iptables.org).
7.  Build iptables
    a.  make KERNEL_DIR=/usr/src/<new source>
    b.  make install KERNEL_DIR=/usr/src/<new source>
    c.  make install-devel

**** CONSIDER REMOVING OLDER VERSIONS OF IPTABLES OFF SYSTEM.  DEFAULT SRC 
INSTALLS IPTABLES IN /usr/local/sbin and /usr/local/lib vice /usr/sbin and 
/lib

8.  Build snort_inline

I really need to get off my butt and develop the snort_inline home page so 
I can have a repository for documentation and FAQ.

Rob

On Thu, 4 Dec 2003, Matthew Callaway wrote:

> Greetings,
> 
> Is there a known problem building snort_inline (up to 2.0.5) against the
> glibc-kernheaders that come with Red Hat Enterprise Linux 3?
> 
> The Error:
> 
> gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src
> -I/usr/include/pcap -I../../src/output-plugins
> -I../../src/detection-plugins -I../../src/preprocessors  -I/usr/include
> -g -O2 -Wall -DGIDS -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
> -DHAVE_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -c `test -f 'spo_alert_fast.c'
> || echo './'`spo_alert_fast.c
> In file included from /usr/include/linux/netfilter_ipv4/ip_queue.h:10,
>                  from /usr/include/libipq.h:37,
>                  from ../../src/inline.h:8,
>                  from ../../src/snort.h:38,
>                  from spo_alert_fast.c:51:
> /usr/include/linux/if.h:59: redefinition of `struct ifmap'
> /usr/include/linux/if.h:77: redefinition of `struct ifreq'
> /usr/include/linux/if.h:126: redefinition of `struct ifconf'
> make[3]: *** [spo_alert_fast.o] Error 1
> make[3]: Leaving directory
> `/home/matt/src/BUILD/snort-2.0.5/src/output-plugins'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/home/matt/src/BUILD/snort-2.0.5'
> make: *** [all] Error 2
> 
> 
> [matt@obelisk SPECS]$ rpm -qf
> /usr/include/linux/netfilter_ipv4/ip_queue.h
> glibc-kernheaders-2.4-8.34
> 
> 
> Some Googling finds:
> 
> http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&safe=off&threadm=vmk8c6.6f4.ln%40batty&rnum=9&prev=/groups%3Fnum%3D100%26hl%3Den%26lr%3Dlang_en%26ie%3DUTF-8%26oe%3DUTF-8%26safe%3Doff%26q%3Dredefinition%2Bof%2B%2560struct%2Bifmap%27%26btnG%3DGoogle%2BSearch
> 
> "Glibc has it's own definitions that often conflict with those in
> /usr/include/linux (the kernel).  Programs that #include these kernel
> includes must be modified so that these includes are taken out and only
> the explicit kernel definitions that are needed are included.  You can
> either attempt this yourself or wait =)."
> 
> 
> Do you favor <linux/if.h> or <net/if.h>?
> 
> Can you add a ./configure switch to specify the path to alternate kernel
> includes via an environment variable?
> 
> I note the difference between the glibc package and the kernel package:
> 
> diff -u <kernel version> <glibc version>
> diff -u linux/include/linux/netfilter_ipv4/ip_queue.h /usr/include/linux/netfilter_ipv4/ip_queue.h
> ---
> /home/matt/src/BUILD/kernel-2.4.21/linux/include/linux/netfilter_ipv4/ip_queue.h
> 2000-08-10 14:35:15.000000000 -0500
> +++ /usr/include/linux/netfilter_ipv4/ip_queue.h        2003-01-30
> 12:03:23.000000000 -0600
> @@ -7,15 +7,7 @@
>  #ifndef _IP_QUEUE_H
>  #define _IP_QUEUE_H
> 
> -#ifdef __KERNEL__
> -#ifdef DEBUG_IPQ
> -#define QDEBUG(x...) printk(KERN_DEBUG ## x)
> -#else
> -#define QDEBUG(x...)
> -#endif  /* DEBUG_IPQ */
> -#else
> -#include <net/if.h>
> -#endif /* ! __KERNEL__ */
> +#include <linux/if.h>
> 
>  /* Messages sent from kernel */
>  typedef struct ipq_packet_msg {
> 
> 
> 
> Thanks,
> 
> Matt
> 
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.76

iQA/AwUBP8/NGPnAyY+9KLjdEQJDkACgzmFlwCXeSHU7m7apZlLpEJ31UvMAmwf6
WVoOFIZDWWHQ+KO6uZ4xinD3
=Tw6F
-----END PGP SIGNATURE-----