Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 421775 - net-analyzer/snort-2.9.2.3 fails to compile with active response disabled
Summary: net-analyzer/snort-2.9.2.3 fails to compile with active response disabled
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: Normal normal
Assignee: Joshua Kinard
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-18 13:45 UTC by Valentin Avram
Modified: 2012-10-22 08:54 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Patch to allow compilation of snort-2.9.2.3 with active-response disabled (snort-2.9.2.3-active.patch,2.12 KB, patch)
2012-06-19 15:17 UTC, Valentin Avram
Details | Diff
ebuild based on latest official snort ebuild (snort-2.9.3.1.ebuild,8.78 KB, text/plain)
2012-10-22 08:53 UTC, Valentin Avram
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Valentin Avram 2012-06-18 13:45:37 UTC
While trying to update snort on a server from 2.9.0.5 to 2.9.2.3, i had to change the USE-flags from:
- the selected ones in 2.9.0.5: dynamicplugin decoder-preprocessor-rules linux-smp-stats reload reload-error-restart
to
- the forced ones in 2.9.2.3: dynamicplugin decoder-preprocessor-rules linux-smp-stats zlib -active-response -flexresp3 -gre -mpls -mysql -normalizer -odbc -postgres -ppm -react -reload-error-restart -targetbased

The server is using the 10.0/server profile (basic USE-flags only, it a "need-only-an-optimized" system), and snort does not do any fancy stuff like IPS, so no inline / active-response is needed. As such, since 2.9.2.3 automatically seemed to enable alot of flags, i used portage.use to explicitly disable some of them.

Reproducible: Always

Steps to Reproduce:
1. Unmask snort-2.9.2.3 in /etc/portage/package.keywords
2. Use the following USE-flags for snort in package.use : dynamicplugin decoder-preprocessor-rules linux-smp-stats zlib -active-response -flexresp3 -gre -mpls -mysql -normalizer -odbc -postgres -ppm -react -reload-error-restart -targetbased
3. emerge -av snort
Actual Results:  
[snip]
i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../src -I../src/sfutil -I/usr/include/pcap -I../src/output-plugins -I../src/detection-plugins -I../src/dynamic-plugins -I../src/preprocessors -I../src/preprocessors/portscan -I../src/preprocessors/HttpInspect/include -I../src/preprocessors/Stream5 -I../src/target-based -I../src/control  -DDYNAMIC_PLUGIN -DZLIB -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DLINUX_SMP -DNOCOREFILE -DENABLE_PAF -DSF_WCHAR -DSUP_IP6 -DPERF_PROFILING -DSNORT_RELOAD -DRELOAD_ERROR_FATAL  -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -c idle_processing.c
/bin/sh ../libtool --tag=CC   --mode=link i686-pc-linux-gnu-gcc  -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall  -Wl,-O1 -Wl,--as-needed -L/usr/lib -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o  strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm  -ldl -ldaq -lz -lpthread -lpthread
libtool: link: i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -Wl,-O1 -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o  -Wl,--as-needed -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a /usr/lib/libdnet.so -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg':
sf_dynamic_plugins.c:(.text+0x964): undefined reference to `Active_SendData'
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled':
sf_dynamic_plugins.c:(.text+0xa47): undefined reference to `Active_SetEnabled'
collect2: ld returned 1 exit status
make[3]: *** [snort] Error 1
make[3]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3'
make: *** [all] Error 2
emake failed
 * ERROR: net-analyzer/snort-2.9.2.3 failed (compile phase):
 *   emake failed
 * 
 * Call stack:
 *          ebuild.sh, line   85:  Called src_compile
 *        environment, line 1804:  Called _eapi2_src_compile
 *   phase-helpers.sh, line  573:  Called die
 * The specific snippet of code:
 *              emake || die "emake failed"
 * 
 * If you need support, post the output of 'emerge --info =net-analyzer/snort-2.9.2.3',
 * the complete build log and the output of 'emerge -pqv =net-analyzer/snort-2.9.2.3'.
/usr/lib/portage/bin/isolated-functions.sh: line 214: wait: `emake failed': not a pid or valid job spec
 * The complete build log is located at '/var/tmp/portage/net-analyzer/snort-2.9.2.3/temp/build.log'.
 * The ebuild environment file is located at '/var/tmp/portage/net-analyzer/snort-2.9.2.3/temp/environment'.
 * S: '/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3'

Expected Results:  
It should have compiled successfully since the USE-flags do not block eachother.

As far as i can tell, the two functions which are not found (Active_SendData and Active_SetEnabled) are defined in an #ifdef #endif section which is not active since active-reponse is disabled. For some reason however, 
DynamicSendBlockResponseMsg and 
DynamicActiveSetEnabled functions in dynamic-plugins/sf_dynamic_plugins.c want to call the Active_ functions which are not available if active response is disabled.

I cannot disable the dynamicplugin USE-flag since the zlib USE-flag depends on it.

Here is the emerge --info:
Portage 2.1.10.49 (default/linux/x86/10.0/server, gcc-4.4.6, glibc-2.14.1-r3, 3.2.12-gentoo-db-version1 i686)
=================================================================
System uname: Linux-3.2.12-gentoo-db-version1-i686-Intel-R-_Xeon-R-_CPU_X5550_@_2.67GHz-with-gentoo-2.0.3
Timestamp of tree: Thu, 14 Jun 2012 00:45:01 +0000
app-shells/bash:          4.1_p9-r839::<unknown repository>
dev-lang/python:          2.7.2-r3, 3.2.2
dev-util/cmake:           2.8.6-r4
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.0.3
sys-apps/openrc:          0.9.8.4
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.68
sys-devel/automake:       1.11.1
sys-devel/binutils:       2.21.1-r1
sys-devel/gcc:            4.4.6-r1, 4.5.3-r2
sys-devel/gcc-config:     1.5-r2
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r1
sys-kernel/linux-headers: 3.1 (virtual/os-headers)
sys-libs/glibc:           2.14.1-r3
Repositories: gentoo x-portage
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
FFLAGS=""
GENTOO_MIRRORS="http://10.5.1.237:8080 "
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j9"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://10.5.1.237/gentoo-portage"
USE="acl berkdb bzip2 cli cracklib crypt cups cxx dri gd gdbm iconv jpeg modules mudflap ncurses nls nptl openmp pam pcre pppd readline session snmp ssl tcpd tiff truetype unicode x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
USE_PYTHON="2.7 3.2"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Valentin Avram 2012-06-18 14:04:12 UTC
Snort 2.9.1 (marked as stable) compiles without any problem with the same USE-flags.

.. of course, ignoring all the warnings about the not checked return values.
Comment 2 Valentin Avram 2012-06-19 08:30:41 UTC
Snort 2.9.2.1 fails to compile with the same error:

configure:
./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --enable-shared --disable-static --disable-so-with-static-lib --enable-dynamicplugin --enable-zlib --disable-gre --disable-mpls --disable-targetbased --enable-decoder-preprocessor-rules --disable-ppm --enable-perfprofiling --enable-linux-smp-stats --disable-inline-init-failopen --enable-pthread --disable-debug --disable-debug-msgs --disable-corefiles --enable-dlclose --disable-active-response --disable-normalizer --disable-reload-error-restart --disable-react --disable-flexresp3 --enable-paf --disable-large-pcap --disable-aruba --without-mysql --without-odbc --without-postgresql --enable-ipv6 --enable-reload --disable-prelude --disable-build-dynamic-examples --disable-profile --disable-ppm-test --disable-intel-soft-cpm --disable-static-daq --disable-rzb-saac --without-oracle

Error:
/bin/sh ../libtool --tag=CC   --mode=link i686-pc-linux-gnu-gcc  -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall  -Wl,-O1 -Wl,--as-needed -L/usr/lib -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o  strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm  -ldl -ldaq -lz -lpthread -lpthread
libtool: link: i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -Wl,-O1 -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o  -Wl,--as-needed -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a /usr/lib/libdnet.so -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg':
sf_dynamic_plugins.c:(.text+0x934): undefined reference to `Active_SendData'
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled':
sf_dynamic_plugins.c:(.text+0xa17): undefined reference to `Active_SetEnabled'
collect2: ld returned 1 exit status
make[3]: *** [snort] Error 1
make[3]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.1/work/snort-2.9.2.1/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.1/work/snort-2.9.2.1/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.1/work/snort-2.9.2.1'
make: *** [all] Error 2
emake failed

So the change that breaks it it between 2.9.1 and 2.9.2.1.
Comment 3 Valentin Avram 2012-06-19 15:17:38 UTC
Created attachment 315763 [details, diff]
Patch to allow compilation of snort-2.9.2.3 with active-response disabled

Hello again.

Considering the problem should be fixed by either patching ./src/dynamic-plugins/sf_dynamic_plugins.c or active.h/c and since the active-response USE-flag should affect only the active response support, i decided to try to make a patch that should allow the compilation of the package.

I have attached the patch. It changes the location as well as adds some
#ifdef ACTIVE_RESPONSE [...] #endif
so that the two functions which are not available when active-response is disabled (Active_SendData and Active_SetEnabled) are now available but don't do anything (of course, only when active-response is disabled). Since both functions return void, unless the callers expect some changes in the data they pass, the patch should work just fine.

Since it's the first time i see the snort source code, i have no idea if the patch keeps the full functionality or breaks something else. All i know is that with the patch applied the ./configure (as posted previously) and make commands complete successfully.

So, somebody who has more experience than me in snort code, please take a look at the patch and advise if it should be added to the Gentoo snort package to allow snort to compile with active-response disabled.

Also, please tell me if the USE-flags i'm using are not as they should be (although the ebuild lets me use them), maybe i'm not supposed to use this configuration (however, if that is the case, then why did the ./configure let me, or the ebuild).

Thank you for your time.
Comment 4 Joshua Kinard gentoo-dev 2012-06-19 19:15:39 UTC
I'll take this and see what fix the developers on snort-devel implement.
Comment 5 Valentin Avram 2012-07-19 08:45:31 UTC
Snort 2.9.3.0 has been released.
Changelog: http://www.snort.org/downloads/1797

Nothing in the Changelog about this issue (there is an issue referring to compilation error when active response is disabled, but it was part of snort 2.9.1).

I downloaded the source of 2.9.3.0, fixed the ./configure (snort no longer supports outputs to databases, aruba or prelude), and it still crashed in the same place as 2.9.2.3.

New ./configure:
./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --enable-shared --disable-static --disable-so-with-static-lib --enable-dynamicplugin --enable-zlib --disable-gre --disable-mpls --disable-targetbased --disable-ppm --enable-perfprofiling --enable-linux-smp-stats --disable-inline-init-failopen --enable-pthread --disable-debug --disable-debug-msgs --disable-corefiles --enable-dlclose --disable-active-response --disable-normalizer --disable-reload-error-restart --disable-react --disable-flexresp3 --enable-paf --disable-large-pcap --disable-ipv6 --enable-reload --disable-build-dynamic-examples --disable-profile --disable-ppm-test --disable-intel-soft-cpm --disable-static-daq --disable-rzb-saac

Error compiling:
/bin/sh ../libtool --tag=CC   --mode=link i686-pc-linux-gnu-gcc  -g -O2 -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall  -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o  strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a dynamic-output/plugins/liboutput.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm  -ldl -ldaq -lz -lpthread -lpthread
libtool: link: i686-pc-linux-gnu-gcc -g -O2 -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o  -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a dynamic-output/plugins/liboutput.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -ldnet -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg':
/home/knight/Desktop/tempview/snort-2.9.3/src/dynamic-plugins/sf_dynamic_plugins.c:1559: undefined reference to `Active_SendData'
dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled':
/home/knight/Desktop/tempview/snort-2.9.3/src/dynamic-plugins/sf_dynamic_plugins.c:1452: undefined reference to `Active_SetEnabled'
collect2: ld returned 1 exit status
make[3]: *** [snort] Error 1
make[3]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3'
make: *** [all] Error 2

So the issue this bug was created for still exists.

Thank you for your time.
Comment 6 Valentin Avram 2012-10-22 08:50:31 UTC
Hello.

It seems snort-2.9.3.1 includes the fix for this bug. I can confirm 2.9.3.0 does not.

Sourcefire feedback reported this:
"Hi Valentin--

2.9.3 was already packaged up and with our test group.  Given that there is a work-around, the changes for this issue didn't make the 2.9.3 release.

The changes are already in for the next patch release of Snort, so you should see it there.

Cheers.
-steve"

I have attached an ebuild for 2.9.3.1 which is a modified version of snort-2.9.2.3.ebuild from official Portage.
It successfully compiles snort without the active response part. I believe so after looking in the build log and seeing no -DACTIVE_RESPONSE that I used to see in previous builds.

Modifications to the 2.9.2.3 build include the following:
- removed decoder-preprocessor-rules useflag - does not exist in snort-2.9.3+ such ./configure flag.
- removed aruba mysql odbc postgres useflags - snort-2.9.3+ does not longer support output to such backends.
- removed --disable-prelude and --without-oracle ./configure flags - snort 2.9.3+ does not have those flags anymore.
- removed foldes schemas/* from dodoc - source code for snort-2.9.3+ does not include the schemas folder anymore.

I also must mention that is order to build a snort IDS sensor without any active response support, ALL USE-flags about inline deployment MUST be disabled.
These flags include: -active-response, -flexresp3, -react.
The following flags mention inline deployment but do not auto-magic-enable active response: normalizer, ppm.

Please verify the ebuild I have attached and confirm the issue can be closed.

Thank you for your time.
Comment 7 Valentin Avram 2012-10-22 08:53:18 UTC
Created attachment 327130 [details]
ebuild based on latest official snort ebuild