[問題] 關於SNORT無法插入範例的preprocessor

看板NetSecurity (資安資訊安全)作者literkid (literkid)時間18年前 (2007/09/16 00:02)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/3 (看更多)

請教各位有使用過SNORT的先進我在FreeBSD 6.2上安裝SNORT 2.6.1.5的版本我參考以下這個網頁來插入範例的preprocessor，結果遇到一些問題 http://afrodita.unicauca.edu.co/~cbedon/snort/spp_kickstart.html 我的操作步驟如下： 1.複製$SNORT_DIR/templates/spp_template.c和spp_template.h的檔案到 $SNORT_DIR/src/preprocessors/下 2.修改to $SNORT_DIR/src/plugbase.c，如下： In the includes section: /* built-in preprocessors */ /*My preprocessor*/ #include "preprocessors/spp_template.h" (...) In the function InitPreprocessors: void InitPreprocessors(){ /*My preprocessor*/ SetupTemplate(); 3.修改$SNORT_DIR/src/preprocessors/Makefile.in，如下 libspp_a_SOURCES = spp_arpspoof.c spp_arpspoof.h spp_bo.c spp_bo.h \ (...) spp_template.c spp_template.h am_libspp_a_OBJECTS = spp_arpspoof.$(OBJEXT) spp_bo.$(OBJEXT) \ spp_template.$(OBJEXT) 4.執行configure和make，訊息如下： ################################################################## gcc -DHAVE_CONFIG_H -I. -I. -I../.. -I../.. -I../../src -I../../src/sfutil -I../../src/output-plugins -I../../src/detection-plugins -I../../src/dynamic-plugins -I../../src/preprocessors -I../../src/preprocessors/flow -I../../src/preprocessors/portscan -I../../src/preprocessors/flow/int-snort -I../../src/preprocessors/HttpInspect/include -I../../src/preprocessors/Stream5 -I/usr/local/include -g -O2 -Wall -DDYNAMIC_PLUGIN -c spp_template.c spp_template.c: In function `SetupTemplate': spp_template.c:100: warning: implicit declaration of function `DebugMessage' spp_template.c:100: error: `DEBUG_PLUGIN' undeclared (first use in this function) spp_template.c:100: error: (Each undeclared identifier is reported only once spp_template.c:100: error: for each function it appears in.) spp_template.c: In function `TemplateInit': spp_template.c:117: error: `DEBUG_PLUGIN' undeclared (first use in this function) spp_template.c:131: warning: passing arg 1 of `AddFuncToPreprocList' from incompatible pointer type spp_template.c:131: error: too few arguments to function `AddFuncToPreprocList' *** Error code 1 Stop in /usr/src/literkid/snort-2.6.1.5/src/preprocessors. *** Error code 1 Stop in /usr/src/literkid/snort-2.6.1.5/src/preprocessors. *** Error code 1 Stop in /usr/src/literkid/snort-2.6.1.5/src. *** Error code 1 Stop in /usr/src/literkid/snort-2.6.1.5. *** Error code 1 Stop in /usr/src/literkid/snort-2.6.1.5. ################################################################## 5.因為範例程式碼裡的DEBUG_PLUGIN未定義，所以在spp_template.c加入debug.h函式庫 #include "debug.h" 編譯後的訊息如下： ################################################################## spp_template.c: In function `SetupTemplate': spp_template.c:102: warning: implicit declaration of function `DebugMessage' spp_template.c: In function `TemplateInit': spp_template.c:133: warning: passing arg 1 of `AddFuncToPreprocList' from incompatible pointer type spp_template.c:133: error: too few arguments to function `AddFuncToPreprocList' *** Error code 1 Stop in /usr/src/literkid/snort-2.6.1.5/src/preprocessors. *** Error code 1 ################################################################## 6.用DEBUG_WRAP()把DebugMessage()包起來 100: DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Preprocessor: Template is setup...\n");); 117: DEBUG_WRAP(DebugMessage(DEBUG_PLUGIN,"Preprocessor: Template Initialized\n");); 編譯後的訊息如下： ################################################################## spp_template.c: In function `TemplateInit': spp_template.c:133: warning: passing arg 1 of `AddFuncToPreprocList' from incompatible pointer type spp_template.c:133: error: too few arguments to function `AddFuncToPreprocList' *** Error code 1 Stop in /usr/src/literkid/snort-2.6.1.5/src/preprocessors. *** Error code 1 ################################################################## 7.新版的SNORT似乎修改了AddFuncToPreprocList()的參數，故修改如下 131: AddFuncToPreprocList(PreprocFunction, 0, 0); 8.編譯後沒有錯誤訊息，故把範例的preprocessor加入$SNORT/etc/snort.conf的設定執行snort -c $SNORT/etc/snort.conf的結果如下： ################################################################## etc/snort.conf(803) unknown dynamic preprocessor "template" ERROR: Misconfigured dynamic preprocessor(s) Fatal Error, Quitting.. ################################################################## 有人遇過相同的問題嗎？可以幫我解答嗎？非常謝謝！ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 61.229.41.58