Page MenuHomeFreeBSD

Unbreak security/snort3
AbandonedPublic

Authored by dvl on Oct 22 2019, 6:22 PM.

Details

Summary

security/snort3 is broken, let's try newer version

... this is superceded by D24263

Test Plan

The current fail is:

FAILED: src/network_inspectors/rna/CMakeFiles/rna.dir/rna_logger.cc.o 
/usr/local/libexec/ccache/c++  -DHAVE_CONFIG_H -Dinline=inline -Drestrict=__restrict -I/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src/network_inspectors -I/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src -I/usr/local/include/luajit-2.0 -I. -I/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262 -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -DLIBICONV_PLUG -isystem /usr/local/include  -fvisibility=hidden   -DNDEBUG    -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -DLIBICONV_PLUG -isystem /usr/local/include   -std=c++11 -MD -MT src/network_inspectors/rna/CMakeFiles/rna.dir/rna_logger.cc.o -MF src/network_inspectors/rna/CMakeFiles/rna.dir/rna_logger.cc.o.d -o src/network_inspectors/rna/CMakeFiles/rna.dir/rna_logger.cc.o -c /wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src/network_inspectors/rna/rna_logger.cc
/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src/network_inspectors/rna/rna_logger.cc:46:63: error: no member named 's6_addr32' in 'in6_addr'
    if ( src_ip and (!IN6_IS_ADDR_V4MAPPED(src_ip) or src_ip->s6_addr32[3]) )
                                                      ~~~~~~  ^
1 error generated.

and:

FAILED: src/network_inspectors/rna/CMakeFiles/rna.dir/rna_pnd.cc.o 
/usr/local/libexec/ccache/c++  -DHAVE_CONFIG_H -Dinline=inline -Drestrict=__restrict -I/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src/network_inspectors -I/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src -I/usr/local/include/luajit-2.0 -I. -I/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262 -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -DLIBICONV_PLUG -isystem /usr/local/include  -fvisibility=hidden   -DNDEBUG    -O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -DLIBICONV_PLUG -isystem /usr/local/include   -std=c++11 -MD -MT src/network_inspectors/rna/CMakeFiles/rna.dir/rna_pnd.cc.o -MF src/network_inspectors/rna/CMakeFiles/rna.dir/rna_pnd.cc.o.d -o src/network_inspectors/rna/CMakeFiles/rna.dir/rna_pnd.cc.o -c /wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src/network_inspectors/rna/rna_pnd.cc
/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src/network_inspectors/rna/rna_pnd.cc:73:33: error: member reference base type 'const uint32_t' (aka 'const unsigned int') is not a structure or union
        if ( !src->is_set() and IN6_IS_ADDR_MULTICAST(dst->get_ip6_ptr()) and
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/netinet6/in6.h:304:38: note: expanded from macro 'IN6_IS_ADDR_MULTICAST'
#define IN6_IS_ADDR_MULTICAST(a)        ((a)->s6_addr[0] == 0xff)
                                         ~~~^ ~~~~~~~
/wrkdirs/usr/ports/security/snort3/work/snort3-3.0.0-262/src/network_inspectors/rna/rna_pnd.cc:138:10: error: member reference base type 'const uint32_t' (aka 'const unsigned int') is not a structure or union
    if ( IN6_IS_ADDR_MULTICAST(ip_api.get_dst()->get_ip6_ptr()) )
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/netinet6/in6.h:304:38: note: expanded from macro 'IN6_IS_ADDR_MULTICAST'
#define IN6_IS_ADDR_MULTICAST(a)        ((a)->s6_addr[0] == 0xff)
                                         ~~~^ ~~~~~~~
2 errors generated.

I do not know if this is an upstream error or if I am doing something incorrectly.

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dvl edited the test plan for this revision. (Show Details)
bofh requested changes to this revision.Oct 28 2019, 12:03 PM

Hi @dvl ,
Are you sure that snort3 builds after properly with these changes? So far in my system it doesn't build. For your reference please check the following:
http://pdr.bofh.network/data/latest-per-pkg/snort3/3.0.0.262,1/

I am committing libdaq for now. And will look more into it to fix it soon.

This revision now requires changes to proceed.Oct 28 2019, 12:03 PM
In D22114#484562, @bofh wrote:

Hi @dvl ,
Are you sure that snort3 builds after properly with these changes? So far in my system it doesn't build. For your reference please check the following:
http://pdr.bofh.network/data/latest-per-pkg/snort3/3.0.0.262,1/

I am committing libdaq for now. And will look more into it to fix it soon.

Thank you. I will test today at work.

This revision was not accepted when it landed; it landed in state Needs Revision.Oct 28 2019, 12:28 PM
This revision was automatically updated to reflect the committed changes.

Oops. @dvl sorry. Didn't know that partial commit closes the revision.

In D22114#484573, @bofh wrote:

Oops. @dvl sorry. Didn't know that partial commit closes the revision.

No worries.

Sorry, I misread your note. Yes, you are getting the same error I received. The snort devs do all their work on Linux.

Here was one suggested patch which fixes the above error. However, it was suggested to me that perhaps we are missing an #include?

+
+#ifndef FREEBSD_s6_WORKAROUND
+#define FREEBSD_s6_WORKAROUND
+#define s6_addr8  __u6_addr.__u6_addr8
+#define s6_addr16 __u6_addr.__u6_addr16
+#define s6_addr32 __u6_addr.__u6_addr32
+#endif

A grep finds:

$ grep -r s6_addr8 /usr/include/*
/usr/include/netinet6/in6.h:#define s6_addr8  __u6_addr.__u6_addr8

Adding #include "netinet/in.h" does not help this.