Page MenuHomeFreeBSD

security/snort3 - try unbreaking it on 12.x
ClosedPublic

Authored by bofh on Apr 2 2020, 5:46 PM.

Details

Summary

This uses snort 3.0.0-270 and libdaq 3.0.0-alpha4 which I'm told should work.

I'm working with folks at $WORK to get this building.

This supercedes D22114

Test Plan

My current block is:

ld: error: undefined symbol: HostCacheAlloc<snort::HostApplication>::deallocate(snort::HostApplication*, unsigned long)
>>> referenced by lua_detector_api.cc
>>>               src/network_inspectors/appid/CMakeFiles/appid.dir/lua_detector_api.cc.o:(std::__1::shared_ptr<snort::HostTracker>::shared_ptr<snort::HostTracker>(snort::HostTracker*, std::__1::enable_if<is_convertible<snort::HostTracker*, snort::HostTracker*>::value, std::__1::shared_ptr<snort::HostTracker>::__nat>::type))

ld: error: undefined symbol: HostCacheAlloc<std::__1::__list_node<snort::HostMac, void*> >::deallocate(std::__1::__list_node<snort::HostMac, void*>*, unsigned long)
>>> referenced by lua_detector_api.cc
>>>               src/network_inspectors/appid/CMakeFiles/appid.dir/lua_detector_api.cc.o:(std::__1::shared_ptr<snort::HostTracker>::shared_ptr<snort::HostTracker>(snort::HostTracker*, std::__1::enable_if<is_convertible<snort::HostTracker*, snort::HostTracker*>::value, std::__1::shared_ptr<snort::HostTracker>::__nat>::type))
c++: error: linker command failed with exit code 1 (use -v to see invocation)

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dvl edited the test plan for this revision. (Show Details)

libdaq tested to work. Give me some times to run through my builder and testing it in a live scenario.

In D24263#533860, @bofh wrote:

libdaq tested to work. Give me some times to run through my builder and testing it in a live scenario.

If you have something which builds, please let me know. I've got folks at $WORK trying to help too.

Initial testing shows this may be related to SSL options. I will know tomorrow.

I am just curious have you tried manually building inside the jail ? :P

I have not tried that. My coworker was able to reproduce the issue in his VM, without poudriere. He was building from source, not via ports. This is promising.

bofh removed a reviewer: bofh.
bofh edited the test plan for this revision. (Show Details)

security/snort3: Update version 3.0.0-258=>3.0.0-270

  • UNBREAK
  • Change compiler for c++14-lang support
  • Remove DEBUG and DOCS DESC to use the defaults
  • Add CXXFLAGS+=-O1

BUILDISOK:
http://pdr.bofh.network/data/latest-per-pkg/snort3/3.0.0.270,1/

This needs merge-quarterly hence we should commit manually

I have a patch from my coworker. I'm about to look at it and I'll report back soon.

In D24263#533974, @bofh wrote:

security/snort3: Update version 3.0.0-258=>3.0.0-270

  • UNBREAK
  • Change compiler for c++14-lang support
  • Remove DEBUG and DOCS DESC to use the defaults
  • Add CXXFLAGS+=-O1

BUILDISOK:
http://pdr.bofh.network/data/latest-per-pkg/snort3/3.0.0.270,1/

This needs merge-quarterly hence we should commit manually

That build for me too. I copied your patches into mine.

In D24263#533976, @dvl wrote:

I have a patch from my coworker. I'm about to look at it and I'll report back soon.

Is your coworker's one better than me ? Otherwise I will commit this with quarterly merge.

In D24263#533978, @bofh wrote:
In D24263#533976, @dvl wrote:

I have a patch from my coworker. I'm about to look at it and I'll report back soon.

Is your coworker's one better than me ? Otherwise I will commit this with quarterly merge.

His patches are to the vendor code and create new functions. Yours do not. I claim yours are better.

I am still playing with RUN_DEPENDS and LIB_DEPENDS based on internal discussions. I will know more within an hour.

How long before you are done for the day?

I think we can remove RUN_DEPENDS and add it to LIB_DEPENDS, and add more to LIB_DEPENDS:

LIB_DEPENDS=    libpcre.so:devel/pcre \
                libdnet.so:net/libdnet \
                libpcap.so:net/libpcap \
                libluajit-5.1.so:lang/luajit \
                libhwloc.so:devel/hwloc \
                libuuid.so:misc/e2fsprogs-libuuid \
                libdaq.so:net/libdaq

re: Error: /usr/local/bin/snort is linked to /usr/local/lib/libdaq.so.3 from net/libdaq but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libdaq.so:net/libdaq

FYI, just found out you can run both snort 2 and snort 3 on the same box by using --daq-dir to point to where the snort3 daq installs (/usr/local/lib/daq by default) and it won't pick up the system libs in /usr/local/lib like snort 2 and everything else in the world.

testing here is good.

In D24263#533988, @dvl wrote:

I think we can remove RUN_DEPENDS and add it to LIB_DEPENDS, and add more to LIB_DEPENDS:

LIB_DEPENDS=    libpcre.so:devel/pcre \
                libdnet.so:net/libdnet \
                libpcap.so:net/libpcap \
                libluajit-5.1.so:lang/luajit \
                libhwloc.so:devel/hwloc \
                libuuid.so:misc/e2fsprogs-libuuid \
                libdaq.so:net/libdaq

re: Error: /usr/local/bin/snort is linked to /usr/local/lib/libdaq.so.3 from net/libdaq but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libdaq.so:net/libdaq

Testing here with that is good.

In D24263#533986, @dvl wrote:
In D24263#533978, @bofh wrote:
In D24263#533976, @dvl wrote:

I have a patch from my coworker. I'm about to look at it and I'll report back soon.

Is your coworker's one better than me ? Otherwise I will commit this with quarterly merge.

His patches are to the vendor code and create new functions. Yours do not. I claim yours are better.

I am still playing with RUN_DEPENDS and LIB_DEPENDS based on internal discussions. I will know more within an hour.

How long before you are done for the day?

Not sure. Working on some geeks which is already delayed.

In D24263#533988, @dvl wrote:

I think we can remove RUN_DEPENDS and add it to LIB_DEPENDS, and add more to LIB_DEPENDS:

LIB_DEPENDS=    libpcre.so:devel/pcre \
                libdnet.so:net/libdnet \
                libpcap.so:net/libpcap \
                libluajit-5.1.so:lang/luajit \
                libhwloc.so:devel/hwloc \
                libuuid.so:misc/e2fsprogs-libuuid \
                libdaq.so:net/libdaq

re: Error: /usr/local/bin/snort is linked to /usr/local/lib/libdaq.so.3 from net/libdaq but it is not declared as a dependency
Warning: you need LIB_DEPENDS+=libdaq.so:net/libdaq

Works without BUILD_DEPENDS too just adding into LIB_DEPENDS

In D24263#533989, @dvl wrote:

FYI, just found out you can run both snort 2 and snort 3 on the same box by using --daq-dir to point to where the snort3 daq installs (/usr/local/lib/daq by default) and it won't pick up the system libs in /usr/local/lib like snort 2 and everything else in the world.

Despite I want to keep the CONFLICTS and not use parallely. You never know in the future it might not be conflicting.

  • Remove RUN_DEPENDS and BUILD_DEPENDS and move libdaq to LIB_DEPENDS
  • Add misc/e2fsprogs-libuuid as LIB_DEPENDS

Remove unnecessary patches

This revision was not accepted when it landed; it landed in state Needs Review.Apr 4 2020, 12:44 PM
Closed by commit rP530653: security/snort3: UNBREAK (authored by bofh). · Explain Why
This revision was automatically updated to reflect the committed changes.