Will not compile with libpcap.1.9.0

[csbflyer]

I am unable to make barnyard2-master with the latest libpcap.1.9.0. Works fine with libpcap.1.8.1. Below is the error I receive:

make all-recursive make[1]: Entering directory /home/analyst/installation_files/barnyard2-master' Making all in src make[2]: Entering directory /home/analyst/installation_files/barnyard2-master/src' Making all in sfutil make[3]: Entering directory /home/analyst/installation_files/barnyard2-master/src/sfutil' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c getopt_long.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sfmemcap.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sfprimetable.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sfxhash.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_ip.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_iph.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_ipvar.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_textlog.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c sf_vartable.c rm -f libsfutil.a ar cru libsfutil.a getopt_long.o sfmemcap.o sfprimetable.o sfxhash.o sf_ip.o sf_iph.o sf_ipvar.o sf_textlog.o sf_vartable.o ranlib libsfutil.a make[3]: Leaving directory /home/analyst/installation_files/barnyard2-master/src/sfutil' Making all in output-plugins make[3]: Entering directory /home/analyst/installation_files/barnyard2-master/src/output-plugins' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_arubaaction.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_bro.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_cef.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_csv.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_fast.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_full.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/opt/snort/include -DDEBUG -g -O0 -fno-strict-aliasing -Wall -c spo_alert_fwsam.c make[3]: Leaving directory /home/analyst/installation_files/barnyard2-master/src/output-plugins' make[2]: Leaving directory /home/analyst/installation_files/barnyard2-master/src' make[1]: Leaving directory /home/analyst/installation_files/barnyard2-master' In file included from ../decode.h:49:0, from ../plugbase.h:70, from ../spooler.h:32, from ../barnyard2.h:52, from spo_alert_fwsam.c:91: /opt/snort/include/sfbpf_dlt.h:642:0: warning: "DLT_IEEE802_15_4" redefined [enabled by default] #define DLT_IEEE802_15_4 195 ^ In file included from /opt/snort/include/pcap/bpf.h:109:0, from /opt/snort/include/pcap/pcap.h:88, from /opt/snort/include/pcap.h:43, from ../barnyard2.h:46, from spo_alert_fwsam.c:91: /opt/snort/include/pcap/dlt.h:749:0: note: this is the location of the previous definition #define DLT_IEEE802_15_4 DLT_IEEE802_15_4_WITHFCS ^ In file included from /opt/snort/include/pcap.h:43:0, from ../barnyard2.h:46, from spo_alert_fwsam.c:91: /opt/snort/include/pcap/pcap.h:950:18: error: two or more data types in declaration specifiers #define SOCKET int ^ spo_alert_fwsam.c:118:13: note: in expansion of macro ‘SOCKET’ typedef int SOCKET; ^ spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration [enabled by default] typedef int SOCKET; ^ spo_alert_fwsam.c: In function ‘AlertFWsam’: spo_alert_fwsam.c:981:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable] ClassType *cn = NULL; ^ spo_alert_fwsam.c:973:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable] static unsigned short lastbsp[FWSAM_REPET_BLOCKS]; ^ make[3]: *** [spo_alert_fwsam.o] Error 1 make[2]: *** [all-recursive] Error 1 make[1]: *** [all-recursive] Error 1 make: *** [all] Error 2

[csbflyer]

This occurs when trying to compile with libpcap.1.9.0 snort, libpcap and daq all exist in /opt/snort.

[q2dg]

Well, it seems this project is pretty abandoned, isn't?

[YBSNNLRX]

I have the same problem as you，Have you solved it?

[csbflyer]

I switched to previous version of libpcap, however, you can compile barnyard2 in separate directory from snort with libpcap 1.9.0. /opt/snort /opt/barnyard2

[YBSNNLRX]

I switched to libpcap-1.8.1 or libpcap-1.5.3，then compile barnyard2 also display below error : make all-recursive make[1]: Entering directory /etc/snort/barnyard2' Making all in src make[2]: Entering directory /etc/snort/barnyard2/src' Making all in sfutil make[3]: Entering directory /etc/snort/barnyard2/src/sfutil' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c getopt_long.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sfmemcap.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sfprimetable.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sfxhash.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_ip.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_iph.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_ipvar.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_textlog.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c sf_vartable.c rm -f libsfutil.a ar cru libsfutil.a getopt_long.o sfmemcap.o sfprimetable.o sfxhash.o sf_ip.o sf_iph.o sf_ipvar.o sf_textlog.o sf_vartable.o ranlib libsfutil.a make[3]: Leaving directory /etc/snort/barnyard2/src/sfutil' Making all in output-plugins make[3]: Entering directory /etc/snort/barnyard2/src/output-plugins' gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_arubaaction.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_bro.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_cef.c spo_alert_cef.c: In function ‘AlertCEF’: spo_alert_cef.c:500:15: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable] ClassType *cn; ^ gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_csv.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_fast.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_full.c gcc -DHAVE_CONFIG_H -I. -I../.. -I.. -I ../sfutil -I/usr/include/mysql -DENABLE_MYSQL -g -O2 -fno-strict-aliasing -Wall -c spo_alert_fwsam.c spo_alert_fwsam.c: In function ‘AlertFWsam’: spo_alert_fwsam.c:966:5: error: unknown type name ‘SOCKET’ SOCKET stationsocket; ^ spo_alert_fwsam.c:981:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable] ClassType *cn = NULL; ^ spo_alert_fwsam.c:980:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable] SigNode *sn = NULL; ^ spo_alert_fwsam.c:973:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable] static unsigned short lastbsp[FWSAM_REPET_BLOCKS]; ^ spo_alert_fwsam.c: In function ‘FWsamCheckOut’: spo_alert_fwsam.c:1392:5: error: unknown type name ‘SOCKET’ SOCKET stationsocket; ^ spo_alert_fwsam.c: In function ‘FWsamCheckIn’: spo_alert_fwsam.c:1543:5: error: unknown type name ‘SOCKET’ SOCKET stationsocket; ^ make[3]: *** [spo_alert_fwsam.o] Error 1 make[3]: Leaving directory /etc/snort/barnyard2/src/output-plugins' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory /etc/snort/barnyard2/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory /etc/snort/barnyard2' make: *** [all] Error 2

[csbflyer]

This worked for me: Make snort & libpcap 1.9 in /opt/snort Make barnyard2 in /opt/barnyard2

[NathanGibbs3]

So as long as snort and barnyard2 are in separate directories, it's possible to build them both with libpcap 1.9. Am I understanding that correctly?

[YBSNNLRX]

Actually snort and barnyard2 is in separate directories, but this error is along exist,I haven't found a solution yet. Do you think it necessary for me to reinstall it?

[miladstar77]

Hi you can compile with libpcap-1.8.1

[YBSNNLRX]

Thanks,then I successfully reinstalled it with libpcap-1.8.1.

[Gerjo]

My pull request here fixes this particular issue: https://github.com/firnsy/barnyard2/pull/254

[ParagVadher]

My pull request here fixes this particular issue: #254

I am grateful for this great service! Thank you so very much.

[FalcoGer]

My pull request here fixes this particular issue: #254

Works fine. Thank you. Why isn't this merged yet?

[519seven]

@Gerjo Thank you for the fix! I applied this fix, too: https://github.com/firnsy/barnyard2/issues/252 and things are moving along now.

[miladstar77]

Hi It's compatible with libpcap 1.8.1

On Wed, Nov 11, 2020, 03:15 Mehrshad [email protected] wrote:

Hi you can compile with libpcap-1.8.1

How ?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/firnsy/barnyard2/issues/245#issuecomment-725035128, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMFN7SPWZYSFAIPX33XGU33SPHGAHANCNFSM4GRG4IFQ .

[Atsuyakitamago]

I'm sorry for my poor English.

My environment is Ubuntu 20.04 LTS.

I have some questions.

I use "apt" command to manage package.

(1) Which libpcap means "libpcap-dev" or "libpcap0.8" ?

(2) What should I do to uninstall libpcap 1.9.1 and install libpcap 1.8.1 ?

(3) I unistalled libpcap-dev 1.9.1 and installed libpcap-dev 1.8.1.

Then, when I executed "snort -V", result includes a sentence of "Using libpcap version 1.9.1".

What should I do to make this sentence "Using libpcap version 1.8.1"?

I'm sorry for many questions.

[NathanGibbs3]

What you did in (3) should allow you to build barnyard2. It does not matter which libpcap snort is using.

[Atsuyakitamago]

Sorry for the late reply. It worked. Thank you very much!

[Camanche827]

Hi to all! I have a problem! I'm trying to build barnyard2 on ubuntu 22.04. But some errors arise. As i saw from previous comments it happens because of libpcap 1.9.1. If its true, please provide me with strict commands for reinstalling libpcap to 1.8.1 version! Thank you!

[Camanche827]

Thanks,then I successfully reinstalled it with libpcap-1.8.1.

Hello! Do you still remember how you reinstall libpcap?