<p dir="ltr">Hi Cooper,</p>
<p dir="ltr">I had the same problems and the solution was to use the libhtp 0.5.x branch. When you clone the repository, don't forget to do "git checkout 0.5.x". You will find the function declared on "htp.h" and implemented in the "htp_util.c" (if I'm not mistaken).</p>

<p dir="ltr">Best regards, <br>
Duarte</p>
<div class="gmail_quote">On 17 Jul 2013 06:00, "Cooper F. Nelson" <<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
Looks like this function isn't defined anywhere:<br>
<br>
> oisf # fgrep -R htp_urldecode_inplace *<br>
> src/app-layer-htp-libhtp.c:        htp_urldecode_inplace(tx->cfg, HTP_DECODER_URLENCODED, query, &flags);<br>
> src/app-layer-htp.c:    htp_urldecode_inplace(tx->cfg, HTP_DECODER_URLENCODED, tx->parsed_uri->query, &flags);<br>
> src/app-layer-htp.c:    htp_urldecode_inplace(tx->cfg, HTP_DECODER_URL_PATH, tx->parsed_uri->path, &flags);<br>
<br>
<br>
On 7/16/2013 9:46 PM, Cooper F. Nelson wrote:<br>
> Still throwing an error:<br>
><br>
>> gcc -DHAVE_CONFIG_H -I. -I..   -I./../libhtp/ -I/usr/include/nspr  -I/usr/include/nss -I/usr/include/nspr  -DLOCAL_STATE_DIR=\"/var\" -g -O2 -Wextra -Werror-implicit-function-declaration -fno-tree-pre -Wall -fno-strict-aliasing -no-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_LIBNET_ICMPV6_UNREACH  -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCP_NG -DREVISION="f4dcba6" -MT app-layer-htp.o -MD -MP -MF .deps/app-layer-htp.Tpo -c -o app-layer-htp.o app-layer-htp.c<br>

>> app-layer-htp.c: In function 'HTPCallbackDoubleDecodeQuery':<br>
>> app-layer-htp.c:1970:5: error: implicit declaration of function 'htp_urldecode_inplace' [-Werror=implicit-function-declaration]<br>
>> cc1: some warnings being treated as errors<br>
><br>
><br>
> On 7/16/2013 7:51 PM, Anoop Saldanha wrote:<br>
><br>
>> Yes, it has been unbundled.   We have now moved to libhtp-0.5.x.  If<br>
>> you are rebuilding you will have to do so from Ivan's repo and pull<br>
>> out the 0.5.x branch - <a href="https://github.com/ironbee/libhtp/tree/0.5.x" target="_blank">https://github.com/ironbee/libhtp/tree/0.5.x</a><br>
><br>
>> Rebuilding wise it works the same as before.  Let's cal the suricata<br>
>> directory as SURICATA_ROOT.  If you have libhtp-0.5.x contents in<br>
>> libhtp folder of $SURICATA_ROOT, .configure/make should work for both<br>
>> suricata and libhtp directly from $SURICATA_ROOT, without<br>
>> necessitating --enable-non-bundled-htp option.  Or you can pull it to<br>
>> some other directory and build it using --enable-non-bundled-option.<br>
><br>
><br>
><br>
> _______________________________________________<br>
> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
> Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
> OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
><br>
<br>
- --<br>
Cooper Nelson<br>
Network Security Analyst<br>
UCSD ACT Security Team<br>
<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.17 (MingW32)<br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
iQEcBAEBAgAGBQJR5iTjAAoJEKIFRYQsa8FWi4UH/0oF/CmXRYgHeAx75tzbvNIP<br>
Y18S+WgR3/TXvygW4KP4Gl3T9A0aGKOLwrHNMCUNvUq+fHxExGwdU+tWyuw+ErD9<br>
ZwcgHxSRf6oRWQz1l33HrlgDqWdq+8ICTZpokDkbbUVfcL9NEIq3ZjQvCfMJXVp9<br>
mJ0JrY0zcWJQQTctLk74LFS7Y2U7bEMxZXAhbotm3Dx2gskxORSDaw/ue+e31Gr+<br>
brhmbIaYgt0FkeNkRfNUmrl6cHwyL5wRxxZNnN6YEEaQY4MGHXFlRwrO0+WhrJRp<br>
XGyM0MxC4q0fQ7/zNYwspqpeKScy3mgVPxFATGIv+6iWLuITJxeTAUEL6spb/94=<br>
=TDAy<br>
-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</blockquote></div>