[Oisf-users] Problem with non-bundled libhtp

Anoop Saldanha anoopsaldanha at gmail.com
Wed Jul 17 02:51:58 UTC 2013 

On Wed, Jul 17, 2013 at 4:47 AM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi All,
>
> I'm recovering from a critical failure of our suricata sensor and am in
> the process of trying to rebuild the current dev release.
>
> Was libhtp unbundled in the last few days?  I got an error saying it
> wasn't bundled so I tried building it from source.  When I tried
> building suri I encounter this issue:
>
>> gcc -DHAVE_CONFIG_H -I. -I..   -I/usr/include/nspr  -I/usr/include/nss -I/usr/include/nspr  -DLOCAL_STATE_DIR=\"/var\" -g -O2 -Wextra -Werror-implicit-function-declaration -fno-tree-pre -Wall -fno-strict-aliasing -Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_LIBNET_ICMPV6_UNREACH  -I/usr/include -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -DREVISION="f4dcba6" -MT app-layer-htp.o -MD -MP -MF .deps/app-layer-htp.Tpo -c -o app-layer-htp.o app-layer-htp.c
>> app-layer-htp.c: In function 'HTPCallbackDoubleDecodeQuery':
>> app-layer-htp.c:1970:5: error: implicit declaration of function 'htp_urldecode_inplace' [-Werror=implicit-function-declaration]
>> cc1: some warnings being treated as errors
>> make[3]: *** [app-layer-htp.o] Error 1
>> make[3]: Leaving directory `/usr/src/oisf/src'
>> make[2]: *** [all] Error 2
>> make[2]: Leaving directory `/usr/src/oisf/src'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory `/usr/src/oisf'
>
> Any idea?'
>

Yes, it has been unbundled.   We have now moved to libhtp-0.5.x.  If
you are rebuilding you will have to do so from Ivan's repo and pull
out the 0.5.x branch - https://github.com/ironbee/libhtp/tree/0.5.x

Rebuilding wise it works the same as before.  Let's cal the suricata
directory as SURICATA_ROOT.  If you have libhtp-0.5.x contents in
libhtp folder of $SURICATA_ROOT, .configure/make should work for both
suricata and libhtp directly from $SURICATA_ROOT, without
necessitating --enable-non-bundled-htp option.  Or you can pull it to
some other directory and build it using --enable-non-bundled-option.

-- 
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------

More information about the Oisf-users mailing list