[Oisf-users] Problem with non-bundled libhtp
Duarte Silva
duarte.silva at serializing.me
Wed Jul 17 06:29:31 UTC 2013
Hi Cooper,
I had the same problems and the solution was to use the libhtp 0.5.x
branch. When you clone the repository, don't forget to do "git checkout
0.5.x". You will find the function declared on "htp.h" and implemented in
the "htp_util.c" (if I'm not mistaken).
Best regards,
Duarte
On 17 Jul 2013 06:00, "Cooper F. Nelson" <cnelson at ucsd.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Looks like this function isn't defined anywhere:
>
> > oisf # fgrep -R htp_urldecode_inplace *
> > src/app-layer-htp-libhtp.c: htp_urldecode_inplace(tx->cfg,
> HTP_DECODER_URLENCODED, query, &flags);
> > src/app-layer-htp.c: htp_urldecode_inplace(tx->cfg,
> HTP_DECODER_URLENCODED, tx->parsed_uri->query, &flags);
> > src/app-layer-htp.c: htp_urldecode_inplace(tx->cfg,
> HTP_DECODER_URL_PATH, tx->parsed_uri->path, &flags);
>
>
> On 7/16/2013 9:46 PM, Cooper F. Nelson wrote:
> > Still throwing an error:
> >
> >> gcc -DHAVE_CONFIG_H -I. -I.. -I./../libhtp/ -I/usr/include/nspr
> -I/usr/include/nss -I/usr/include/nspr -DLOCAL_STATE_DIR=\"/var\" -g -O2
> -Wextra -Werror-implicit-function-declaration -fno-tree-pre -Wall
> -fno-strict-aliasing -no-unused-parameter -std=gnu99 -march=native
> -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD
> -DHAVE_NET_ETHERNET_H -DHAVE_LIBNET_ICMPV6_UNREACH -I/usr/include
> -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCP_NG
> -DREVISION="f4dcba6" -MT app-layer-htp.o -MD -MP -MF
> .deps/app-layer-htp.Tpo -c -o app-layer-htp.o app-layer-htp.c
> >> app-layer-htp.c: In function 'HTPCallbackDoubleDecodeQuery':
> >> app-layer-htp.c:1970:5: error: implicit declaration of function
> 'htp_urldecode_inplace' [-Werror=implicit-function-declaration]
> >> cc1: some warnings being treated as errors
> >
> >
> > On 7/16/2013 7:51 PM, Anoop Saldanha wrote:
> >
> >> Yes, it has been unbundled. We have now moved to libhtp-0.5.x. If
> >> you are rebuilding you will have to do so from Ivan's repo and pull
> >> out the 0.5.x branch - https://github.com/ironbee/libhtp/tree/0.5.x
> >
> >> Rebuilding wise it works the same as before. Let's cal the suricata
> >> directory as SURICATA_ROOT. If you have libhtp-0.5.x contents in
> >> libhtp folder of $SURICATA_ROOT, .configure/make should work for both
> >> suricata and libhtp directly from $SURICATA_ROOT, without
> >> necessitating --enable-non-bundled-htp option. Or you can pull it to
> >> some other directory and build it using --enable-non-bundled-option.
> >
> >
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > OISF: http://www.openinfosecfoundation.org/
> >
>
> - --
> Cooper Nelson
> Network Security Analyst
> UCSD ACT Security Team
> cnelson at ucsd.edu x41042
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJR5iTjAAoJEKIFRYQsa8FWi4UH/0oF/CmXRYgHeAx75tzbvNIP
> Y18S+WgR3/TXvygW4KP4Gl3T9A0aGKOLwrHNMCUNvUq+fHxExGwdU+tWyuw+ErD9
> ZwcgHxSRf6oRWQz1l33HrlgDqWdq+8ICTZpokDkbbUVfcL9NEIq3ZjQvCfMJXVp9
> mJ0JrY0zcWJQQTctLk74LFS7Y2U7bEMxZXAhbotm3Dx2gskxORSDaw/ue+e31Gr+
> brhmbIaYgt0FkeNkRfNUmrl6cHwyL5wRxxZNnN6YEEaQY4MGHXFlRwrO0+WhrJRp
> XGyM0MxC4q0fQ7/zNYwspqpeKScy3mgVPxFATGIv+6iWLuITJxeTAUEL6spb/94=
> =TDAy
> -----END PGP SIGNATURE-----
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130717/67702ad7/attachment-0002.html>
More information about the Oisf-users
mailing list