I thought there might be a compiler fix, either a flag or version, but
went the code fixing route. It turns out that the problem was known and
that there was a fix. It just wasn't in the distribution, yet.
I checked this morning and the fix is there. As an FYI, here's what the
it looks like:
Alen Capalik wrote:
> Mark,
>
> The problem is in the sebek code itself. There are two lines in
> af_packet.diff in the linux sebek client that are the culprit. Whoever
> wrote the code is casting an lvalue to a char pointer which is
> prohibited by gcc-4.01 complier and it's not recommended any longer.
> It's not a good idea to cast an lvalue in either case (I'm not
> criticizing anybody ;)). This is what gives you an error and it doesn't
> build. There are two ways around it. One is to compile this with
> gcc-3.4 which will only give you a warning saying that it is not a good
> idea to cast an lvalue and that it's being depreciated in new version of
> gcc (namely 4.0), or you can fix these two lines, which is little more
> involved. I haven't gotten around to properly fixing this code yet, so
> I don't have a fix for you but in order to build this just just 3.4 and
> you should be fine. Hope this helps.
>
> The two lines that fail in af_packet.diff:
>
> + (char *)udp_ptr = (char *)skb->nh.iph + sizeof(struct iphdr);
> + (char *)s_ptr = (char *)udp_ptr + sizeof(struct udphdr);
>
>
> Mark J. Hufe wrote:
>
>> I'm trying to install a Sebek client onto a SUSE 10.0 honeypot, but
>> it's failing the make. This is with the gcc 4.01 compiler. I tried
>> configuring first with the patched af_packet.c and then again by just
>> copying af_packet.c from the linux source into the sebek path (after
>> config) and still get the same failure. Any thoughts?
>>
>> See output below.
>>
>> - Mark
>>
>> patch ./src/af_packet.c ./src/af_packet.diff
>> patching file ./src/af_packet.c
>> Hunk #2 succeeded at 1048 (offset 6 lines).
>> Hunk #3 succeeded at 1080 (offset 6 lines).
>> Hunk #4 succeeded at 1092 (offset 6 lines).
>> Hunk #5 succeeded at 1930 with fuzz 1 (offset 12 lines).
>> ./gen_fudge.pl > ./src/fudge.h
>> cp ./sbk_install.sh ./src
>> cp ./parameters.sh ./src
>> cd ./src; make -C /usr/src/linux
>> SUBDIRS=/home/mjh/sebek-lin26-3.1.2b/src modules
>> make[1]: Entering directory `/usr/src/linux-2.6.13-15.10'
>>
>> WARNING: Symbol version dump /usr/src/linux-2.6.13-15.10/Module.symvers
>> is missing; modules will have no dependencies and modversions.
>>
>> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/sebek.o
>> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/net.o
>> In file included from /home/mjh/sebek-lin26-3.1.2b/src/net.c:24:
>> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c: In function
>> ?packet_recvmsg?:
>> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1102: error: invalid
>> lvalue in assignment
>> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1103: error: invalid
>> lvalue in assignment
>> /home/mjh/sebek-lin26-3.1.2b/src/net.c: In function ?sprintf_stats?:
>> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%8lu?
>> expects type ?long unsigned int?, but argument 12 has type ?u32?
>> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%7lu?
>> expects type ?long unsigned int?, but argument 13 has type ?u32?
>> make[2]: *** [/home/mjh/sebek-lin26-3.1.2b/src/net.o] Error 1
>> make[1]: *** [_module_/home/mjh/sebek-lin26-3.1.2b/src] Error 2
>> make[1]: Leaving directory `/usr/src/linux-2.6.13-15.10'
>> make: *** [sebek] Error 2
>>
>>
>>
>
>
>
Thanks for the feedback!
I thought there might be a compiler fix, either a flag or version, but
went the code fixing route. It turns out that the problem was known and
that there was a fix. It just wasn't in the distribution, yet.
I checked this morning and the fix is there. As an FYI, here's what the
it looks like:
+ udp_ptr = (u32 *)((char *)skb->nh.iph + sizeof(struct iphdr));
+ s_ptr = (struct updhdr *)((char *)udp_ptr + sizeof(struct udphdr));
The fixed version is: sebek-lin26-3.1.3c.tar.gz
Best regards,
Mark
Alen Capalik wrote:
> Mark,
>
> The problem is in the sebek code itself. There are two lines in
> af_packet.diff in the linux sebek client that are the culprit. Whoever
> wrote the code is casting an lvalue to a char pointer which is
> prohibited by gcc-4.01 complier and it's not recommended any longer.
> It's not a good idea to cast an lvalue in either case (I'm not
> criticizing anybody ;)). This is what gives you an error and it doesn't
> build. There are two ways around it. One is to compile this with
> gcc-3.4 which will only give you a warning saying that it is not a good
> idea to cast an lvalue and that it's being depreciated in new version of
> gcc (namely 4.0), or you can fix these two lines, which is little more
> involved. I haven't gotten around to properly fixing this code yet, so
> I don't have a fix for you but in order to build this just just 3.4 and
> you should be fine. Hope this helps.
>
> The two lines that fail in af_packet.diff:
>
> + (char *)udp_ptr = (char *)skb->nh.iph + sizeof(struct iphdr);
> + (char *)s_ptr = (char *)udp_ptr + sizeof(struct udphdr);
>
>
> Mark J. Hufe wrote:
>
>> I'm trying to install a Sebek client onto a SUSE 10.0 honeypot, but
>> it's failing the make. This is with the gcc 4.01 compiler. I tried
>> configuring first with the patched af_packet.c and then again by just
>> copying af_packet.c from the linux source into the sebek path (after
>> config) and still get the same failure. Any thoughts?
>>
>> See output below.
>>
>> - Mark
>>
>> patch ./src/af_packet.c ./src/af_packet.diff
>> patching file ./src/af_packet.c
>> Hunk #2 succeeded at 1048 (offset 6 lines).
>> Hunk #3 succeeded at 1080 (offset 6 lines).
>> Hunk #4 succeeded at 1092 (offset 6 lines).
>> Hunk #5 succeeded at 1930 with fuzz 1 (offset 12 lines).
>> ./gen_fudge.pl > ./src/fudge.h
>> cp ./sbk_install.sh ./src
>> cp ./parameters.sh ./src
>> cd ./src; make -C /usr/src/linux
>> SUBDIRS=/home/mjh/sebek-lin26-3.1.2b/src modules
>> make[1]: Entering directory `/usr/src/linux-2.6.13-15.10'
>>
>> WARNING: Symbol version dump /usr/src/linux-2.6.13-15.10/Module.symvers
>> is missing; modules will have no dependencies and modversions.
>>
>> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/sebek.o
>> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/net.o
>> In file included from /home/mjh/sebek-lin26-3.1.2b/src/net.c:24:
>> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c: In function
>> ?packet_recvmsg?:
>> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1102: error: invalid
>> lvalue in assignment
>> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1103: error: invalid
>> lvalue in assignment
>> /home/mjh/sebek-lin26-3.1.2b/src/net.c: In function ?sprintf_stats?:
>> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%8lu?
>> expects type ?long unsigned int?, but argument 12 has type ?u32?
>> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%7lu?
>> expects type ?long unsigned int?, but argument 13 has type ?u32?
>> make[2]: *** [/home/mjh/sebek-lin26-3.1.2b/src/net.o] Error 1
>> make[1]: *** [_module_/home/mjh/sebek-lin26-3.1.2b/src] Error 2
>> make[1]: Leaving directory `/usr/src/linux-2.6.13-15.10'
>> make: *** [sebek] Error 2
>>
>>
>>
>
>
>
[ reply ]