The problem is in the sebek code itself. There are two lines in
af_packet.diff in the linux sebek client that are the culprit. Whoever
wrote the code is casting an lvalue to a char pointer which is
prohibited by gcc-4.01 complier and it's not recommended any longer.
It's not a good idea to cast an lvalue in either case (I'm not
criticizing anybody ;)). This is what gives you an error and it doesn't
build. There are two ways around it. One is to compile this with
gcc-3.4 which will only give you a warning saying that it is not a good
idea to cast an lvalue and that it's being depreciated in new version of
gcc (namely 4.0), or you can fix these two lines, which is little more
involved. I haven't gotten around to properly fixing this code yet, so
I don't have a fix for you but in order to build this just just 3.4 and
you should be fine. Hope this helps.
Mark J. Hufe wrote:
> I'm trying to install a Sebek client onto a SUSE 10.0 honeypot, but
> it's failing the make. This is with the gcc 4.01 compiler. I tried
> configuring first with the patched af_packet.c and then again by just
> copying af_packet.c from the linux source into the sebek path (after
> config) and still get the same failure. Any thoughts?
>
> See output below.
>
> - Mark
>
> patch ./src/af_packet.c ./src/af_packet.diff
> patching file ./src/af_packet.c
> Hunk #2 succeeded at 1048 (offset 6 lines).
> Hunk #3 succeeded at 1080 (offset 6 lines).
> Hunk #4 succeeded at 1092 (offset 6 lines).
> Hunk #5 succeeded at 1930 with fuzz 1 (offset 12 lines).
> ./gen_fudge.pl > ./src/fudge.h
> cp ./sbk_install.sh ./src
> cp ./parameters.sh ./src
> cd ./src; make -C /usr/src/linux
> SUBDIRS=/home/mjh/sebek-lin26-3.1.2b/src modules
> make[1]: Entering directory `/usr/src/linux-2.6.13-15.10'
>
> WARNING: Symbol version dump /usr/src/linux-2.6.13-15.10/Module.symvers
> is missing; modules will have no dependencies and modversions.
>
> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/sebek.o
> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/net.o
> In file included from /home/mjh/sebek-lin26-3.1.2b/src/net.c:24:
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c: In function
> ?packet_recvmsg?:
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1102: error: invalid
> lvalue in assignment
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1103: error: invalid
> lvalue in assignment
> /home/mjh/sebek-lin26-3.1.2b/src/net.c: In function ?sprintf_stats?:
> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%8lu?
> expects type ?long unsigned int?, but argument 12 has type ?u32?
> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%7lu?
> expects type ?long unsigned int?, but argument 13 has type ?u32?
> make[2]: *** [/home/mjh/sebek-lin26-3.1.2b/src/net.o] Error 1
> make[1]: *** [_module_/home/mjh/sebek-lin26-3.1.2b/src] Error 2
> make[1]: Leaving directory `/usr/src/linux-2.6.13-15.10'
> make: *** [sebek] Error 2
>
>
>
The problem is in the sebek code itself. There are two lines in
af_packet.diff in the linux sebek client that are the culprit. Whoever
wrote the code is casting an lvalue to a char pointer which is
prohibited by gcc-4.01 complier and it's not recommended any longer.
It's not a good idea to cast an lvalue in either case (I'm not
criticizing anybody ;)). This is what gives you an error and it doesn't
build. There are two ways around it. One is to compile this with
gcc-3.4 which will only give you a warning saying that it is not a good
idea to cast an lvalue and that it's being depreciated in new version of
gcc (namely 4.0), or you can fix these two lines, which is little more
involved. I haven't gotten around to properly fixing this code yet, so
I don't have a fix for you but in order to build this just just 3.4 and
you should be fine. Hope this helps.
The two lines that fail in af_packet.diff:
+ (char *)udp_ptr = (char *)skb->nh.iph + sizeof(struct iphdr);
+ (char *)s_ptr = (char *)udp_ptr + sizeof(struct udphdr);
Mark J. Hufe wrote:
> I'm trying to install a Sebek client onto a SUSE 10.0 honeypot, but
> it's failing the make. This is with the gcc 4.01 compiler. I tried
> configuring first with the patched af_packet.c and then again by just
> copying af_packet.c from the linux source into the sebek path (after
> config) and still get the same failure. Any thoughts?
>
> See output below.
>
> - Mark
>
> patch ./src/af_packet.c ./src/af_packet.diff
> patching file ./src/af_packet.c
> Hunk #2 succeeded at 1048 (offset 6 lines).
> Hunk #3 succeeded at 1080 (offset 6 lines).
> Hunk #4 succeeded at 1092 (offset 6 lines).
> Hunk #5 succeeded at 1930 with fuzz 1 (offset 12 lines).
> ./gen_fudge.pl > ./src/fudge.h
> cp ./sbk_install.sh ./src
> cp ./parameters.sh ./src
> cd ./src; make -C /usr/src/linux
> SUBDIRS=/home/mjh/sebek-lin26-3.1.2b/src modules
> make[1]: Entering directory `/usr/src/linux-2.6.13-15.10'
>
> WARNING: Symbol version dump /usr/src/linux-2.6.13-15.10/Module.symvers
> is missing; modules will have no dependencies and modversions.
>
> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/sebek.o
> CC [M] /home/mjh/sebek-lin26-3.1.2b/src/net.o
> In file included from /home/mjh/sebek-lin26-3.1.2b/src/net.c:24:
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c: In function
> ?packet_recvmsg?:
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1102: error: invalid
> lvalue in assignment
> /home/mjh/sebek-lin26-3.1.2b/src/af_packet.c:1103: error: invalid
> lvalue in assignment
> /home/mjh/sebek-lin26-3.1.2b/src/net.c: In function ?sprintf_stats?:
> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%8lu?
> expects type ?long unsigned int?, but argument 12 has type ?u32?
> /home/mjh/sebek-lin26-3.1.2b/src/net.c:489: warning: format ?%7lu?
> expects type ?long unsigned int?, but argument 13 has type ?u32?
> make[2]: *** [/home/mjh/sebek-lin26-3.1.2b/src/net.o] Error 1
> make[1]: *** [_module_/home/mjh/sebek-lin26-3.1.2b/src] Error 2
> make[1]: Leaving directory `/usr/src/linux-2.6.13-15.10'
> make: *** [sebek] Error 2
>
>
>
[ reply ]