基于ubuntu-20.04.3的snort+Barnyard2+BASE的入侵检测系统安装时Barnyard2反编译时出错解决

在按照https://www.modb.pro/db/159797大佬的博客安装IDS，在安装Barnyard2时

sudo apt-get install -y mysql-server libmysqlclient-dev mysql-client autoconf libtool
tar zxvf barnyard2-2-1.13.tar.gz

cd barnyard2-2-1.13

autoreconf -fvi -I ./

./configure --with-mysql --with-mysql-libraries=/usr/lib/x86_64-linux-gnu

sudo make

sudo make install

当进行sudo make到，报了很多错误，在网上冲了几个小时，并没有找到相应的解答，直到看到这位大佬的文章
其中提到了第一个报错：po_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers是源代码的bug，醍醐灌顶，直接改代码不就行了！

错误一：spo_alert_fwsam.c文件语法错误

po_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers
  118 | typedef int SOCKET;
      |             ^~~~~~
spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration
  118 | typedef int SOCKET;
      | ^~~~~~~
In file included from /usr/local/include/pcap/pcap.h:130,
                 from /usr/local/include/pcap.h:43,
                 from ../barnyard2.h:46,
                 from spo_alert_fwsam.c:91:
spo_alert_fwsam.c:118:13: error: two or more data types in declaration specifiers
  118 | typedef int SOCKET;
      |             ^~~~~~
spo_alert_fwsam.c:118:1: warning: useless type name in empty declaration
  118 | typedef int SOCKET;
      | ^~~~~~~
spo_alert_fwsam.c: In function ‘FWsamReadLine’:
spo_alert_fwsam.c:620:9: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
  620 |         if(p>buf);
      |         ^~
spo_alert_fwsam.c:621:13: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
  621 |             strcpy(buf,p);
      |             ^~~~~~
spo_alert_fwsam.c: In function ‘FWsamReadLine’:
spo_alert_fwsam.c:620:9: warning: this ‘if’ clause does not guard... [-Wmisleading-indentation]
  620 |         if(p>buf);
      |         ^~
spo_alert_fwsam.c:621:13: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the ‘if’
  621 |             strcpy(buf,p);
      |             ^~~~~~
spo_alert_fwsam.c: In function ‘AlertFWsam’:
spo_alert_fwsam.c:979:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
  979 |     ClassType   *cn = NULL;
      |                  ^~
spo_alert_fwsam.c:978:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable]
  978 |     SigNode     *sn = NULL;
      |                  ^~
spo_alert_fwsam.c: In function ‘AlertFWsam’:
spo_alert_fwsam.c:979:18: warning: variable ‘cn’ set but not used [-Wunused-but-set-variable]
  979 |     ClassType   *cn = NULL;
      |                  ^~
spo_alert_fwsam.c:978:18: warning: variable ‘sn’ set but not used [-Wunused-but-set-variable]
  978 |     SigNode     *sn = NULL;
      |                  ^~
spo_alert_fwsam.c:971:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable]
  971 |     static unsigned short lastbsp[FWSAM_REPET_BLOCKS];
      |                           ^~~~~~~
spo_alert_fwsam.c:971:27: warning: variable ‘lastbsp’ set but not used [-Wunused-but-set-variable]
  971 |     static unsigned short lastbsp[FWSAM_REPET_BLOCKS];
      |                           ^~~~~~~
make[3]: *** [Makefile:391：spo_alert_fwsam.o] 错误 1
make[3]: 离开目录“/home/isis/barnyard2-2-1.13/src/output-plugins”
make[2]: *** [Makefile:497：all-recursive] 错误 1
make[2]: 离开目录“/home/isis/barnyard2-2-1.13/src”
make[1]: *** [Makefile:412：all-recursive] 错误 1
make[1]: 离开目录“/home/isis/barnyard2-2-1.13”
make: *** [Makefile:344：all] 错误 2
make[2]: *** [Makefile:391：spo_alert_fwsam.o] 错误 1
make[2]: 离开目录“/home/isis/barnyard2-2-1.13/src/output-plugins”
make[1]: *** [Makefile:497：install-recursive] 错误 1
make[1]: 离开目录“/home/isis/barnyard2-2-1.13/src”
make: *** [Makefile:412：install-recursive] 错误 1
[2]-  退出 2                sudo make

具体解决方法如下：
用ubuntu自带的文本编辑器打开文件/barnyard2-2-1.13/src/output-plugins/spo_alert_fwsam.c
修改以下内容：

1. 用Barnyard2_SOCKET替换SOCKET

118 - typedef int SOCKET;				//用Barnyard2_SOCKET替换SOCKET
    + typedef int Barnyard2_SOCKET;
    ……
964 - SOCKET stationsocket;
    + BARNYARD2_SOCKET stationsocket;
    ……
1390 - SOCKET stationsocket;
     + BARNYARD2_SOCKET stationsocket;
1541 - SOCKET stationsocket;
     + BARNYARD2_SOCKET stationsocket;

2. 删除if语句后的分号

620  if(p>buf);			//删除分号
621     strcpy(buf,p);

3. 其他错误应该是误报，可以忽视。

再次sudo make时，问题一就解决了，但这只是一个开始！再次运行sudo make时，又出现了错误

问题二：spo_database.h文件出错

In file included from spo_database.c:103:
../output-plugins/spo_database.h:360:5: error: unknown type name ‘my_bool’
  360 |     my_bool mysql_reconnect; /* We will handle it via the api. */
      |     ^~~~~~~
In file included from spo_database.c:103:
../output-plugins/spo_database.h:360:5: error: unknown type name ‘my_bool’
  360 |     my_bool mysql_reconnect; /* We will handle it via the api. */

出现这个错误是因为在 MySQL 8 中，my_bool 被重命名为 bool。
解决方法很简单:用ubuntu自带的文本编辑器打开文件/barnyard2-2-1.13/src/output-plugins/spo_database.h

用bool替换my_bool

再次运行sudo make，依旧报错

问题三：spo_database_cache.c文件报错

spo_database_cache.c: In function ‘SignatureReferenceCacheUpdateDBid’:
spo_database_cache.c:5270:6: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
 5270 |      memset(sigRefArr,'\0',MAX_REF_OBJ);
      |      ^~~~~~
spo_database_cache.c: In function ‘SignatureReferenceCacheUpdateDBid’:
spo_database_cache.c:5270:6: warning: ‘memset’ used with length equal to number of elements without multiplication by element size [-Wmemset-elt-size]
 5270 |      memset(sigRefArr,'\0',MAX_REF_OBJ);

函数解释：
memset：作用是在一段内存块中填充某个给定的值，它是对较大的结构体或数组进行清零操作的一种最快方法 。

void *memset(void *s, int ch, size_t n); //将s中当前位置后面的n个字节 （typedef unsigned int size_t ）用 ch 替换并返回 s 

在此文件中的memset是多余的. 因为这块内存马上就被全部覆盖，清零没有意义.
解决方法很简单

用/**/注释memset(sigRefArr,'\0',MAX_REF_OBJ);，忽略此函数

最后在运行sudo make && sudo make install，就成功啦