Snort mailing list archives

Previous By Date Next
Previous By Thread Next

PF_RING DAQ with Snort 2.9.3 compile errors

From: Robert Vineyard <vineyard () tuffmail com>
Date: Mon, 23 Jul 2012 18:46:00 -0400
Hello,

I posted this earlier to the ntop-misc mailing list, but it occurred to 
me that it might be worthwhile to pose this question to a wider audience 
within the Snort community.

I am trying to build the current PF_RING DAQ module from SVN trunk, and 
after fixing a typo in the configure.ac file (it was searching for 
libpcap.a and libpfring.a in hard-coded locations instead of honoring 
the paths passed in to ./configure), I am encountering errors when 
compiling against the DAQ 1.1.1 library that ships with Snort 2.9.3.

The relevant messages from gcc are as follows:

daq_pfring.c: In function 'pfring_daq_acquire':
daq_pfring.c:577:10: error: 'DAQ_PktHdr_t' has no member named 
'device_index'
daq_pfring.c: In function 'pfring_daq_inject':
daq_pfring.c:669:39: error: 'DAQ_PktHdr_t' has no member named 
'device_index'

Looking at the daq_common.h header file from the DAQ 1.1.1 distribution, 
it appears that the "device_index" field has been split out into 
"ingress_index" and "egress_index":

typedef struct _daq_pkthdr
{
     struct timeval ts;      /* Timestamp */
     uint32_t caplen;        /* Length of the portion present */
     uint32_t pktlen;        /* Length of this packet (off wire) */
     int32_t ingress_index;  /* Index of the inbound interface. */
     int32_t egress_index;   /* Index of the outbound interface. */
     int32_t ingress_group;  /* Index of the inbound group. */
     int32_t egress_group;   /* Index of the outbound group. */
     uint32_t flags;         /* Flags for the packet (DAQ_PKT_FLAG_*) */
     uint32_t opaque;        /* Opaque context value from the DAQ module 
or underlying hardware.
                                Directly related to the opaque value in 
FlowStats. */
     void *priv_ptr;         /* Private data pointer */
} DAQ_PktHdr_t;


Before I go too deep down this rabbit-hole, are there any planned fixes 
or workarounds for this issue?

Thanks,
Robert Vineyard

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: