Snort mailing list archives
Re: Snort with PF_RING - Compile question
From: Chris Chiaverini <cchiaverini () bnl gov>
Date: Tue, 12 Apr 2016 11:09:23 -0400
Thank you, I will try testing with a different version.In the meantime, attached is the config.log with more details on it. This looks to be a key point:
configure:14441: result: yes configure:14622: checking for pcap_datalink in -lpcapconfigure:14647: gcc -o conftest -g -O2 -I/usr/local/lib/ -I/usr/local/include -I/usr/local/include -L/usr/local/lib -L/usr/local/lib -L/usr/local/lib conftest.c -lpcap -lnsl -lm -lm >&5
/usr/local/lib/libpcap.a(pcap.o): In function `pcap_breakloop': (.text+0x744): undefined reference to `pfring_breakloop' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_read_packet': (.text+0x2ac): undefined reference to `pfring_recv' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_stats_linux': (.text+0xcc3): undefined reference to `pfring_stats' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_cleanup_linux': (.text+0x11d0): undefined reference to `pfring_close'/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_setfilter_linux_common':
(.text+0x1c67): undefined reference to `pfring_get_bound_device_ifindex' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x2c6b): undefined reference to `pfring_enable_ring' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x2c77): undefined reference to `pfring_get_selectable_fd' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x2d60): undefined reference to `pfring_open' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x2d92): undefined reference to `pfring_set_socket_mode' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x2e39): undefined reference to `pfring_set_poll_watermark' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x3505): undefined reference to `pfring_enable_rss_rehash' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x3975): undefined reference to `pfring_set_application_name' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x39ae): undefined reference to `pfring_set_cluster' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x417b): undefined reference to `pfring_set_cluster' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x433b): undefined reference to `pfring_set_cluster' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x44fe): undefined reference to `pfring_set_cluster' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux': (.text+0x4536): undefined reference to `pfring_set_cluster'/usr/local/lib/libpcap.a(pcap-linux.o):(.text+0x4553): more undefined references to `pfring_set_cluster' follow
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_get_pfring_id': (.text+0x5203): undefined reference to `pfring_get_ring_id' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_watermark': (.text+0x526b): undefined reference to `pfring_set_poll_watermark'/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_setdirection_linux':
(.text+0x1ea9): undefined reference to `pfring_set_direction'/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_setdirection_linux':
(.text+0x1eb8): undefined reference to `pfring_set_direction' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_inject_linux': (.text+0x1f9b): undefined reference to `pfring_send'/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_appl_name_linux':
(.text+0x513d): undefined reference to `pfring_set_application_name' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_cluster': (.text+0x515f): undefined reference to `pfring_set_cluster' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_master_id': (.text+0x5218): undefined reference to `pfring_set_master_id' /usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_master': (.text+0x522f): undefined reference to `pfring_set_master'/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_application_name':
(.text+0x5248): undefined reference to `pfring_set_application_name'
collect2: error: ld returned 1 exit status
configure:14647: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL ""
| #define PACKAGE "snort"
| #define VERSION "2.9.8.2"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| #define LT_OBJDIR ".libs/"
| #define LINUX 1
| #define HAVE__BOOL 1
| #define HAVE_STDBOOL_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_MATH_H 1
| #define HAVE_PATHS_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_WCHAR_H 1
| #define HAVE_LIBM 1
| #define HAVE_LIBM 1
| #define HAVE_LIBNSL 1
| #define HAVE_SIGACTION 1
| #define HAVE_STRERROR 1
| #define HAVE_VSWPRINTF 1
| #define HAVE_WPRINTF 1
| #define HAVE_MEMRCHR 1
| #define HAVE_INET_NTOP 1
| #define HAVE_SNPRINTF /**/
| #define HAVE_MALLOC_TRIM 1
| #define HAVE_MALLINFO 1
| #define SIZEOF_CHAR 1
| #define SIZEOF_SHORT 2
| #define SIZEOF_INT 4
| #define SIZEOF_LONG_INT 8
| #define SIZEOF_LONG_LONG_INT 8
| #define SIZEOF_UNSIGNED_INT 4
| #define SIZEOF_UNSIGNED_LONG_INT 8
| #define SIZEOF_UNSIGNED_LONG_LONG_INT 8
| #define HAVE_U_INT8_T 1
| #define HAVE_U_INT16_T 1
| #define HAVE_U_INT32_T 1
| #define HAVE_U_INT64_T 1
| #define HAVE_UINT8_T 1
| #define HAVE_UINT16_T 1
| #define HAVE_UINT32_T 1
| #define HAVE_UINT64_T 1
| #define HAVE_INT8_T 1
| #define HAVE_INT16_T 1
| #define HAVE_INT32_T 1
| #define HAVE_INT64_T 1
| #define ERRLIST_PREDEFINED 1
| #define HAVE___FUNCTION__ 1
| /* end confdefs.h. */
|
| /* Override any GCC internal prototype to avoid an error.
| Use char because int might match the return type of a GCC
| builtin and then its argument prototype would still apply. */
| #ifdef __cplusplus
| extern "C"
| #endif
| char pcap_datalink ();
| int
| main ()
| {
| return pcap_datalink ();
| ;
| return 0;
| }
Regards,
Chris Chiaverini
On 04/12/2016 09:54 AM, Balasubramaniam Natarajan wrote:
You could be having a problem with libdumbnet or the former libdnet.On Tue, Apr 12, 2016 at 2:26 AM, Chris Chiaverini <cchiaverini () bnl gov <mailto:cchiaverini () bnl gov>> wrote:Hello, Has anyone compiled Snort w/ pfring on RHEL 7.x? I am attempting on 7.2 and hitting an issue with libpcap linking. I used the NTOP PF_RING RPM with snort source and it appears to be a basic linking problem but I have specified them within the configure options: [root@squealer snort-2.9.8.2]# rpm -ql pfring /etc/init.d/cluster /etc/init.d/pf_ring /etc/init/pf_ring.conf /etc/ld.so.conf.d/pf_ring.conf /lib64/libanic.so /lib64/libntapi.so /lib64/libntos.so /lib64/libsnf.so /usr/local/bin/pfcount /usr/local/bin/pfdnabounce /usr/local/bin/pfdnacluster_master /usr/local/bin/pfsend /usr/local/bin/zbalance_ipc /usr/local/bin/zcount /usr/local/bin/zcount_ipc /usr/local/bin/zsend /usr/local/include/linux/pf_ring.h /usr/local/include/pfring.h /usr/local/include/pfring_zc.h /usr/local/lib/daq/daq_pfring.la <http://daq_pfring.la> /usr/local/lib/daq/daq_pfring.so /usr/local/lib/daq/daq_pfring_zc.la <http://daq_pfring_zc.la> /usr/local/lib/daq/daq_pfring_zc.so */usr/local/lib/libpcap.a** **/usr/local/lib/libpcap.so.1.6.2* /usr/local/lib/libpfring.a /usr/local/lib/libpfring.so /usr/local/lib/libsfbpf.so.0 /usr/local/lib/libsfbpf.so.0.0.1 /usr/local/pfring/README-DAQ.1st /usr/local/pfring/README.FIRST [root@squealer snort-2.9.8.2]# ll /usr/local/lib/libpcap.* *-rw-r--r--. 1 root root 479112 Apr 9 09:26 /usr/local/lib/libpcap.a** **lrwxrwxrwx. 1 root root 16 Apr 4 14:25 /usr/local/lib/libpcap.so.1 -> libpcap.so.1.6.2** **-rwxr-xr-x. 1 root root 1377998 Apr 9 09:26 /usr/local/lib/libpcap.so.1.6.2* [root@squealer snort-2.9.8.2]# [root@squealer snort-2.9.8.2]# cat ../configure_snort.sh #!/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/dell/srvadmin/bin:/opt/dell/srvadmin/sbin:/root/bin:/opt/daq/bin LD_LIBRARY_PATH=/opt/daq/lib:*/usr/local/lib*:/lib64:/lib:/usr/lib64:/usr/lib:/usr/local/lib/daq export PATH LD_LIBRARY_PATH ./configure --prefix=/opt/snort-2.9.8.2 --with-dnet-includes=/usr/local/include --with-dnet-libraries=/usr/local/lib *--with-libpcap-includes=/usr/local/lib/ **--with-libpcap-libraries=/usr/local/lib *--with-libpfring-includes=/usr/local/include/daq --with-libpfring-libraries=/usr/local/lib/daq --with-daq-libraries=/usr/local/lib --with-daq-includes=/usr/local/include \ --enable-sourcefire \ --enable-zlib \ --enable-perfprofiling \ --enable-gre \ --enable-mpls \ --enable-targetbased \ --enable-ppm \ --enable-perfprofiling \ --enable-active-response \ --enable-normalizer \ --enable-reload \ --enable-react \ --enable-flexresp3 \ --enable-linux-smp-stats \ --enable-large-pcap \ --enable-targetbased \ --enable-sourcefire [root@squealer snort-2.9.8.2]# [root@squealer snort-2.9.8.2]# sh ../configure_snort.sh configure: WARNING: unrecognized options: --enable-zlib checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for a thread-safe mkdir -p... /usr/bin/mkdir -p checking for gawk... gawk checking whether make sets $(MAKE)... yes <OMMITTED> checking for INADDR_NONE... yes checking for __FUNCTION__... yes checking for pcap_datalink in -lpcap... no checking pfring.h usability... yes checking pfring.h presence... yes checking for pfring.h... yes checking for pfring_open in -lpfring... no *checking for pfring_open in -lpcap... no** ** ** ERROR! Libpcap library/headers (libpcap.a (or .so)/pcap.h)** ** not found, go get it from http://www.tcpdump.org** ** or use the --with-libpcap-* options, if you have it installed** ** in unusual place. Also check if your libpcap depends on another** ** shared library that may be installed in an unusual place* [root@squealer snort-2.9.8.2]#--Regards, Chris Chiaverini ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -- Regards, Balasubramaniam Natarajan http://blog.etutorshop.com https://www.youracclaim.com/user/balasubramaniam-natarajan
Attachment:
config.log
Description:
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort with PF_RING - Compile question Chris Chiaverini (Apr 11)
- Re: Snort with PF_RING - Compile question Balasubramaniam Natarajan (Apr 12)
- Re: Snort with PF_RING - Compile question Chris Chiaverini (Apr 12)
- Re: Snort with PF_RING - Compile question Eugenio PĂ©rez (Apr 18)
- Re: Snort with PF_RING - Compile question Chris Chiaverini (Apr 12)
- Re: Snort with PF_RING - Compile question Balasubramaniam Natarajan (Apr 12)