Snort mailing list archives
FW: Phil Wood Libpcap Installation Problems
From: "IT Security" <ITSEC () 24hourfit com>
Date: Thu, 1 Feb 2007 14:46:31 -0800
-----Original Message----- From: IT Security Sent: Monday, January 29, 2007 10:56 PM To: 'Darryl Taylor' Subject: RE: [Snort-users] Phil Wood Libpcap Installation Problems Darryl - Thanks for all of the help. Your advice below seems to be right on with what I found. For whatever reason, libpcap seems to compile and install just fine using yacc, however, it causes the snort compile to blow up. After installing bison, all seemed to go well. Interesting... FYI, I am not running in Vmware or on a 64bit system. I'm pretty sure that bison is part of the standard build of Redhat/CentOS, but it seems to not be part of our minimal system configuration. From my experience, I haven't run across too many organizations that actually only install what they need on their systems, so I'd be willing to bet that's why this hasn't surfaced before. ...or I'm just an idiot and didn't know that I needed bison... Anyway, thanks again for the help. Snort is gobbling up the traffic now! -----Original Message----- From: Darryl Taylor [mailto:darryl.taylor () sourcefire com] Sent: Sunday, January 28, 2007 4:08 PM To: IT Security Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I built a CentOS 4.4 Server VM. Besides having a few packages missing to complete the compile, I didn't have a problem. What exact dot release are you running. I have attached my typescript from the build in case you can see anything that might be different from your build. One package that wasn't required but there was a complaint about was bison. Software seems to like flex/bison instead of lex/yacc. I looked in your ./configure for pcap and you don't appear to have bison installed so your build process reverts to lex/yacc. So try installing bison and we will be on a level playing field. Other than that, I can't see anything wrong. Do you have VMWare running? Are you running on a 64bit system? We will figure this out. Can you attach your config.log from libpcap and snort. Thx. Darryl Taylor Security Engineer SOURCEfire Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6 Key: http://demo.sourcefire.com/dtaylor.pgp.key IT Security wrote:
Thanks for the help. I appreciate it. -----Original Message----- From: darryl.taylor () sourcefire com [mailto:darryl.taylor () sourcefire com] Sent: Wednesday, January 24, 2007 6:19 PM To: IT Security Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems I am gonna have to replicate your environment using CentOS 4 in a VM. I'm a little busy so it will take me a few days. Sent from my Verizon Wireless BlackBerry -----Original Message----- From: "IT Security" <ITSEC () 24hourfit com> Date: Wed, 24 Jan 2007 13:05:17 To:"Darryl Taylor" <darryl.taylor () sourcefire com> Subject: RE: [Snort-users] Phil Wood Libpcap Installation Problems I totally get that. Here is EXACTLY what I'm doing. In /home/user/source/libpcap/libpcap ./configure --enable-shared --libdir=/usr/lib checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking build system
type...
i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking for style of include used by make... GNU checking for gcc... gcc checking for C compiler default output... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using
the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking dependency style of gcc... none checking gcc version... 3 checking for
gawk... (cached) gawk checking for gcc... (cached) gcc checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to
accept ANSI C...
(cached) none needed checking dependency style of gcc... (cached) none
checking for a BSD-compatible install... /usr/bin/install -c checking whether ln -s works... yes checking for bison... no checking for byacc... byacc checking for ld used by GCC... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking for BSD-compatible nm... /usr/bin/nm -B checking for a sed that does not truncate output... /bin/sed checking how to recognise dependent libraries... pass_all checking command to parse /usr/bin/nm -B output... ok checking how to run the C preprocessor... gcc -E checking for egrep... grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for
strings.h...
yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for dlfcn.h... yes checking
for ranlib...
ranlib checking for strip... strip checking for objdir... .libs checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc static flag -static works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.lo... yes checking if gcc supports -fno-rtti -fno-exceptions... yes checking whether the linker (/usr/bin/ld)
supports shared libraries...
yes checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking dynamic linker characteristics... GNU/Linux ld.so checking if libtool supports shared libraries... yes checking whether to build shared
libraries...
yes checking whether to build static libraries... yes checking whether
-lc should be explicitly linked in... no creating libtool checking for
ANSI C header files... (cached) yes checking for dirent.h that defines
DIR... yes checking for library containing opendir... none required checking sys/ioccom.h usability... no checking sys/ioccom.h
presence...
no checking for sys/ioccom.h... no checking sys/sockio.h usability... no checking sys/sockio.h presence... no checking for sys/sockio.h... no checking ifaddrs.h usability... yes checking ifaddrs.h presence... yes checking for ifaddrs.h... yes checking limits.h usability... yes checking limits.h presence... yes checking for limits.h... yes checking for netinet/if_ether.h... yes checking for inline... inline checking for __attribute__... yes checking for ANSI ioctl definitions... yes checking for u_int8_t using gcc... yes checking for
u_int16_t using gcc... yes checking for u_int32_t using gcc... yes checking for an ANSI C-conforming const... yes checking for inline... inline checking for off_t... yes checking for pid_t... yes checking for size_t... yes checking for struct stat.st_rdev... yes checking whether time.h and sys/time.h may both be included... yes checking whether struct tm is in sys/time.h or time.h... time.h checking whether gcc needs -traditional... no checking whether sys/types.h defines makedev... yes checking return type of signal handlers... void
checking for ether_hostton... yes checking for strerror... yes checking for strlcpy... no checking whether ether_hostton is declared... no checking netinet/ether.h usability... yes checking
netinet/ether.h presence...
yes checking for netinet/ether.h... yes checking whether ether_hostton
is declared... yes checking for vsnprintf... yes checking for snprintf... yes checking if --disable-protochain option is
specified...
enabled checking packet capture type... linux checking generating other os sources... pcap-bpf.c pcap-pf.c pcap-enet.c pcap-snit.c pcap-nit.c pcap-snoop.c pcap-dlpi.c pcap-enet.c pcap-null.c pcap-dag.c
pcap-win32.c pcap-dos.c pcap-septel.c checking for getifaddrs... yes checking if --enable-ipv6 option is specified... no checking whether to build optimizer debugging code... no checking whether to build parser debugging code... no checking Linux kernel version... 2 checking if if_packet.h has tpacket_stats defined... yes checking if if_packet.h allows shared memory ring buffer... yes checking if hardware supports 64bit longs... yes checking whether we have /proc/net/dev... yes checking whether we have DAG API headers... no (/usr/local/include) checking whether we have Septel API... no checking for flex... flex checking for flex 2.4 or higher... yes checking for bison... no configure: WARNING: don't have both flex and bison; reverting to lex/yacc checking for capable lex... yes checking if sockaddr struct has sa_len member... no checking if sockaddr_storage struct exists... yes checking if dl_hp_ppa_info_t struct has dl_module_id_1 member... no checking if unaligned accesses fail... no checking for a BSD-compatible install... /usr/bin/install -c configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged config.status: executing depfiles commands make make make all-am make[1]: Entering directory `/home/jmauntel/source/libpcap/libpcap-0.9.20060417' /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o bpf_filter.lo `test -f 'bpf_filter.c' || echo './'`bpf_filter.c mkdir .libs gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
bpf_filter.c -fPIC -DPIC -o .libs/bpf_filter.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
bpf_filter.c -o bpf_filter.o >/dev/null 2>&1 mv -f .libs/bpf_filter.lo
bpf_filter.lo rm -f grammar.c make grammar.o make[2]: Entering directory `/home/jmauntel/source/libpcap/libpcap-0.9.20060417' yacc -d ./grammar.y mv y.tab.c grammar.c mv y.tab.h tokdefs.h gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c `test -f 'grammar.c' || echo './'`grammar.c make[2]: Leaving directory `/home/jmauntel/source/libpcap/libpcap-0.9.20060417' lex -t scanner.l > $$.scanner.c; mv $$.scanner.c scanner.c /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o scanner.lo `test -f 'scanner.c' || echo './'`scanner.c rm -f .libs/scanner.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
scanner.c -fPIC -DPIC -o .libs/scanner.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
scanner.c -o scanner.o >/dev/null 2>&1 mv -f .libs/scanner.lo scanner.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o grammar.lo `test -f 'grammar.c' || echo './'`grammar.c rm -f .libs/grammar.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
grammar.c -fPIC -DPIC -o .libs/grammar.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
grammar.c -o grammar.o >/dev/null 2>&1 mv -f .libs/grammar.lo grammar.lo sed -n -e 's/.*/static const char pcap_version_string[] = "libpcap version &";/p' ./VERSION > version.h echo `cat ./VERSION` | \ sed -e 's/.*/char pcap_version[] = "&";/' > version.c /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o version.lo `test -f 'version.c' || echo './'`version.c rm -f .libs/version.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
version.c -fPIC -DPIC -o .libs/version.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
version.c -o version.o >/dev/null 2>&1 mv -f .libs/version.lo version.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o pcap-linux.lo `test -f 'pcap-linux.c' || echo './'`pcap-linux.c rm -f .libs/pcap-linux.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
pcap-linux.c -fPIC -DPIC -o .libs/pcap-linux.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
pcap-linux.c -o pcap-linux.o >/dev/null 2>&1 mv -f .libs/pcap-linux.lo
pcap-linux.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o fad-getad.lo `test -f 'fad-getad.c' || echo './'`fad-getad.c rm -f .libs/fad-getad.lo gcc -DHAVE_CONFIG_H
"-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
fad-getad.c -fPIC -DPIC -o .libs/fad-getad.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
fad-getad.c -o fad-getad.o >/dev/null 2>&1 mv -f .libs/fad-getad.lo fad-getad.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o pcap.lo `test -f 'pcap.c' || echo './'`pcap.c rm -f .libs/pcap.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
pcap.c -fPIC -DPIC -o .libs/pcap.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
pcap.c -o pcap.o >/dev/null 2>&1 mv -f .libs/pcap.lo pcap.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o inet.lo `test -f 'inet.c' || echo './'`inet.c rm -f .libs/inet.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
inet.c -fPIC -DPIC -o .libs/inet.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
inet.c -o inet.o >/dev/null 2>&1 mv -f .libs/inet.lo inet.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o gencode.lo `test -f 'gencode.c' || echo './'`gencode.c rm -f .libs/gencode.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
gencode.c -fPIC -DPIC -o .libs/gencode.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
gencode.c -o gencode.o >/dev/null 2>&1 mv -f .libs/gencode.lo gencode.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o optimize.lo `test -f 'optimize.c' || echo './'`optimize.c rm -f .libs/optimize.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
optimize.c -fPIC -DPIC -o .libs/optimize.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
optimize.c -o optimize.o >/dev/null 2>&1 mv -f .libs/optimize.lo optimize.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o nametoaddr.lo `test -f 'nametoaddr.c' || echo './'`nametoaddr.c rm -f .libs/nametoaddr.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
nametoaddr.c -fPIC -DPIC -o .libs/nametoaddr.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
nametoaddr.c -o nametoaddr.o >/dev/null 2>&1 mv -f .libs/nametoaddr.lo
nametoaddr.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o etherent.lo `test -f 'etherent.c' || echo './'`etherent.c rm -f .libs/etherent.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
etherent.c -fPIC -DPIC -o .libs/etherent.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
etherent.c -o etherent.o >/dev/null 2>&1 mv -f .libs/etherent.lo etherent.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o savefile.lo `test -f 'savefile.c' || echo './'`savefile.c rm -f .libs/savefile.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
savefile.c -fPIC -DPIC -o .libs/savefile.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
savefile.c -o savefile.o >/dev/null 2>&1 mv -f .libs/savefile.lo savefile.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o bpf_image.lo `test -f 'bpf_image.c' || echo './'`bpf_image.c rm -f .libs/bpf_image.lo gcc -DHAVE_CONFIG_H
"-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
bpf_image.c -fPIC -DPIC -o .libs/bpf_image.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
bpf_image.c -o bpf_image.o >/dev/null 2>&1 mv -f .libs/bpf_image.lo bpf_image.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o bpf_dump.lo `test -f 'bpf_dump.c' || echo './'`bpf_dump.c rm -f .libs/bpf_dump.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
bpf_dump.c -fPIC -DPIC -o .libs/bpf_dump.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
bpf_dump.c -o bpf_dump.o >/dev/null 2>&1 mv -f .libs/bpf_dump.lo bpf_dump.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c -o pcap-ring.lo `test -f 'pcap-ring.c' || echo './'`pcap-ring.c rm -f .libs/pcap-ring.lo gcc -DHAVE_CONFIG_H
"-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
pcap-ring.c -fPIC -DPIC -o .libs/pcap-ring.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c
pcap-ring.c -o pcap-ring.o >/dev/null 2>&1 mv -f .libs/pcap-ring.lo pcap-ring.lo /bin/sh ./libtool --mode=link gcc -g -O2 -o libpcap.la -rpath /usr/lib -release 0.9.3 bpf_filter.lo scanner.lo grammar.lo version.lo
pcap-linux.lo fad-getad.lo pcap.lo inet.lo gencode.lo optimize.lo nametoaddr.lo etherent.lo savefile.lo bpf_image.lo bpf_dump.lo pcap-ring.lo rm -fr .libs/libpcap.la .libs/libpcap.* .libs/libpcap-0.9.3.* gcc -shared bpf_filter.lo scanner.lo grammar.lo
version.lo pcap-linux.lo fad-getad.lo pcap.lo inet.lo gencode.lo optimize.lo nametoaddr.lo etherent.lo savefile.lo bpf_image.lo bpf_dump.lo pcap-ring.lo -Wl,-soname -Wl,libpcap-0.9.3.so -o .libs/libpcap-0.9.3.so (cd .libs && rm -f libpcap.so && ln -s libpcap-0.9.3.so libpcap.so) ar
cru .libs/libpcap.a bpf_filter.o scanner.o grammar.o version.o pcap-linux.o fad-getad.o pcap.o inet.o gencode.o optimize.o nametoaddr.o etherent.o savefile.o bpf_image.o bpf_dump.o pcap-ring.o ranlib .libs/libpcap.a creating libpcap.la (cd .libs && rm -f libpcap.la && ln -s ../libpcap.la libpcap.la) cp .libs/libpcap.a libpcap.a make[1]: Leaving directory `/home/jmauntel/source/libpcap/libpcap-0.9.20060417' sudo make install make[1]: Entering directory `/home/jmauntel/source/libpcap/libpcap-0.9.20060417' /bin/sh ./config/mkinstalldirs /usr/lib /bin/sh ./libtool --mode=install /usr/bin/install -c libpcap.la /usr/lib/libpcap.la /usr/bin/install -c .libs/libpcap-0.9.3.so /usr/lib/libpcap-0.9.3.so (cd /usr/lib && rm -f libpcap.so && ln -s libpcap-0.9.3.so libpcap.so)
/usr/bin/install -c .libs/libpcap.lai /usr/lib/libpcap.la /usr/bin/install -c .libs/libpcap.a /usr/lib/libpcap.a ranlib /usr/lib/libpcap.a chmod 644 /usr/lib/libpcap.a PATH="$PATH:/sbin" ldconfig -n /usr/lib ---------------------------------------------------------------------- Libraries have been installed in: /usr/lib If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and specify the full pathname of the library, or use the `-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the `LD_LIBRARY_PATH' environment variable during execution - add LIBDIR to the `LD_RUN_PATH' environment variable during linking - use the `-Wl,--rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to `/etc/ld.so.conf' See any operating system documentation about shared libraries for more
information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- /bin/sh ./config/mkinstalldirs /usr/local/man/man3 /usr/bin/install -c -m 644 ./pcap.3 /usr/local/man/man3/pcap.3 make[1]: Leaving directory `/home/jmauntel/source/libpcap/libpcap-0.9.20060417' ldconfig -p | grep pcap libpcap-0.9.3.so (libc6) => /usr/lib/libpcap-0.9.3.so ls -la /usr/lib | grep pcap -rwxr-xr-x 1 root root 375850 Jan 24 12:46 libpcap-0.9.3.so -rw-r--r-- 1 root root 483168 Jan 24 12:46 libpcap.a -rwxr-xr-x 1 root root 708 Jan 24 12:46 libpcap.la lrwxrwxrwx 1 root root 16 Jan 24 12:46 libpcap.so -> libpcap-0.9.3.so ls -la /usr/include | grep pcap In /home/user/source/snort/snort ./configure --with-libpcap-library=/usr/lib checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking whether to enable maintainer-specific portions of Makefiles... no checking for style of include used by make... GNU checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using
the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking dependency style of gcc... gcc3 checking for ranlib... ranlib checking
for gcc... (cached) gcc checking whether we are using the GNU C compiler... (cached) yes checking whether gcc accepts -g... (cached) yes checking for gcc option to accept ANSI C... (cached) none needed checking dependency style of gcc... (cached) gcc3 checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking for a sed that does not truncate output... /bin/sed checking for egrep... grep -E checking for ld used by gcc... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld option to reload object files... -r checking
for BSD-compatible nm...
/usr/bin/nm -B checking whether ln -s works... yes checking how to recognise dependent libraries... pass_all checking how to run the C preprocessor... gcc -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for
memory.h...
yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking dlfcn.h usability... yes checking dlfcn.h presence... yes checking for
dlfcn.h... yes checking for g++... g++ checking whether we are using the GNU C++ compiler... yes checking whether g++ accepts -g... yes checking dependency style of g++... gcc3 checking how to run the C++ preprocessor... g++ -E checking for g77... no checking for f77... no checking for xlf... no checking for frt... no checking for pgf77... no
checking for fort77... no checking for fl32... no checking for af77... no checking for f90... no checking for xlf90... no checking for
pgf90...
no checking for epcf90... no checking for f95... no checking for
fort...
no checking for xlf95... no checking for ifc... no checking for efc... no checking for pgf95... no checking for lf95... no checking for gfortran... no checking whether we are using the GNU Fortran 77 compiler... no checking whether accepts -g... no checking the maximum
length of command line arguments... 32768 checking command to parse /usr/bin/nm -B output from gcc object... ok checking for objdir... .libs checking for ar... ar checking for ranlib... (cached) ranlib checking for strip... strip checking if gcc static flag works... yes checking if gcc supports -fno-rtti -fno-exceptions... no checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc supports -c -o file.o... yes checking whether the gcc linker (/usr/bin/ld) supports shared libraries... yes checking whether -lc should be explicitly linked in... no checking dynamic linker characteristics... GNU/Linux ld.so checking how to hardcode library paths into programs... immediate checking whether stripping libraries is possible... yes checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... yes configure: creating libtool appending configuration tag "CXX" to libtool checking for ld used by g++... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... g++yes checking whether the g++ linker (/usr/bin/ld) supports shared libraries... yes checking for g++ option to produce PIC... -fPIC checking if g++ PIC flag -fPIC works... yes checking if g++ supports -c -o file.o... yes checking whether the g++ linker (/usr/bin/ld) supports shared libraries... yes checking dynamic linker
characteristics...
GNU/Linux ld.so checking how to hardcode library paths into
programs...
immediate checking whether stripping libraries is possible... yes appending configuration tag "F77" to libtool checking whether byte ordering is bigendian... no checking for sparc alignment... no checking for strings.h... (cached) yes checking for string.h... (cached) yes checking for stdlib.h... (cached) yes checking for unistd.h... (cached) yes checking sys/sockio.h usability... no checking sys/sockio.h presence... no checking for sys/sockio.h... no checking paths.h usability... yes checking paths.h presence... yes checking for paths.h... yes checking for inet_ntoa in -lnsl... yes checking for socket in -lsocket... no checking whether printf must be declared... no checking whether fprintf must be declared... no checking whether syslog must be declared... no checking whether puts must be declared... no checking whether fputs must be declared... no checking whether fputc must be declared... no checking whether fopen must be declared... no checking whether fclose must be declared... no checking whether fwrite must be declared... no checking whether fflush
must be declared... no checking whether getopt must be declared... no checking whether bzero must be declared... no checking whether bcopy must be declared... no checking whether memset must be declared... no checking whether strtol must be declared... no checking whether
strcasecmp must be declared...
no checking whether strncasecmp must be declared... no checking whether strerror must be declared... no checking whether perror must be declared... no checking whether socket must be declared... no checking whether sendto must be declared... no checking whether vsnprintf must be declared... no checking whether snprintf must be declared... no checking whether strtoul must be declared... no checking for snprintf... yes checking for strlcpy... no checking for strlcat... no checking for strerror... yes checking for__FUNCTION__... yes checking for floor in -lm... yes checking for pcap_datalink in -lpcap... no ERROR! Libpcap library/headers not found, go get it from http://www.tcpdump.org or use the --with-libpcap-* options, if you have it installed in unusual place I did notice that on my production IDS servers that are running libpcap 0.8.3, the following differences from my dev system: ldconfig -p | grep pcap libpcap.so.0.8.3 (libc6) => /usr/lib/libpcap.so.0.8.3 libpcap.so (libc6) => /usr/lib/libpcap.so ls -la /usr/lib | grep pcap -rw-r--r-- 1 root root 204568 Jun 13 2005 libpcap.a lrwxrwxrwx 1 root root 16 Dec 30 2005 libpcap.so -> libpcap.so.0.8.3 lrwxrwxrwx 1 root root 16 Dec 30 2005 libpcap.so.0 -> libpcap.so.0.8.3 lrwxrwxrwx 1 root root 16 Dec 30 2005 libpcap.so.0.8 -> libpcap.so.0.8.3 -rwxr-xr-x 1 root root 139700 Jun 13 2005 libpcap.so.0.8.3 ls -la /usr/include | grep pcap -rw-r--r-- 1 root root 18979 Jun 13 2005 pcap-bpf.h -rw-r--r-- 1 root root 8472 Jun 13 2005 pcap.h -rw-r--r-- 1 root root 3326 Jun 13 2005 pcap-namedb.h -----Original Message----- From: Darryl Taylor [mailto:darryl.taylor () sourcefire com] Sent: Wednesday, January 24, 2007 11:41 AM To: IT Security Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems I just did a complete install as follows on my Dual Opteron running Gentoo 2.6.17-r8: libpcap (Phil Woods) ./configure --enable-shared make sudo make install (ensure /usr/local/lib is in ld.so.conf) sudo ldconfig snort (with the options I use) ./configure --with-libpcap-library=/usr/local/lib --enable-debug \ --enable-perfprofiling --enable-dynamicplugin make sudo make install ldd /usr/local/bin/snort libpcre.so.0 => /usr/lib/libpcre.so.0 (0x00002b3e9220e000) libpcap-0.9.3.so => /usr/local/lib/libpcap-0.9.3.so (0x00002b3e9232a000) libm.so.6 => /lib/libm.so.6 (0x00002b3e92459000) libnsl.so.1 => /lib/libnsl.so.1 (0x00002b3e925af000) libdl.so.2 => /lib/libdl.so.2 (0x00002b3e926c5000) libc.so.6 => /lib/libc.so.6 (0x00002b3e927c9000) /lib64/ld-linux-x86-64.so.2 (0x00002b3e920f2000) After this I had a working snort-2.6.1.2. Darryl Taylor IT Security wrote:I recompiled libpcap to use shared libraries and now have the following in /usr/lib:lrwxrwxrwx 1 root root 16 Jan 23 08:56 /usr/lib/libpcap-0.8.3.so->libpcap-0.9.3.so -rwxr-xr-x 1 root root 375850 Jan 23 09:00 /usr/lib/libpcap-0.9.3.so -rw-r--r-- 1 root root 483168 Jan 23 09:00 /usr/lib/libpcap.a -rwxr-xr-x 1 root root 792 Jan 23 09:00 /usr/lib/libpcap.la lrwxrwxrwx 1 root root 16 Jan 23 09:00 /usr/lib/libpcap.so -> libpcap-0.9.3.so lrwxrwxrwx 1 root root 16 Jan 23 09:02 /usr/lib/libpcap.so.0 -> libpcap-0.9.3.so lrwxrwxrwx 1 root root 16 Jan 23 09:03 /usr/lib/libpcap.so.0.8
->
libpcap-0.9.3.so lrwxrwxrwx 1 root root 16 Jan 23 09:03 /usr/lib/libpcap.so.0.8.3->libpcap-0.9.3.soI added the symlinks for libpcap 0.8.3 with hopes that it would help,
but it didn't.I have run ldconfig since reinstalling libpcap.Attempting to recompile snort and tcpdump both end with the result
of:
checking for strerror... yes checking for__FUNCTION__... yes checking for floor in -lm... yes checking for pcap_datalink in -lpcap... noERROR! Libpcap library/headers not found, go get it from http://www.tcpdump.org or use the --with-libpcap-* options, if you have it installed in unusual placeThis makes me think that I'm missing something accosiated withlibpcap.Any more ideas?Thanks in advance.- Jesse-----Original Message----- From: snort-users-bounces () lists sourceforge net [mailto:snort-users-bounces () lists sourceforge net] On Behalf Of IT Security Sent: Tuesday, January 23, 2007 8:11 AM To: Darryl Taylor Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Phil Wood Libpcap Installation ProblemsDarryl -Tried with no luck. Still get the same error../configure --with-libpcap-library=/usr/local/libThanks for the assistance.- Jesse-----Original Message----- From: Darryl Taylor [mailto:darryl.taylor () sourcefire com] Sent: Tuesday, January 23, 2007 8:00 AM To: darryl.taylor () sourcefire com Cc: IT Security; snort-users-bounces () lists sourceforge net; snort-users () lists sourceforge net Subject: Re: [Snort-users] Phil Wood Libpcap Installation ProblemsSorry bout that. Needed a little more sleep. It should be --with-libpcap-library=[your path]Darryl Taylor Security Engineer SOURCEfire Office: 404-474-8454 Cell: 404-783-2064 eFax: 404-521-4309Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6 Key: http://demo.sourcefire.com/dtaylor.pgp.keydarryl.taylor () sourcefire com wrote:Try ./configure --with-libpcap=/usr/local when compiling snort. If itstill fails then the library was probably compiled statically. If thatis the case, post back and I will tell you how to make it a shared object. I think I had this problem a few years ago.Sent from my Verizon Wireless BlackBerry -----Original Message----- From: "IT Security" <ITSEC () 24hourfit com> Date: Mon, 22 Jan 2007 17:46:59 To:<snort-users () lists sourceforge net> Subject: [Snort-users] Phil Wood Libpcap Installation Problems I'm trying to get Phil Wood's modified libpcap working on my Snort 2.6.1 sensor, but have run into some difficulties and hoping that someone out there can help. I've downloaded and extracted libpcap-0.9.20060417.tar.gz. I thenrun:./configure make make install I then downloaded and extracted snort-2.6.1.1.tar.gz. I then run: ./configure make That's where it blows up. Here is the error: <snip> checking for pcap_datalink in -lpcap... no ERROR! Libpcap library/headers not found, go get it from http://www.tcpdump.org or use the --with-libpcap-* options, if you have it installed in unusual place </snip> Any ideas why the headers would be missing? Header files are identified with the .h extension correct? Where are these supposed to reside on the system? I'm running CentOS 4 with 2.6.9-42.0.3.EL kernel. Thanks in advance. - Jesse -------------------------------------------------------------------- - - --- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D E V DEV_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -------------------------------------------------------------------- - - --- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D E V DEV_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users- ---------------------------------------------------------------------- -- - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn
cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV DE V _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users - ---------------------------------------------------------------------- -- - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn
cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV DE V _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFvTrp4lpqfBbyaLYRAmehAJ9LIYZRNT6WV+Qr3XKAngUhO3PV4gCeKJZI oMbqaMTufz41iFQkVmJUSHw= =jQOZ -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Phil Wood Libpcap Installation Problems, (continued)
- Re: Phil Wood Libpcap Installation Problems Darryl Taylor (Jan 23)
- Re: Phil Wood Libpcap Installation Problems IT Security (Jan 23)
- Re: Phil Wood Libpcap Installation Problems IT Security (Jan 23)
- Re: Phil Wood Libpcap Installation Problems Darryl Taylor (Jan 24)
- Re: Phil Wood Libpcap Installation Problems Gentoo-Wally (Jan 31)
- Re: Phil Wood Libpcap Installation Problems Jason (Jan 31)
- Message not available
- Message not available
- Re: Phil Wood Libpcap Installation Problems Gentoo-Wally (Feb 01)
- Re: Phil Wood Libpcap Installation Problems Darryl Taylor (Jan 23)
- Re: Phil Wood Libpcap Installation Problems Darryl Taylor (Feb 01)
- Re: Phil Wood Libpcap Installation Problems Stephen John Smoogen (Feb 01)