Snort mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Phil Wood Libpcap Installation Problems

From: "IT Security" <ITSEC () 24hourfit com>
Date: Thu, 1 Feb 2007 14:46:31 -0800
 

-----Original Message-----
From: IT Security 
Sent: Monday, January 29, 2007 10:56 PM
To: 'Darryl Taylor'
Subject: RE: [Snort-users] Phil Wood Libpcap Installation Problems

Darryl -

Thanks for all of the help.  Your advice below seems to be right on with
what I found.  For whatever reason, libpcap seems to compile and install
just fine using yacc, however, it causes the snort compile to blow up.
After installing bison, all seemed to go well.  Interesting...

FYI, I am not running in Vmware or on a 64bit system.

I'm pretty sure that bison is part of the standard build of
Redhat/CentOS, but it seems to not be part of our minimal system
configuration.  From my experience, I haven't run across too many
organizations that actually only install what they need on their
systems, so I'd be willing to bet that's why this hasn't surfaced
before.

...or I'm just an idiot and didn't know that I needed bison...

Anyway, thanks again for the help.  Snort is gobbling up the traffic
now!



-----Original Message-----
From: Darryl Taylor [mailto:darryl.taylor () sourcefire com]
Sent: Sunday, January 28, 2007 4:08 PM
To: IT Security
Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I built a CentOS 4.4 Server VM. Besides having a few packages missing to
complete the compile, I didn't have a problem. What exact dot release
are you running.

I have attached my typescript from the build in case you can see
anything that might be different from your build. One package that
wasn't required but there was a complaint about was bison. Software
seems to like flex/bison instead of lex/yacc. I looked in your
./configure for pcap and you don't appear to have bison installed so
your build process reverts to lex/yacc.

So try installing bison and we will be on a level playing field. Other
than that, I can't see anything wrong. Do you have VMWare running? Are
you running on a 64bit system?

We will figure this out. Can you attach your config.log from libpcap and
snort.

Thx.

Darryl Taylor
Security Engineer
SOURCEfire

Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6
Key: http://demo.sourcefire.com/dtaylor.pgp.key




IT Security wrote:

Thanks for the help.  I appreciate it. 

-----Original Message-----
From: darryl.taylor () sourcefire com
[mailto:darryl.taylor () sourcefire com]

Sent: Wednesday, January 24, 2007 6:19 PM
To: IT Security
Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems

I am gonna have to replicate your environment using CentOS 4 in a VM.
I'm a little busy so it will take me a few days.

Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: "IT Security" <ITSEC () 24hourfit com>
Date: Wed, 24 Jan 2007 13:05:17
To:"Darryl Taylor" <darryl.taylor () sourcefire com>
Subject: RE: [Snort-users] Phil Wood Libpcap Installation Problems

I totally get that.  Here is EXACTLY what I'm doing. 

In /home/user/source/libpcap/libpcap

./configure --enable-shared --libdir=/usr/lib

checking for a BSD-compatible install... /usr/bin/install -c checking 
whether build environment is sane... yes checking for gawk... gawk 
checking whether make sets $(MAKE)... yes checking build system

type...

i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu 
checking for style of include used by make... GNU checking for gcc...
gcc checking for C compiler default output... a.out checking whether 
the C compiler works... yes checking whether we are cross compiling...
no checking for suffix of executables...
checking for suffix of object files... o checking whether we are using



the GNU C compiler... yes checking whether gcc accepts -g... yes 
checking for gcc option to accept ANSI C... none needed checking 
dependency style of gcc... none checking gcc version... 3 checking for



gawk... (cached) gawk checking for gcc... (cached) gcc checking 
whether we are using the GNU C compiler... (cached) yes checking 
whether gcc accepts -g... (cached) yes checking for gcc option to

accept ANSI C...

(cached) none needed checking dependency style of gcc... (cached) none



checking for a BSD-compatible install... /usr/bin/install -c checking 
whether ln -s works... yes checking for bison... no checking for 
byacc... byacc checking for ld used by GCC... /usr/bin/ld checking if 
the linker (/usr/bin/ld) is GNU ld... yes checking for /usr/bin/ld 
option to reload object files... -r checking for BSD-compatible nm...
/usr/bin/nm -B checking for a sed that does not truncate output...
/bin/sed checking how to recognise dependent libraries... pass_all 
checking command to parse /usr/bin/nm -B output... ok checking how to 
run the C preprocessor... gcc -E checking for egrep... grep -E 
checking for ANSI C header files... yes checking for sys/types.h...
yes checking for sys/stat.h... yes checking for stdlib.h... yes 
checking for string.h... yes checking for memory.h... yes checking for

strings.h...

yes checking for inttypes.h... yes checking for stdint.h... yes 
checking for unistd.h... yes checking dlfcn.h usability... yes 
checking dlfcn.h presence... yes checking for dlfcn.h... yes checking

for ranlib...

ranlib checking for strip... strip checking for objdir... .libs 
checking for gcc option to produce PIC... -fPIC checking if gcc PIC 
flag -fPIC works... yes checking if gcc static flag -static works...
yes checking if gcc supports -c -o file.o... yes checking if gcc 
supports -c -o file.lo... yes checking if gcc supports -fno-rtti 
-fno-exceptions... yes checking whether the linker (/usr/bin/ld)

supports shared libraries...

yes checking how to hardcode library paths into programs... immediate 
checking whether stripping libraries is possible... yes checking 
dynamic linker characteristics... GNU/Linux ld.so checking if libtool 
supports shared libraries... yes checking whether to build shared

libraries...

yes checking whether to build static libraries... yes checking whether



-lc should be explicitly linked in... no creating libtool checking for



ANSI C header files... (cached) yes checking for dirent.h that defines



DIR... yes checking for library containing opendir... none required 
checking sys/ioccom.h usability... no checking sys/ioccom.h

presence...

no checking for sys/ioccom.h... no checking sys/sockio.h usability... 
no checking sys/sockio.h presence... no checking for sys/sockio.h... 
no checking ifaddrs.h usability... yes checking ifaddrs.h presence... 
yes checking for ifaddrs.h... yes checking limits.h usability... yes 
checking limits.h presence... yes checking for limits.h... yes 
checking for netinet/if_ether.h... yes checking for inline... inline 
checking for __attribute__... yes checking for ANSI ioctl 
definitions... yes checking for u_int8_t using gcc... yes checking for



u_int16_t using gcc... yes checking for u_int32_t using gcc... yes 
checking for an ANSI C-conforming const... yes checking for inline...
inline checking for off_t... yes checking for pid_t... yes checking 
for size_t... yes checking for struct stat.st_rdev... yes checking 
whether time.h and sys/time.h may both be included... yes checking 
whether struct tm is in sys/time.h or time.h... time.h checking 
whether gcc needs -traditional... no checking whether sys/types.h 
defines makedev... yes checking return type of signal handlers... void



checking for ether_hostton... yes checking for strerror... yes 
checking for strlcpy... no checking whether ether_hostton is 
declared... no checking netinet/ether.h usability... yes checking

netinet/ether.h presence...

yes checking for netinet/ether.h... yes checking whether ether_hostton



is declared... yes checking for vsnprintf... yes checking for 
snprintf... yes checking if --disable-protochain option is

specified...

enabled checking packet capture type... linux checking generating 
other os sources... pcap-bpf.c pcap-pf.c pcap-enet.c pcap-snit.c 
pcap-nit.c pcap-snoop.c pcap-dlpi.c pcap-enet.c pcap-null.c pcap-dag.c



pcap-win32.c pcap-dos.c pcap-septel.c checking for getifaddrs... yes 
checking if
--enable-ipv6 option is specified... no checking whether to build 
optimizer debugging code... no checking whether to build parser 
debugging code... no checking Linux kernel version... 2 checking if 
if_packet.h has tpacket_stats defined... yes checking if if_packet.h 
allows shared memory ring buffer... yes checking if hardware supports 
64bit longs... yes checking whether we have /proc/net/dev... yes 
checking whether we have DAG API headers... no (/usr/local/include) 
checking whether we have Septel API... no checking for flex... flex 
checking for flex 2.4 or higher... yes checking for bison... no
configure: WARNING: don't have both flex and bison; reverting to 
lex/yacc checking for capable lex... yes checking if sockaddr struct 
has sa_len member... no checking if sockaddr_storage struct exists...
yes checking if dl_hp_ppa_info_t struct has dl_module_id_1 member... 
no checking if unaligned accesses fail... no checking for a 
BSD-compatible install... /usr/bin/install -c
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands

make

make
make  all-am
make[1]: Entering directory
`/home/jmauntel/source/libpcap/libpcap-0.9.20060417'
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o bpf_filter.lo `test -f 'bpf_filter.c' || echo './'`bpf_filter.c 
mkdir .libs gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



bpf_filter.c  -fPIC -DPIC -o .libs/bpf_filter.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



bpf_filter.c -o bpf_filter.o >/dev/null 2>&1 mv -f .libs/bpf_filter.lo



bpf_filter.lo rm -f grammar.c make grammar.o
make[2]: Entering directory
`/home/jmauntel/source/libpcap/libpcap-0.9.20060417'
yacc -d ./grammar.y
mv y.tab.c grammar.c
mv y.tab.h tokdefs.h
gcc -DHAVE_CONFIG_H  -D_U_="__attribute__((unused))"

-D_LARGEFILE_SOURCE

-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c `test -f 'grammar.c' || echo './'`grammar.c
make[2]: Leaving directory
`/home/jmauntel/source/libpcap/libpcap-0.9.20060417'
lex -t scanner.l > $$.scanner.c; mv $$.scanner.c scanner.c /bin/sh 
./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o scanner.lo `test -f 'scanner.c' || echo './'`scanner.c rm -f 
.libs/scanner.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



scanner.c  -fPIC -DPIC -o .libs/scanner.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



scanner.c -o scanner.o >/dev/null 2>&1 mv -f .libs/scanner.lo 
scanner.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o grammar.lo `test -f 'grammar.c' || echo './'`grammar.c rm -f 
.libs/grammar.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



grammar.c  -fPIC -DPIC -o .libs/grammar.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



grammar.c -o grammar.o >/dev/null 2>&1 mv -f .libs/grammar.lo 
grammar.lo sed -n -e 's/.*/static const char pcap_version_string[] = 
"libpcap version &";/p' ./VERSION > version.h echo `cat ./VERSION` | \
          sed -e 's/.*/char pcap_version[] = "&";/' > version.c 
/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o version.lo `test -f 'version.c' || echo './'`version.c rm -f 
.libs/version.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



version.c  -fPIC -DPIC -o .libs/version.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



version.c -o version.o >/dev/null 2>&1 mv -f .libs/version.lo 
version.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o pcap-linux.lo `test -f 'pcap-linux.c' || echo './'`pcap-linux.c 
rm -f .libs/pcap-linux.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



pcap-linux.c  -fPIC -DPIC -o .libs/pcap-linux.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



pcap-linux.c -o pcap-linux.o >/dev/null 2>&1 mv -f .libs/pcap-linux.lo



pcap-linux.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o fad-getad.lo `test -f 'fad-getad.c' || echo './'`fad-getad.c rm 
-f .libs/fad-getad.lo gcc -DHAVE_CONFIG_H

"-D_U_=__attribute__((unused))"

-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



fad-getad.c  -fPIC -DPIC -o .libs/fad-getad.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



fad-getad.c -o fad-getad.o >/dev/null 2>&1 mv -f .libs/fad-getad.lo 
fad-getad.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o pcap.lo `test -f 'pcap.c' || echo './'`pcap.c rm -f 
.libs/pcap.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



pcap.c  -fPIC -DPIC -o .libs/pcap.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



pcap.c -o pcap.o >/dev/null 2>&1 mv -f .libs/pcap.lo pcap.lo /bin/sh 
./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o inet.lo `test -f 'inet.c' || echo './'`inet.c rm -f 
.libs/inet.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



inet.c  -fPIC -DPIC -o .libs/inet.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



inet.c -o inet.o >/dev/null 2>&1 mv -f .libs/inet.lo inet.lo /bin/sh 
./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o gencode.lo `test -f 'gencode.c' || echo './'`gencode.c rm -f 
.libs/gencode.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



gencode.c  -fPIC -DPIC -o .libs/gencode.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



gencode.c -o gencode.o >/dev/null 2>&1 mv -f .libs/gencode.lo 
gencode.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o optimize.lo `test -f 'optimize.c' || echo './'`optimize.c rm -f 
.libs/optimize.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



optimize.c  -fPIC -DPIC -o .libs/optimize.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



optimize.c -o optimize.o >/dev/null 2>&1 mv -f .libs/optimize.lo 
optimize.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o nametoaddr.lo `test -f 'nametoaddr.c' || echo './'`nametoaddr.c 
rm -f .libs/nametoaddr.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



nametoaddr.c  -fPIC -DPIC -o .libs/nametoaddr.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



nametoaddr.c -o nametoaddr.o >/dev/null 2>&1 mv -f .libs/nametoaddr.lo



nametoaddr.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o etherent.lo `test -f 'etherent.c' || echo './'`etherent.c rm -f 
.libs/etherent.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



etherent.c  -fPIC -DPIC -o .libs/etherent.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



etherent.c -o etherent.o >/dev/null 2>&1 mv -f .libs/etherent.lo 
etherent.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o savefile.lo `test -f 'savefile.c' || echo './'`savefile.c rm -f 
.libs/savefile.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



savefile.c  -fPIC -DPIC -o .libs/savefile.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



savefile.c -o savefile.o >/dev/null 2>&1 mv -f .libs/savefile.lo 
savefile.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o bpf_image.lo `test -f 'bpf_image.c' || echo './'`bpf_image.c rm 
-f .libs/bpf_image.lo gcc -DHAVE_CONFIG_H

"-D_U_=__attribute__((unused))"

-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



bpf_image.c  -fPIC -DPIC -o .libs/bpf_image.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



bpf_image.c -o bpf_image.o >/dev/null 2>&1 mv -f .libs/bpf_image.lo 
bpf_image.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o bpf_dump.lo `test -f 'bpf_dump.c' || echo './'`bpf_dump.c rm -f 
.libs/bpf_dump.lo gcc -DHAVE_CONFIG_H "-D_U_=__attribute__((unused))"
-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



bpf_dump.c  -fPIC -DPIC -o .libs/bpf_dump.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



bpf_dump.c -o bpf_dump.o >/dev/null 2>&1 mv -f .libs/bpf_dump.lo 
bpf_dump.lo /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H 
-D_U_="__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I.    -g -O2
-c -o pcap-ring.lo `test -f 'pcap-ring.c' || echo './'`pcap-ring.c rm 
-f .libs/pcap-ring.lo gcc -DHAVE_CONFIG_H

"-D_U_=__attribute__((unused))"

-D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



pcap-ring.c  -fPIC -DPIC -o .libs/pcap-ring.lo gcc -DHAVE_CONFIG_H 
"-D_U_=__attribute__((unused))" -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I. -I. -g -O2 -c



pcap-ring.c -o pcap-ring.o >/dev/null 2>&1 mv -f .libs/pcap-ring.lo 
pcap-ring.lo
/bin/sh ./libtool --mode=link gcc  -g -O2   -o libpcap.la -rpath
/usr/lib -release 0.9.3 bpf_filter.lo scanner.lo grammar.lo version.lo



pcap-linux.lo fad-getad.lo pcap.lo inet.lo gencode.lo optimize.lo 
nametoaddr.lo etherent.lo savefile.lo bpf_image.lo bpf_dump.lo 
pcap-ring.lo rm -fr .libs/libpcap.la .libs/libpcap.*
.libs/libpcap-0.9.3.* gcc -shared  bpf_filter.lo scanner.lo grammar.lo



version.lo pcap-linux.lo fad-getad.lo pcap.lo inet.lo gencode.lo 
optimize.lo nametoaddr.lo etherent.lo savefile.lo bpf_image.lo 
bpf_dump.lo
pcap-ring.lo   -Wl,-soname -Wl,libpcap-0.9.3.so -o
.libs/libpcap-0.9.3.so
(cd .libs && rm -f libpcap.so && ln -s libpcap-0.9.3.so libpcap.so) ar



cru .libs/libpcap.a  bpf_filter.o scanner.o grammar.o version.o 
pcap-linux.o fad-getad.o pcap.o inet.o gencode.o optimize.o 
nametoaddr.o etherent.o savefile.o bpf_image.o bpf_dump.o pcap-ring.o 
ranlib .libs/libpcap.a creating libpcap.la (cd .libs && rm -f 
libpcap.la && ln -s ../libpcap.la libpcap.la) cp .libs/libpcap.a 
libpcap.a
make[1]: Leaving directory
`/home/jmauntel/source/libpcap/libpcap-0.9.20060417'

sudo make install

make[1]: Entering directory
`/home/jmauntel/source/libpcap/libpcap-0.9.20060417'
/bin/sh ./config/mkinstalldirs /usr/lib  /bin/sh ./libtool 
--mode=install /usr/bin/install -c  libpcap.la /usr/lib/libpcap.la 
/usr/bin/install -c .libs/libpcap-0.9.3.so /usr/lib/libpcap-0.9.3.so 
(cd /usr/lib && rm -f libpcap.so && ln -s libpcap-0.9.3.so libpcap.so)



/usr/bin/install -c .libs/libpcap.lai /usr/lib/libpcap.la 
/usr/bin/install -c .libs/libpcap.a /usr/lib/libpcap.a ranlib 
/usr/lib/libpcap.a chmod 644 /usr/lib/libpcap.a PATH="$PATH:/sbin"
ldconfig -n /usr/lib
----------------------------------------------------------------------
Libraries have been installed in:
   /usr/lib

If you ever happen to want to link against installed libraries in a 
given directory, LIBDIR, you must either use libtool, and specify the 
full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for more



information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
/bin/sh ./config/mkinstalldirs /usr/local/man/man3  /usr/bin/install 
-c -m 644 ./pcap.3 /usr/local/man/man3/pcap.3
make[1]: Leaving directory
`/home/jmauntel/source/libpcap/libpcap-0.9.20060417'


ldconfig -p | grep pcap
        libpcap-0.9.3.so (libc6) => /usr/lib/libpcap-0.9.3.so

ls -la /usr/lib | grep pcap
-rwxr-xr-x    1 root root  375850 Jan 24 12:46 libpcap-0.9.3.so
-rw-r--r--    1 root root  483168 Jan 24 12:46 libpcap.a
-rwxr-xr-x    1 root root     708 Jan 24 12:46 libpcap.la
lrwxrwxrwx    1 root root      16 Jan 24 12:46 libpcap.so ->
libpcap-0.9.3.so

ls -la /usr/include | grep pcap


In /home/user/source/snort/snort

./configure --with-libpcap-library=/usr/lib      

checking for a BSD-compatible install... /usr/bin/install -c checking 
whether build environment is sane... yes checking for gawk... gawk 
checking whether make sets $(MAKE)... yes checking whether to enable 
maintainer-specific portions of Makefiles... no checking for style of 
include used by make... GNU checking for gcc... gcc checking for C 
compiler default output file name... a.out checking whether the C 
compiler works... yes checking whether we are cross compiling... no 
checking for suffix of executables...
checking for suffix of object files... o checking whether we are using



the GNU C compiler... yes checking whether gcc accepts -g... yes 
checking for gcc option to accept ANSI C... none needed checking 
dependency style of gcc... gcc3 checking for ranlib... ranlib checking



for gcc... (cached) gcc checking whether we are using the GNU C 
compiler... (cached) yes checking whether gcc accepts -g... (cached) 
yes checking for gcc option to accept ANSI C... (cached) none needed 
checking dependency style of gcc... (cached) gcc3 checking build 
system type... i686-pc-linux-gnu checking host system type...
i686-pc-linux-gnu checking for a sed that does not truncate output... 
/bin/sed checking for egrep... grep -E checking for ld used by gcc... 
/usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... yes 
checking for /usr/bin/ld option to reload object files... -r checking

for BSD-compatible nm...

/usr/bin/nm -B checking whether ln -s works... yes checking how to 
recognise dependent libraries... pass_all checking how to run the C 
preprocessor... gcc -E checking for ANSI C header files... yes 
checking for sys/types.h... yes checking for sys/stat.h... yes 
checking for stdlib.h... yes checking for string.h... yes checking for

memory.h...

yes checking for strings.h... yes checking for inttypes.h... yes 
checking for stdint.h... yes checking for unistd.h... yes checking 
dlfcn.h usability... yes checking dlfcn.h presence... yes checking for



dlfcn.h... yes checking for g++... g++ checking whether we are using 
the GNU C++ compiler... yes checking whether g++ accepts -g... yes 
checking dependency style of g++... gcc3 checking how to run the C++ 
preprocessor... g++ -E checking for g77... no checking for f77... no 
checking for xlf... no checking for frt... no checking for pgf77... no



checking for fort77... no checking for fl32... no checking for af77...
no checking for f90... no checking for xlf90... no checking for

pgf90...

no checking for epcf90... no checking for f95... no checking for

fort...

no checking for xlf95... no checking for ifc... no checking for efc...
no checking for pgf95... no checking for lf95... no checking for 
gfortran... no checking whether we are using the GNU Fortran 77 
compiler... no checking whether  accepts -g... no checking the maximum



length of command line arguments... 32768 checking command to parse 
/usr/bin/nm -B output from gcc object... ok checking for objdir...
.libs checking for ar... ar checking for ranlib... (cached) ranlib 
checking for strip... strip checking if gcc static flag  works... yes 
checking if gcc supports -fno-rtti -fno-exceptions... no checking for 
gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC 
works... yes checking if gcc supports -c -o file.o... yes checking 
whether the gcc linker (/usr/bin/ld) supports shared libraries... yes 
checking whether -lc should be explicitly linked in... no checking 
dynamic linker characteristics... GNU/Linux ld.so checking how to 
hardcode library paths into programs... immediate checking whether 
stripping libraries is possible... yes checking if libtool supports 
shared libraries... yes checking whether to build shared libraries...
yes checking whether to build static libraries... yes
configure: creating libtool
appending configuration tag "CXX" to libtool checking for ld used by
g++... /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... 
g++yes
checking whether the g++ linker (/usr/bin/ld) supports shared 
libraries... yes checking for g++ option to produce PIC... -fPIC 
checking if g++ PIC flag -fPIC works... yes checking if g++ supports 
-c -o file.o... yes checking whether the g++ linker (/usr/bin/ld) 
supports shared libraries... yes checking dynamic linker

characteristics...

GNU/Linux ld.so checking how to hardcode library paths into

programs...

immediate checking whether stripping libraries is possible... yes 
appending configuration tag "F77" to libtool checking whether byte 
ordering is bigendian... no checking for sparc alignment... no 
checking for strings.h... (cached) yes checking for string.h...
(cached) yes checking for stdlib.h... (cached) yes checking for 
unistd.h... (cached) yes checking sys/sockio.h usability... no 
checking sys/sockio.h presence... no checking for sys/sockio.h... no 
checking paths.h usability... yes checking paths.h presence... yes 
checking for paths.h... yes checking for inet_ntoa in -lnsl... yes 
checking for socket in -lsocket... no checking whether printf must be 
declared... no checking whether fprintf must be declared... no 
checking whether syslog must be declared... no checking whether puts 
must be declared... no checking whether fputs must be declared... no 
checking whether fputc must be declared... no checking whether fopen 
must be declared... no checking whether fclose must be declared... no 
checking whether fwrite must be declared... no checking whether fflush



must be declared... no checking whether getopt must be declared... no 
checking whether bzero must be declared... no checking whether bcopy 
must be declared... no checking whether memset must be declared... no 
checking whether strtol must be declared... no checking whether

strcasecmp must be declared...

no checking whether strncasecmp must be declared... no checking 
whether strerror must be declared... no checking whether perror must 
be declared... no checking whether socket must be declared... no 
checking whether sendto must be declared... no checking whether 
vsnprintf must be declared... no checking whether snprintf must be 
declared... no checking whether strtoul must be declared... no 
checking for snprintf... yes checking for strlcpy... no checking for 
strlcat... no checking for strerror... yes checking for__FUNCTION__...
yes checking for floor in -lm... yes checking for pcap_datalink in 
-lpcap... no

   ERROR!  Libpcap library/headers not found, go get it from
   http://www.tcpdump.org
   or use the --with-libpcap-* options, if you have it installed
   in unusual place





I did notice that on my production IDS servers that are running 
libpcap 0.8.3, the following differences from my dev system:

ldconfig -p | grep pcap
        libpcap.so.0.8.3 (libc6) => /usr/lib/libpcap.so.0.8.3
        libpcap.so (libc6) => /usr/lib/libpcap.so

ls -la /usr/lib | grep pcap
-rw-r--r--    1 root root   204568 Jun 13  2005 libpcap.a
lrwxrwxrwx    1 root root       16 Dec 30  2005 libpcap.so ->
libpcap.so.0.8.3
lrwxrwxrwx    1 root root       16 Dec 30  2005 libpcap.so.0 ->
libpcap.so.0.8.3
lrwxrwxrwx    1 root root       16 Dec 30  2005 libpcap.so.0.8 ->
libpcap.so.0.8.3
-rwxr-xr-x    1 root root   139700 Jun 13  2005 libpcap.so.0.8.3

ls -la /usr/include | grep pcap   
-rw-r--r--   1 root root  18979 Jun 13  2005 pcap-bpf.h
-rw-r--r--   1 root root   8472 Jun 13  2005 pcap.h
-rw-r--r--   1 root root   3326 Jun 13  2005 pcap-namedb.h




















-----Original Message-----
From: Darryl Taylor [mailto:darryl.taylor () sourcefire com]
Sent: Wednesday, January 24, 2007 11:41 AM
To: IT Security
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems

I just did a complete install as follows on my Dual Opteron running 
Gentoo 2.6.17-r8:

libpcap (Phil Woods)
./configure --enable-shared
make
sudo make install

(ensure /usr/local/lib is in ld.so.conf) sudo ldconfig



snort (with the options I use)
./configure --with-libpcap-library=/usr/local/lib --enable-debug \ 
--enable-perfprofiling --enable-dynamicplugin make sudo make install

ldd /usr/local/bin/snort
      libpcre.so.0 => /usr/lib/libpcre.so.0 (0x00002b3e9220e000)
      libpcap-0.9.3.so => /usr/local/lib/libpcap-0.9.3.so
(0x00002b3e9232a000)
        libm.so.6 => /lib/libm.so.6 (0x00002b3e92459000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x00002b3e925af000)
        libdl.so.2 => /lib/libdl.so.2 (0x00002b3e926c5000)
        libc.so.6 => /lib/libc.so.6 (0x00002b3e927c9000)
        /lib64/ld-linux-x86-64.so.2 (0x00002b3e920f2000)

After this I had a working snort-2.6.1.2.


Darryl Taylor


IT Security wrote:

I recompiled libpcap to use shared libraries and now have the 
following in /usr/lib:



lrwxrwxrwx  1 root root     16 Jan 23 08:56 /usr/lib/libpcap-0.8.3.so

->

libpcap-0.9.3.so
-rwxr-xr-x  1 root root 375850 Jan 23 09:00 /usr/lib/libpcap-0.9.3.so
-rw-r--r--  1 root root 483168 Jan 23 09:00 /usr/lib/libpcap.a
-rwxr-xr-x  1 root root    792 Jan 23 09:00 /usr/lib/libpcap.la
lrwxrwxrwx  1 root root     16 Jan 23 09:00 /usr/lib/libpcap.so ->
libpcap-0.9.3.so
lrwxrwxrwx  1 root root     16 Jan 23 09:02 /usr/lib/libpcap.so.0 ->
libpcap-0.9.3.so
lrwxrwxrwx  1 root root     16 Jan 23 09:03 /usr/lib/libpcap.so.0.8

->

libpcap-0.9.3.so
lrwxrwxrwx  1 root root     16 Jan 23 09:03 /usr/lib/libpcap.so.0.8.3

->

libpcap-0.9.3.so



I added the symlinks for libpcap 0.8.3 with hopes that it would help,



but it didn't.



I have run ldconfig since reinstalling libpcap.



Attempting to recompile snort and tcpdump both end with the result

of:



checking for strerror... yes
checking for__FUNCTION__... yes
checking for floor in -lm... yes
checking for pcap_datalink in -lpcap... no



   ERROR!  Libpcap library/headers not found, go get it from
   http://www.tcpdump.org
   or use the --with-libpcap-* options, if you have it installed
   in unusual place



This makes me think that I'm missing something accosiated with

libpcap.

Any more ideas?



Thanks in advance.



- Jesse







-----Original Message-----
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net] On Behalf Of IT 
Security
Sent: Tuesday, January 23, 2007 8:11 AM
To: Darryl Taylor
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems



Darryl -



Tried with no luck.  Still get the same error.



./configure --with-libpcap-library=/usr/local/lib



Thanks for the assistance.



- Jesse





-----Original Message-----
From: Darryl Taylor [mailto:darryl.taylor () sourcefire com]
Sent: Tuesday, January 23, 2007 8:00 AM
To: darryl.taylor () sourcefire com
Cc: IT Security; snort-users-bounces () lists sourceforge net;
snort-users () lists sourceforge net
Subject: Re: [Snort-users] Phil Wood Libpcap Installation Problems



Sorry bout that. Needed a little more sleep. It should be 
--with-libpcap-library=[your path]





Darryl Taylor
Security Engineer
SOURCEfire
Office: 404-474-8454
Cell:   404-783-2064
eFax:   404-521-4309



Fingerprint: AEA7 16DB 2DC3 0C3E 43A9 F1B6 E25A 6A7C 16F2 68B6
Key: http://demo.sourcefire.com/dtaylor.pgp.key






darryl.taylor () sourcefire com wrote:

Try ./configure --with-libpcap=/usr/local when compiling snort. If 
it

still fails then the library was probably compiled statically. If 
that



is the case, post back and I will tell you how to make it a shared 
object. I think I had this problem a few years ago.

Sent from my Verizon Wireless BlackBerry -----Original Message-----
From: "IT Security" <ITSEC () 24hourfit com>
Date: Mon, 22 Jan 2007 17:46:59
To:<snort-users () lists sourceforge net>
Subject: [Snort-users] Phil Wood Libpcap Installation Problems I'm 
trying to get Phil Wood's modified libpcap working on my Snort
2.6.1 sensor, but have run into some difficulties and hoping that 
someone out there can help.
I've downloaded and extracted libpcap-0.9.20060417.tar.gz.  I then

run:

   ./configure
   make
   make install
I then downloaded and extracted snort-2.6.1.1.tar.gz.  I then run:
   ./configure
   make
That's where it blows up.  Here is the error:
<snip>
checking for pcap_datalink in -lpcap... no
   ERROR!  Libpcap library/headers not found, go get it from
   http://www.tcpdump.org
   or use the --with-libpcap-* options, if you have it installed
   in unusual place
</snip>
Any ideas why the headers would be missing?  Header files are 
identified with the .h extension correct?  Where are these supposed 
to reside on the system?
I'm running CentOS 4 with 2.6.9-42.0.3.EL kernel.
Thanks in advance.
- Jesse
--------------------------------------------------------------------
-
-
--- Take Surveys. Earn Cash. Influence the Future of IT Join 
SourceForge.net's Techsay panel and you'll get the chance to share 
your opinions on IT & business topics through brief surveys - and 
earn cash 
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D
E V DEV_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------------------------------
-
-
--- Take Surveys. Earn Cash. Influence the Future of IT Join 
SourceForge.net's Techsay panel and you'll get the chance to share 
your opinions on IT & business topics through brief surveys - and 
earn cash 
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D
E V DEV_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-
----------------------------------------------------------------------
--
-
Take Surveys. Earn Cash. Influence the Future of IT Join 
SourceForge.net's Techsay panel and you'll get the chance to share 
your opinions on IT & business topics through brief surveys - and earn



cash 
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV
DE
V
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-
----------------------------------------------------------------------
--
-
Take Surveys. Earn Cash. Influence the Future of IT Join 
SourceForge.net's Techsay panel and you'll get the chance to share 
your opinions on IT & business topics through brief surveys - and earn



cash 
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEV
DE
V
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFvTrp4lpqfBbyaLYRAmehAJ9LIYZRNT6WV+Qr3XKAngUhO3PV4gCeKJZI
oMbqaMTufz41iFQkVmJUSHw=
=jQOZ
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: