Home page logo

snort logo Snort mailing list archives

Re: snort-2.9.0 on RHEL5
From: Michael Altizer <xiche () verizon net>
Date: Fri, 08 Oct 2010 01:52:32 -0400

  On 10/08/2010 12:34 AM, waldo kitty wrote:
On 10/8/2010 00:08, Jason Haar wrote:
   Hi there

So far snort pre-2.9 has compiled just fine on RHEL5 systems, but with
the new requirement for libpcap-1.0, that is no longer the case. We'll
have to port that from Fedora or something.
there's nothing to port, really... you should be able to grab the libpcap
sources from www.tcpdump.net (IIRC) and go from there... that's what i did in
this custom environment i'm working in... i did have some other mess to deal
with trying to get thru this but i was finally successful... and after all of
that, i still can't test 2.9.0 in my environment because of the below...

Has anyone done that yet, and are there any war-stories about it killing
tcpdump or any other app that depended on pre-1.0 libpcap? Do they all
need to be recompiled too?
that's what i've been wondering since my foray into 2.9.0... tcpdump, iftop, and
ppp are at least three that are built against libpcap... i'm looking at the
war-stories boat same as you because i definitely cannot loose my PPP DSL
connection to some stupid library snafu :
Conveniently enough, the new and old LibPCAP libraries can coexist on 
the same system due to the change in library major number, so old 
binaries can continue on with life just fine.  Just make sure that you 
only have development files (headers, static library, and .so symlink) 
for the version of LibPCAP that you want to build against.

For example:
     /usr/lib/libpcap.a (libpcap 1.1.1 static archive)
     /usr/lib/libpcap.so -> libpcap.so.1* (library that things compiled 
dynamically against -lpcap will link with)
     /usr/lib/libpcap.so.1 -> libpcap.so.1.1.1*
     /usr/lib/libpcap.so.0 -> libpcap.so.0.9.8* (binaries compiled 
against this version can still dynamically link at runtime)


Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]