Snort mailing list archives

Re: Snort with PF_RING - Compile question

From: Eugenio Pérez <eupm90 () gmail com>
Date: Mon, 18 Apr 2016 20:46:49 +0200

Hi Chris!

You need to link also with pfring userspace library (-lpfring). Please let
me know if you need more help with this. I hope this answer is not late!

Regards.

2016-04-12 17:09 GMT+02:00 Chris Chiaverini <cchiaverini () bnl gov>:

Thank you, I will try testing with a different version.

In the meantime, attached is the config.log with more details on it.  This
looks to be a key point:

configure:14441: result: yes
configure:14622: checking for pcap_datalink in -lpcap
configure:14647: gcc -o conftest -g -O2  -I/usr/local/lib/
-I/usr/local/include -I/usr/local/include  -L/usr/local/lib
-L/usr/local/lib -L/usr/local/lib conftest.c -lpcap  -lnsl -lm -lm  >&5
/usr/local/lib/libpcap.a(pcap.o): In function `pcap_breakloop':
(.text+0x744): undefined reference to `pfring_breakloop'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_read_packet':
(.text+0x2ac): undefined reference to `pfring_recv'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_stats_linux':
(.text+0xcc3): undefined reference to `pfring_stats'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_cleanup_linux':
(.text+0x11d0): undefined reference to `pfring_close'
/usr/local/lib/libpcap.a(pcap-linux.o): In function
`pcap_setfilter_linux_common':
(.text+0x1c67): undefined reference to `pfring_get_bound_device_ifindex'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x2c6b): undefined reference to `pfring_enable_ring'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x2c77): undefined reference to `pfring_get_selectable_fd'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x2d60): undefined reference to `pfring_open'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x2d92): undefined reference to `pfring_set_socket_mode'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x2e39): undefined reference to `pfring_set_poll_watermark'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x3505): undefined reference to `pfring_enable_rss_rehash'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x3975): undefined reference to `pfring_set_application_name'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x39ae): undefined reference to `pfring_set_cluster'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x417b): undefined reference to `pfring_set_cluster'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x433b): undefined reference to `pfring_set_cluster'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x44fe): undefined reference to `pfring_set_cluster'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_activate_linux':
(.text+0x4536): undefined reference to `pfring_set_cluster'
/usr/local/lib/libpcap.a(pcap-linux.o):(.text+0x4553): more undefined
references to `pfring_set_cluster' follow
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_get_pfring_id':
(.text+0x5203): undefined reference to `pfring_get_ring_id'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_watermark':
(.text+0x526b): undefined reference to `pfring_set_poll_watermark'
/usr/local/lib/libpcap.a(pcap-linux.o): In function
`pcap_setdirection_linux':
(.text+0x1ea9): undefined reference to `pfring_set_direction'
/usr/local/lib/libpcap.a(pcap-linux.o): In function
`pcap_setdirection_linux':
(.text+0x1eb8): undefined reference to `pfring_set_direction'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_inject_linux':
(.text+0x1f9b): undefined reference to `pfring_send'
/usr/local/lib/libpcap.a(pcap-linux.o): In function
`pcap_set_appl_name_linux':
(.text+0x513d): undefined reference to `pfring_set_application_name'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_cluster':
(.text+0x515f): undefined reference to `pfring_set_cluster'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_master_id':
(.text+0x5218): undefined reference to `pfring_set_master_id'
/usr/local/lib/libpcap.a(pcap-linux.o): In function `pcap_set_master':
(.text+0x522f): undefined reference to `pfring_set_master'
/usr/local/lib/libpcap.a(pcap-linux.o): In function
`pcap_set_application_name':
(.text+0x5248): undefined reference to `pfring_set_application_name'
collect2: error: ld returned 1 exit status
configure:14647: $? = 1
configure: failed program was:
| /* confdefs.h */
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE_URL ""
| #define PACKAGE "snort"
| #define VERSION "2.9.8.2"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| #define LT_OBJDIR ".libs/"
| #define LINUX 1
| #define HAVE__BOOL 1
| #define HAVE_STDBOOL_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_MATH_H 1
| #define HAVE_PATHS_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_WCHAR_H 1
| #define HAVE_LIBM 1
| #define HAVE_LIBM 1
| #define HAVE_LIBNSL 1
| #define HAVE_SIGACTION 1
| #define HAVE_STRERROR 1
| #define HAVE_VSWPRINTF 1
| #define HAVE_WPRINTF 1
| #define HAVE_MEMRCHR 1
| #define HAVE_INET_NTOP 1
| #define HAVE_SNPRINTF /**/
| #define HAVE_MALLOC_TRIM 1
| #define HAVE_MALLINFO 1
| #define SIZEOF_CHAR 1
| #define SIZEOF_SHORT 2
| #define SIZEOF_INT 4
| #define SIZEOF_LONG_INT 8
| #define SIZEOF_LONG_LONG_INT 8
| #define SIZEOF_UNSIGNED_INT 4
| #define SIZEOF_UNSIGNED_LONG_INT 8
| #define SIZEOF_UNSIGNED_LONG_LONG_INT 8
| #define HAVE_U_INT8_T 1
| #define HAVE_U_INT16_T 1
| #define HAVE_U_INT32_T 1
| #define HAVE_U_INT64_T 1
| #define HAVE_UINT8_T 1
| #define HAVE_UINT16_T 1
| #define HAVE_UINT32_T 1
| #define HAVE_UINT64_T 1
| #define HAVE_INT8_T 1
| #define HAVE_INT16_T 1
| #define HAVE_INT32_T 1
| #define HAVE_INT64_T 1
| #define ERRLIST_PREDEFINED 1
| #define HAVE___FUNCTION__ 1
| /* end confdefs.h.  */
|
| /* Override any GCC internal prototype to avoid an error.
|    Use char because int might match the return type of a GCC
|    builtin and then its argument prototype would still apply.  */
| #ifdef __cplusplus
| extern "C"
| #endif
| char pcap_datalink ();
| int
| main ()
| {
| return pcap_datalink ();
|   ;
|   return 0;
| }



Regards,

Chris Chiaverini

On 04/12/2016 09:54 AM, Balasubramaniam Natarajan wrote:

You could be having a problem with libdumbnet or the former libdnet.

On Tue, Apr 12, 2016 at 2:26 AM, Chris Chiaverini <cchiaverini () bnl gov>
wrote:

Hello,

Has anyone compiled Snort w/ pfring on RHEL 7.x?  I am attempting on 7.2
and hitting an issue with libpcap linking.

I used the NTOP PF_RING RPM with snort source and it appears to be a
basic linking problem but I have specified them within the configure
options:

[root@squealer snort-2.9.8.2]# rpm -ql
pfring

/etc/init.d/cluster
/etc/init.d/pf_ring
/etc/init/pf_ring.conf
/etc/ld.so.conf.d/pf_ring.conf
/lib64/libanic.so
/lib64/libntapi.so
/lib64/libntos.so
/lib64/libsnf.so
/usr/local/bin/pfcount
/usr/local/bin/pfdnabounce
/usr/local/bin/pfdnacluster_master
/usr/local/bin/pfsend
/usr/local/bin/zbalance_ipc
/usr/local/bin/zcount
/usr/local/bin/zcount_ipc
/usr/local/bin/zsend
/usr/local/include/linux/pf_ring.h
/usr/local/include/pfring.h
/usr/local/include/pfring_zc.h
/usr/local/lib/daq/daq_pfring.la
/usr/local/lib/daq/daq_pfring.so
/usr/local/lib/daq/daq_pfring_zc.la
/usr/local/lib/daq/daq_pfring_zc.so
*/usr/local/lib/libpcap.a*
*/usr/local/lib/libpcap.so.1.6.2*
/usr/local/lib/libpfring.a
/usr/local/lib/libpfring.so
/usr/local/lib/libsfbpf.so.0
/usr/local/lib/libsfbpf.so.0.0.1
/usr/local/pfring/README-DAQ.1st
/usr/local/pfring/README.FIRST
[root@squealer snort-2.9.8.2]# ll /usr/local/lib/libpcap.*
*-rw-r--r--. 1 root root  479112 Apr  9 09:26 /usr/local/lib/libpcap.a*
*lrwxrwxrwx. 1 root root      16 Apr  4 14:25 /usr/local/lib/libpcap.so.1
-> libpcap.so.1.6.2*
*-rwxr-xr-x. 1 root root 1377998 Apr  9 09:26
/usr/local/lib/libpcap.so.1.6.2*
[root@squealer snort-2.9.8.2]#


[root@squealer snort-2.9.8.2]# cat ../configure_snort.sh
#!/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/dell/srvadmin/bin:/opt/dell/srvadmin/sbin:/root/bin:/opt/daq/bin
LD_LIBRARY_PATH=/opt/daq/lib:*/usr/local/lib*
:/lib64:/lib:/usr/lib64:/usr/lib:/usr/local/lib/daq
export PATH LD_LIBRARY_PATH

./configure --prefix=/opt/snort-2.9.8.2
--with-dnet-includes=/usr/local/include
--with-dnet-libraries=/usr/local/lib *--with-libpcap-includes=/usr/local/lib/
**--with-libpcap-libraries=/usr/local/lib *--with-libpfring-includes=/usr/local/include/daq
--with-libpfring-libraries=/usr/local/lib/daq
--with-daq-libraries=/usr/local/lib --with-daq-includes=/usr/local/include \
--enable-sourcefire \
--enable-zlib \
--enable-perfprofiling \
--enable-gre \
--enable-mpls \
--enable-targetbased \
--enable-ppm \
--enable-perfprofiling \
--enable-active-response \
--enable-normalizer \
--enable-reload \
--enable-react \
--enable-flexresp3 \
--enable-linux-smp-stats \
--enable-large-pcap \
--enable-targetbased \
--enable-sourcefire
[root@squealer snort-2.9.8.2]#


[root@squealer snort-2.9.8.2]# sh ../configure_snort.sh
configure: WARNING: unrecognized options: --enable-zlib
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes

<OMMITTED>

checking for INADDR_NONE... yes
checking for __FUNCTION__... yes
checking for pcap_datalink in -lpcap... no
checking pfring.h usability... yes
checking pfring.h presence... yes
checking for pfring.h... yes
checking for pfring_open in -lpfring... no
*checking for pfring_open in -lpcap... no*

*   ERROR!  Libpcap library/headers (libpcap.a (or .so)/pcap.h)*
*   not found, go get it from
<http://www.tcpdump.org>http://www.tcpdump.org <http://www.tcpdump.org>*
*   or use the --with-libpcap-* options, if you have it installed*
*   in unusual place.  Also check if your libpcap depends on another*
*   shared library that may be installed in an unusual place*
[root@squealer snort-2.9.8.2]#



--


Regards,

Chris Chiaverini



------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications
Manager
Applications Manager provides deep performance insights into multiple
tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!




--
Regards,
Balasubramaniam Natarajan
http://blog.etutorshop.com
https://www.youracclaim.com/user/balasubramaniam-natarajan




------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications
Manager
Applications Manager provides deep performance insights into multiple
tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort with PF_RING - Compile question Chris Chiaverini (Apr 11)
- Re: Snort with PF_RING - Compile question Balasubramaniam Natarajan (Apr 12)
  - Re: Snort with PF_RING - Compile question Chris Chiaverini (Apr 12)
    - Re: Snort with PF_RING - Compile question Eugenio Pérez (Apr 18)