[Oisf-devel] Suricata 1.2.1 + OpenBSD
Markus Lude
markus.lude at gmx.de
Fri Apr 27 10:57:00 UTC 2012
On Fri, Apr 27, 2012 at 09:42:39AM +0200, Henri Wahl wrote:
> Hi Markus,
>
> > Which packages do you have installed or do you build dependancies from
> > source? If the later: how do you build them?
>
> Like described on
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/OpenBSD_Installation_from_GIT
> I installed gcc, pcre, libtool, libyaml and libnet via pkg_add.
> >
> > I wonder because of -DLIBPCAP_VERSION_MAJOR=1 and -DHAVE_PCAP_SET_BUFF.
>
> The pcap-related lines from ./configure look are these:
>
> checking pcap.h usability... yes
> checking pcap.h presence... yes
> checking for pcap.h... yes
> checking for pcap_open_live in -lpcap... yes
> checking for pcap_activate in -lpcap... yes
> checking for pcap_set_buffer_size in -lpcap... yes
> checking for pkg-config... /usr/bin/pkg-config
> checking pkg-config is at least version 0.9.0... yes
> checking cap-ng.h usability... no
> checking cap-ng.h presence... no
> checking for cap-ng.h... no
>
> WARNING! libcap-ng library not found, go get it
> from http://people.redhat.com/sgrubb/libcap-ng/
> or check your package manager.
>
> Suricata will be built without support for dropping privs.
>
> On the same machine at the moment runs Snort 2.9.1 which I want to
> replace with Suricata and this Snort needed adding libpcap from
> tcpdump.org. Might there be interferences between
> /usr/local/include/pcap.h and /usr/include/pcap.h? Anyway, compiling of
> Suricata even fails on machines withaut the extra libpcap.
You have two different libpcap installed. Can you determine which is
picked up when? I guess not. pcap_set_buffer_size for example is picked
up from the libpcap you build from source, not the one in base. pcap in
base has no pcap_set_buffer_size.
Just out of interest, could you send me the steps you do for snort
2.9.1? On i386 or on amd64? Thanks.
Regards,
Markus
More information about the Oisf-devel
mailing list