<div dir="ltr"><div><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic">Cloning directly from master yields a build that works on my system, but I'd rather stick to released builds.</span></div><div><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><br class=""></span><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic">cd oisf</span><br style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic">git clone </span><a class="" href="https://github.com/OISF/libhtp.git" style="color:rgb(17,102,153);text-decoration:none;padding-left:12px;font-family:Verdana,sans-serif;font-size:12px;font-style:italic;background-image:url(https://redmine.openinfosecfoundation.org/images/external.png);background-repeat:no-repeat">https://github.com/OISF/libhtp.git</a><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"> -b 0.5.x</span><br style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic">./autogen.sh </span><br style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic">./configure --enable-pfring --with-libpfring-includes=/usr/local/pfring/include \</span><br style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic">--with-libpfring-libraries=/usr/local/pfring/lib</span><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><br></span></div><div><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><br></span></div><div><span style="color:rgb(72,72,72);font-family:Verdana,sans-serif;font-size:12px;font-style:italic"><br></span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Feb 22, 2015 at 11:04 AM, Andy Schworer <span dir="ltr"><<a href="mailto:schworer@gmail.com" target="_blank">schworer@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks for the quick responses. Removing --with-libpcap-includes and --with-libpcap-libraries didn't change the results.<div><br></div><div>below is my PF ring install script.<br><div><br></div><div><div>#<a href="http://sourceforge.net/projects/ntop/files/PF_RING/PF_RING-6.0.2.tar.gz/download" target="_blank">http://sourceforge.net/projects/ntop/files/PF_RING/PF_RING-6.0.2.tar.gz/download</a></div><div>tar -xvf PF_RING-6.0.2.tar.gz</div><div>cd PF_RING-6.0.2/</div><div>cd kernel; make; </div><div>sudo su</div><div>make install; modprobe pf_ring;</div><div>cd ../userland/lib</div><div>./configure --prefix=/usr/local/pfring && make && sudo make install</div><div>cd ../libpcap-1.1.1-ring</div><div>./configure --prefix=/usr/local/pfring && make && sudo make install</div><div>echo "/usr/local/pfring/lib" >> /etc/ld.so.conf</div><div>cd ../tcpdump-4.1.1</div><div>./configure --prefix=/usr/local/pfring && make && sudo make install</div><div># Add PF_RING to the ldconfig include list</div><div>echo "PATH=$PATH:/usr/local/pfring/bin:/usr/local/pfring/sbin" >> /etc/bash.bashrc</div><div>cat /proc/net/pf_ring/info</div><div><br></div><div><br></div><div><br></div></div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Feb 22, 2015 at 4:16 AM, Peter Manev <span dir="ltr"><<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Sun, Feb 22, 2015 at 12:58 PM, Michał Purzyński<br>
<<a href="mailto:michalpurzynski1@gmail.com" target="_blank">michalpurzynski1@gmail.com</a>> wrote:<br>
> Both the --with-libpcap-includes and --with-libpcap-libraries are not<br>
> necessary at all. Suricata will use pfring_open() directly, without<br>
> going through libpcap.<br>
><br>
<br>
</span>Correct - I have updated the docs for PF_RING on the wiki -<br>
<a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation</a><br>
<br>
Andy please make sure you have installed the pf_ring correctly though.<br>
<br>
thanks<br>
<div><div><br>
> On Sun, Feb 22, 2015 at 10:39 AM, Peter Manev <<a href="mailto:petermanev@gmail.com" target="_blank">petermanev@gmail.com</a>> wrote:<br>
>> On Sun, Feb 22, 2015 at 6:02 AM, Andy Schworer <<a href="mailto:schworer@gmail.com" target="_blank">schworer@gmail.com</a>> wrote:<br>
>>> I'm having trouble getting the ./configure script to complete for Suricata<br>
>>> 2.0.6 with the following options. With pf_ring 6.0.2 "vanilla" built and<br>
>>> installed.<br>
>>><br>
>>> uname -a Linux hosta 3.13.0-45-generic #74~precise1-Ubuntu SMP Thu Jan 15<br>
>>> 20:21:55 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux<br>
>>><br>
>>> ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc/suricata/<br>
>>> --localstatedir=/usr/local/var/<br>
>>> --with-libpfring-libraries=/usr/local/pfring/lib<br>
>>> --with-libpfring-includes=/usr/local/pfring/include<br>
>>> --with-libpcap-includes=/usr/local/pfring/include<br>
>>> --with-libpcap-libraries=/usr/local/pfring/lib --enable-pfring<br>
>>> --enable-geoip --disable-profiling<br>
>>><br>
>>> I get the following error:<br>
>>> ...<br>
>>><br>
>>> checking pcap/pcap.h presence... yes<br>
>>><br>
>>> checking for pcap/pcap.h... yes<br>
>>><br>
>>> checking pcap/bpf.h usability... yes<br>
>>><br>
>>> checking pcap/bpf.h presence... yes<br>
>>><br>
>>> checking for pcap/bpf.h... yes<br>
>>><br>
>>> checking for pcap_open_live in -lpcap... no<br>
>>><br>
>>><br>
>>> ERROR! libpcap library not found, go get it<br>
>>><br>
>>> from <a href="http://www.tcpdump.org" target="_blank">http://www.tcpdump.org</a> or your distribution:<br>
>>><br>
>>><br>
>>> Ubuntu: apt-get install libpcap-dev<br>
>>><br>
>>> Fedora: yum install libpcap-devel<br>
>>><br>
>>><br>
>>><br>
>>> The following shows that libpcap library and pcap.h are installed in the<br>
>>> right paths being supplied to the configure script.I<br>
>>><br>
>>> ls -l /usr/local/pfring/include/<br>
>>><br>
>>> total 116<br>
>>><br>
>>> drwxr-xr-x 2 root root 4096 Feb 21 19:51 pcap<br>
>>><br>
>>> -rw-r--r-- 1 root root 2393 Feb 21 19:51 pcap-bpf.h<br>
>>><br>
>>> -rw-r--r-- 1 root root 2320 Feb 21 19:51 pcap.h<br>
>>><br>
>>> -rw-r--r-- 1 root root 2125 Feb 21 19:51 pcap-namedb.h<br>
>>><br>
>>> -rw-r--r-- 1 root root 57700 Feb 21 19:51 pfring.h<br>
>>><br>
>>> -rw-r--r-- 1 root root 12321 Feb 21 19:51 pfring_mod_sysdig.h<br>
>>><br>
>>> -rw-r--r-- 1 root root 20974 Feb 21 19:51 pfring_zc.h<br>
>>><br>
>>><br>
>>> ls -l /usr/local/pfring/lib/<br>
>>><br>
>>> total 1928<br>
>>><br>
>>> -rw-r--r-- 1 root root 412264 Feb 21 19:51 libpcap.a<br>
>>><br>
>>> lrwxrwxrwx 1 root root 12 Feb 21 19:51 libpcap.so -> libpcap.so.1<br>
>>><br>
>>> lrwxrwxrwx 1 root root 16 Feb 21 19:51 libpcap.so.1 -> libpcap.so.1.1.1<br>
>>><br>
>>> -rwxr-xr-x 1 root root 609569 Feb 21 19:51 libpcap.so.1.1.1<br>
>>><br>
>>> -rw-r--r-- 1 root root 537384 Feb 21 19:51 libpfring.a<br>
>>><br>
>>> -rwxr-xr-x 1 root root 407811 Feb 21 19:51 libpfring.so<br>
>>><br>
>>><br>
>>> Has anyone else had this issue?<br>
>>><br>
>>><br>
>>><br>
>>> _______________________________________________<br>
>>> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
>>> Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
>>> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
>>> Training now available: <a href="http://suricata-ids.org/training/" target="_blank">http://suricata-ids.org/training/</a><br>
>><br>
>><br>
>> How did you compile/install pf-ring?<br>
>><br>
>> Did you follow the instructions here -<br>
>> <a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204#Pre-installation-requirements" target="_blank">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204#Pre-installation-requirements</a><br>
>><br>
>><br>
>><br>
>> Thanks<br>
>><br>
>><br>
>> --<br>
>> Regards,<br>
>> Peter Manev<br>
>> _______________________________________________<br>
>> Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
>> Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
>> List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
>> Training now available: <a href="http://suricata-ids.org/training/" target="_blank">http://suricata-ids.org/training/</a><br>
<br>
<br>
<br>
</div></div><span><font color="#888888">--<br>
Regards,<br>
Peter Manev<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>