[Oisf-devel] Suricata compile fail with current git and PF_RING svn

Johan Karlsson johan.karlsson at deltamanagement.se
Sun Feb 23 02:26:46 UTC 2014 

>On Thu, Feb 6, 2014 at 6:00 PM, Mark Stingley <mark.stingley at gmail.com> wrote:
>> Over the past two days, I've pulled the latest builds for both pf_ring and
>> Suricata.  After successfully compiling pf_ring, compilation of Suricata
>> failed.
>>
>> Variations of this command were tried:
>>
>> ./autogen.sh && LIBS=-lrt ./configure --enable-pfring --enable-geoip
>> --with-libpfring-includes=/usr/local/pfring/include/
>> --with-libpfring-libraries=/usr/local/pfring/lib/
>> --with-libpcap-includes=/usr/local/pfring/include/
>> --with-libpcap-libraries=/usr/local/pfring/lib/
>> --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/
>> --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr
>> && sudo make clean && sudo make && sudo make install && sudo ldconfig
>>
>> I kept getting this error:
>>
>> checking for pfring_open in -lpfring... no
>> checking for pfring_stats in -lpfring... no
>>
>>    ERROR! --enable-pfring was passed but the library was not found or
>> version is >4, go get it
>
>
>Which pfring version is it that you are using?
>Did your pfring installation go without a problem?
>Do you see the correct pfring libraries under "/usr/local/pfring/lib/"
>and includes under "/usr/local/pfring/include/"?
>Can you try without " LIBS=-lrt" ?
>
>
>> configure:16088: checking for pfring_stats in -lpfring
>> configure:16113: gcc -o conftest -g -O2 -Wextra
>> -Werror-implicit-function-declaration -fno-tree-pre -Wall
>> -Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11 -D_BSD_SOURCE
>> -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_PFRING
>> -I/opt/PF_RING/include   -L/opt/PF_RING/lib conftest.c -lpfring -lpcap -lrt
>> -lnet -lpthread -lyaml -lpcre  >&5
>> /usr/local/lib/libpfring.so: undefined reference to `numa_node_of_cpu'
>> /usr/local/lib/libpfring.so: undefined reference to `numa_bind'
>> /usr/local/lib/libpfring.so: undefined reference to `numa_parse_nodestring'
>> /usr/local/lib/libpfring.so: undefined reference to `numa_available'
>>
>>  pass --enable-non-bundled-htp to Suricata's configure script.
>>   Add --with-libhtp-includes=<dir> and --with-libhtp-libraries=<dir> if
>>   libhtp is not installed in the include and library paths.
>>
>> After downloading the stable releases of both pf_ring and Suricata, both
>> compiled and installed successfully.
>>
>> Any ideas?
>>
>> Thanks.
>>
>> Mark
>>
>
>-- 
>Regards,
>Peter Manev

Hi!

I just joined the mailing list today, to share my findings as I just ran into this issue myself.

Basically, it all boils down to the "recent" changes in Debian/Ubuntu regarding DSO linking. Read about it and the bugs and issues that followed here: 

https://wiki.debian.org/ToolChain/DSOLinking

I've checked several Suricata+PF_RING guides, and it's apparent that the passing of LIBS="-lrt" before running ./configure was introduced due to undefined references for 'clock_gettime' due to the linking changes. The link above gives hints about specifying lib flags via "LIBS" before running configure can be a solution in many cases.

What's happened in PF_RING of late seems to be that code that requires numa functions was introduced. In fact, on Debian, you now have to install libnuma-dev prior to building PF_RING from SVN. 

Seems to have to do with PF_RING DNA cluster:

nm -u libpfring.a

pfring_dna_cluster.o:
         ...
         U numa_available
         U numa_bind
         U numa_node_of_cpu
         U numa_parse_nodestring
         ...

So the solution in whole is (Debian example):

---
apt-get install libnuma-dev

<check out and install PF_RING like before>

<check out Suricata>

And then when configuring do:

./autogen.sh && LIBS="-lrt -lnuma" ./configure --enable-pfring
---

Oh, and if any people responsible for guides (both on OISF and on the PF_RING website) are reading this; in addition to the above, I found out that libmagic-dev was needed in order to compile Suricata too. IIRC that dependency isn't listed in any of the guides (Debian/Ubuntu)

Regards,

Johan Karlsson

More information about the Oisf-devel mailing list