[Oisf-devel] Suricata compile fail with current git and PF_RING svn

Peter Manev petermanev at gmail.com
Sun Feb 23 13:53:16 UTC 2014 

On Sun, Feb 23, 2014 at 3:26 AM, Johan Karlsson
<johan.karlsson at deltamanagement.se> wrote:
>>On Thu, Feb 6, 2014 at 6:00 PM, Mark Stingley <mark.stingley at gmail.com> wrote:
>>> Over the past two days, I've pulled the latest builds for both pf_ring and
>>> Suricata.  After successfully compiling pf_ring, compilation of Suricata
>>> failed.
>>>
>>> Variations of this command were tried:
>>>
>>> ./autogen.sh && LIBS=-lrt ./configure --enable-pfring --enable-geoip
>>> --with-libpfring-includes=/usr/local/pfring/include/
>>> --with-libpfring-libraries=/usr/local/pfring/lib/
>>> --with-libpcap-includes=/usr/local/pfring/include/
>>> --with-libpcap-libraries=/usr/local/pfring/lib/
>>> --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/
>>> --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr
>>> && sudo make clean && sudo make && sudo make install && sudo ldconfig
>>>
>>> I kept getting this error:
>>>
>>> checking for pfring_open in -lpfring... no
>>> checking for pfring_stats in -lpfring... no
>>>
>>>    ERROR! --enable-pfring was passed but the library was not found or
>>> version is >4, go get it
>>
>>
>>Which pfring version is it that you are using?
>>Did your pfring installation go without a problem?
>>Do you see the correct pfring libraries under "/usr/local/pfring/lib/"
>>and includes under "/usr/local/pfring/include/"?
>>Can you try without " LIBS=-lrt" ?
>>
>>
>>> configure:16088: checking for pfring_stats in -lpfring
>>> configure:16113: gcc -o conftest -g -O2 -Wextra
>>> -Werror-implicit-function-declaration -fno-tree-pre -Wall
>>> -Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11 -D_BSD_SOURCE
>>> -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_PFRING
>>> -I/opt/PF_RING/include   -L/opt/PF_RING/lib conftest.c -lpfring -lpcap -lrt
>>> -lnet -lpthread -lyaml -lpcre  >&5
>>> /usr/local/lib/libpfring.so: undefined reference to `numa_node_of_cpu'
>>> /usr/local/lib/libpfring.so: undefined reference to `numa_bind'
>>> /usr/local/lib/libpfring.so: undefined reference to `numa_parse_nodestring'
>>> /usr/local/lib/libpfring.so: undefined reference to `numa_available'
>>>
>>>  pass --enable-non-bundled-htp to Suricata's configure script.
>>>   Add --with-libhtp-includes=<dir> and --with-libhtp-libraries=<dir> if
>>>   libhtp is not installed in the include and library paths.
>>>
>>> After downloading the stable releases of both pf_ring and Suricata, both
>>> compiled and installed successfully.
>>>
>>> Any ideas?
>>>
>>> Thanks.
>>>
>>> Mark
>>>
>>
>>--
>>Regards,
>>Peter Manev
>
> Hi!
>
> I just joined the mailing list today, to share my findings as I just ran into this issue myself.
>
> Basically, it all boils down to the "recent" changes in Debian/Ubuntu regarding DSO linking. Read about it and the bugs and issues that followed here:
>
> https://wiki.debian.org/ToolChain/DSOLinking
>
> I've checked several Suricata+PF_RING guides, and it's apparent that the passing of LIBS="-lrt" before running ./configure was introduced due to undefined references for 'clock_gettime' due to the linking changes. The link above gives hints about specifying lib flags via "LIBS" before running configure can be a solution in many cases.
>
> What's happened in PF_RING of late seems to be that code that requires numa functions was introduced. In fact, on Debian, you now have to install libnuma-dev prior to building PF_RING from SVN.
>
> Seems to have to do with PF_RING DNA cluster:
>
> nm -u libpfring.a
>
> pfring_dna_cluster.o:
>          ...
>          U numa_available
>          U numa_bind
>          U numa_node_of_cpu
>          U numa_parse_nodestring
>          ...
>
> So the solution in whole is (Debian example):
>
> ---
> apt-get install libnuma-dev
>
> <check out and install PF_RING like before>
>
> <check out Suricata>
>
> And then when configuring do:
>
> ./autogen.sh && LIBS="-lrt -lnuma" ./configure --enable-pfring
> ---

Yes, I just did a fresh  VM install to experiment and can confirm that
this is the case.
I will try see if any other OSs have the same issues.

Should we do that (just update the wiki) or should we explore the
opportunity to include that check in the configure scripts during
build time?
(as was the case with  LIBS="-lrt" , bug/feature report)


>
> Oh, and if any people responsible for guides (both on OISF and on the PF_RING website) are reading this; in addition to the above, I found out that libmagic-dev was needed in order to compile Suricata too. IIRC that dependency isn't listed in any of the guides (Debian/Ubuntu)
>

I believe libmagic-dev is correctly instructed to be included in the
wiki guides.

Thank you


> Regards,
>
> Johan Karlsson
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/



-- 
Regards,
Peter Manev

More information about the Oisf-devel mailing list