[Oisf-devel] Suricata compile fail with current git and PF_RING svn
Eric Leblond
eric at regit.org
Sun Feb 23 15:40:10 UTC 2014
Hello
I seriously don't know if we need to support PF_RING from svn. We have seen by the past problems appearing and disappearing for people using svn version. In this case, this is a bug in pf_ring who should link with the numa libs and require the devel harder to be installed at compile time. So please ask for a fix to of pf_ring team.
IMHO we should fix the supported versions of pf_ring to avoid any comparable issue in the future.
BR,
Le 23 févr. 2014 14:53, Peter Manev <petermanev at gmail.com> a écrit :
>
> On Sun, Feb 23, 2014 at 3:26 AM, Johan Karlsson
> <johan.karlsson at deltamanagement.se> wrote:
> >>On Thu, Feb 6, 2014 at 6:00 PM, Mark Stingley <mark.stingley at gmail.com> wrote:
> >>> Over the past two days, I've pulled the latest builds for both pf_ring and
> >>> Suricata. After successfully compiling pf_ring, compilation of Suricata
> >>> failed.
> >>>
> >>> Variations of this command were tried:
> >>>
> >>> ./autogen.sh && LIBS=-lrt ./configure --enable-pfring --enable-geoip
> >>> --with-libpfring-includes=/usr/local/pfring/include/
> >>> --with-libpfring-libraries=/usr/local/pfring/lib/
> >>> --with-libpcap-includes=/usr/local/pfring/include/
> >>> --with-libpcap-libraries=/usr/local/pfring/lib/
> >>> --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/
> >>> --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr
> >>> && sudo make clean && sudo make && sudo make install && sudo ldconfig
> >>>
> >>> I kept getting this error:
> >>>
> >>> checking for pfring_open in -lpfring... no
> >>> checking for pfring_stats in -lpfring... no
> >>>
> >>> ERROR! --enable-pfring was passed but the library was not found or
> >>> version is >4, go get it
> >>
> >>
> >>Which pfring version is it that you are using?
> >>Did your pfring installation go without a problem?
> >>Do you see the correct pfring libraries under "/usr/local/pfring/lib/"
> >>and includes under "/usr/local/pfring/include/"?
> >>Can you try without " LIBS=-lrt" ?
> >>
> >>
> >>> configure:16088: checking for pfring_stats in -lpfring
> >>> configure:16113: gcc -o conftest -g -O2 -Wextra
> >>> -Werror-implicit-function-declaration -fno-tree-pre -Wall
> >>> -Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11 -D_BSD_SOURCE
> >>> -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_PFRING
> >>> -I/opt/PF_RING/include -L/opt/PF_RING/lib conftest.c -lpfring -lpcap -lrt
> >>> -lnet -lpthread -lyaml -lpcre >&5
> >>> /usr/local/lib/libpfring.so: undefined reference to `numa_node_of_cpu'
> >>> /usr/local/lib/libpfring.so: undefined reference to `numa_bind'
> >>> /usr/local/lib/libpfring.so: undefined reference to `numa_parse_nodestring'
> >>> /usr/local/lib/libpfring.so: undefined reference to `numa_available'
> >>>
> >>> pass --enable-non-bundled-htp to Suricata's configure script.
> >>> Add --with-libhtp-includes=<dir> and --with-libhtp-libraries=<dir> if
> >>> libhtp is not installed in the include and library paths.
> >>>
> >>> After downloading the stable releases of both pf_ring and Suricata, both
> >>> compiled and installed successfully.
> >>>
> >>> Any ideas?
> >>>
> >>> Thanks.
> >>>
> >>> Mark
> >>>
> >>
> >>--
> >>Regards,
> >>Peter Manev
> >
> > Hi!
> >
> > I just joined the mailing list today, to share my findings as I just ran into this issue myself.
> >
> > Basically, it all boils down to the "recent" changes in Debian/Ubuntu regarding DSO linking. Read about it and the bugs and issues that followed here:
> >
> > https://wiki.debian.org/ToolChain/DSOLinking
> >
> > I've checked several Suricata+PF_RING guides, and it's apparent that the passing of LIBS="-lrt" before running ./configure was introduced due to undefined references for 'clock_gettime' due to the linking changes. The link above gives hints about specifying lib flags via "LIBS" before running configure can be a solution in many cases.
> >
> > What's happened in PF_RING of late seems to be that code that requires numa functions was introduced. In fact, on Debian, you now have to install libnuma-dev prior to building PF_RING from SVN.
> >
> > Seems to have to do with PF_RING DNA cluster:
> >
> > nm -u libpfring.a
> >
> > pfring_dna_cluster.o:
> > ...
> > U numa_available
> > U numa_bind
> > U numa_node_of_cpu
> > U numa_parse_nodestring
> > ...
> >
> > So the solution in whole is (Debian example):
> >
> > ---
> > apt-get install libnuma-dev
> >
> > <check out and install PF_RING like before>
> >
> > <check out Suricata>
> >
> > And then when configuring do:
> >
> > ./autogen.sh && LIBS="-lrt -lnuma" ./configure --enable-pfring
> > ---
>
> Yes, I just did a fresh VM install to experiment and can confirm that
> this is the case.
> I will try see if any other OSs have the same issues.
>
> Should we do that (just update the wiki) or should we explore the
> opportunity to include that check in the configure scripts during
> build time?
> (as was the case with LIBS="-lrt" , bug/feature report)
>
>
> >
> > Oh, and if any people responsible for guides (both on OISF and on the PF_RING website) are reading this; in addition to the above, I found out that libmagic-dev was needed in order to compile Suricata too. IIRC that dependency isn't listed in any of the guides (Debian/Ubuntu)
> >
>
> I believe libmagic-dev is correctly instructed to be included in the
> wiki guides.
>
> Thank you
>
>
> > Regards,
> >
> > Johan Karlsson
> > _______________________________________________
> > Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> > Redmine: https://redmine.openinfosecfoundation.org/
>
>
>
> --
> Regards,
> Peter Manev
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
More information about the Oisf-devel
mailing list