[Oisf-users] Suricata with PF_RING on latest git
Eric Leblond
eric at regit.org
Wed Jul 4 16:44:39 EDT 2012
Hello,
Le mercredi 04 juillet 2012 à 21:36 +0100, Chris Wakelin a écrit :
> Actually, I hit the same problem.
>
> The issue seems to be the libpthread library doesn't get found.
>
> When you build PF_RING libraries you find the shared library depends on
> libpthread:
>
> > ldd libpfring.so
> > linux-vdso.so.1 => (0x00007fff681c0000)
> > libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fb691144000)
> > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb690d87000)
> > /lib64/ld-linux-x86-64.so.2 (0x00007fb691589000)
>
> but the shared libcap library (which is statically linked to
> libpfring.a) doesn't:
>
> > ldd libpcap.so.1.1.1
> > linux-vdso.so.1 => (0x00007fffd8385000)
> > libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f695471b000)
> > /lib64/ld-linux-x86-64.so.2 (0x00007f6954d36000)
>
> I'm not good enough at this sort of thing to know how to fix it
> properly, but I hacked the Suricata "configure" script to add
> "-lpthread" explicitly:-
>
> $as_echo_n "checking for pcap_open_live in -lpcap... " >&6; }
> if ${ac_cv_lib_pcap_pcap_open_live+:} false; then :
> $as_echo_n "(cached) " >&6
> else
> ac_check_lib_save_LIBS=$LIBS
> -LIBS="-lpcap $LIBS"
> +LIBS="-lpcap -lpthread $LIBS"
>
> which seems to fix it.
>
> What confuses me is that "-lpthread" is already in the generated compile
> flags, but somehow the order matters, at least in Ubuntu 12.04.
That's weird! I will have a look. I'm currently downloading an ubuntu.
People should really use af-packet instead of pf-ring ;)
BR,
>
> Best Wishes,
> Chris
>
> On 04/07/12 20:35, Edward Fjellskål wrote:
> > On 06/19/2012 03:55 PM, Peter Bates wrote:
> >>
> >> Hello again all
> >>
> >> I'm mostly trying to follow:
> >> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104
> >
> > I
> >>
> > just tried:
> > https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204
> >
> > on a new installed host.
> >
> > Same issues as Peter :(
> >
> > also:
> > "If I install libpcap-dev (i.e. the distro supplied one)
> > then everything builds okay."
> >
> > And it seems to work okay... from a 5 minute test...
> >
> > E
> >
> >
> >> At the moment it doesn't seem to build with libpcap in another
> >> location either - or am I missing something?
> >>
> >> ./configure --with-libpcap-includes=/usr/local/include
> >> --with-libpcap-libraries=/usr/local/lib
> >>
> >> checking pcap.h usability... yes checking pcap.h presence... yes
> >> checking for pcap.h... yes checking for pcap_open_live in -lpcap...
> >> no
> >>
> >> ERROR! libpcap library not found, go get it from
> >> http://www.tcpdump.org or your distribution:
> >>
> >> Ubuntu: apt-get install libpcap-dev Fedora: yum install
> >> libpcap-devel
> >>
> >> In config.log:
> >>
> >> configure:15618: checking for pcap.h configure:15618: result: yes
> >> configure:15632: checking for pcap_open_live in -lpcap
> >> configure:15657: gcc -o conftest -g -O2 -Wextra -Wall
> >> -fno-strict-aliasing -fno-tree-pre -Wno-unused-parameter -std=gnu99
> >> -march=native -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE
> >> -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -I/usr/local/include
> >> -L/usr/local/lib conftest.c -lpcap -lnet -lpthread -lyaml -lpcre
> >>> &5 /usr/local/lib/libpcap.so: undefined reference to
> >> `pfring_get_ring_id' /usr/local/lib/libpcap.so: undefined reference
> >> to `pfring_breakloop' /usr/local/lib/libpcap.so: undefined
> >> reference to `pfring_enable_ring' /usr/local/lib/libpcap.so:
> >> undefined reference to `pfring_send' <snip>
> >>
> >> I can see there is clearly an interaction between the PF_RING
> >> modified libpcap and this process.
> >>
> >> If I install libpcap-dev (i.e. the distro supplied one) then
> >> everything builds okay.
> >>
> >>
> >> _______________________________________________ Oisf-users mailing
> >> list Oisf-users at openinfosecfoundation.org
> >> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >>
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
>
>
--
Eric Leblond
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120704/9f738f47/attachment.bin
More information about the Oisf-users
mailing list