[Oisf-users] Suricata with PF_RING on latest git
Luca Deri
deri at ntop.org
Fri Jul 6 07:48:28 EDT 2012
Chris,
I have committed the fix: it make sense to me.
Thanks Luca
On 07/06/2012 01:41 PM, Chris Wakelin wrote:
> Another possible fix for this pthread issue is to patch the Makefile for
> PF_RING's libpcap:
>
> --- userland/libpcap-1.1.1-ring/Makefile.in.orig 2011-11-18
> 14:26:16.000000000 +0000
> +++ userland/libpcap-1.1.1-ring/Makefile.in 2012-07-06
> 12:28:15.095829722 +0100
> @@ -48,7 +48,7 @@
> CC = @CC@
> CCOPT = @V_CCOPT@
> PF_RING_INCLUDES=-I ../../kernel -I ../lib
> -PF_RING_LIBS= ../lib/libpfring.a
> +PF_RING_LIBS= ../lib/libpfring.a -lpthread
> INCLS = -I. @V_INCLS@ $(PF_RING_INCLUDES)
> DEFS = @DEFS@ @V_DEFS@ -DHAVE_PF_RING
> ADDLOBJS = @ADDLOBJS@
>
> (which matches what's in the Makefile.in for tcpdump-1.1.1) and running
> "./configure; make" gives
>
>> ldd libpcap.so.1.1.1
>> linux-vdso.so.1 => (0x00007fffc84b3000)
>> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f5e52bd5000)
>> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f5e52818000)
>> /lib64/ld-linux-x86-64.so.2 (0x00007f5e53050000)
> and the original Suricata configure script now works.
>
> I also hit problems with Bro that are fixed by this.
>
> Luca, is this a correct fix?
>
> Strange that it's only a problem in Ubuntu 12.0.4!
>
> Best Wishes,
> Chris
>
> On 04/07/12 21:36, Chris Wakelin wrote:
>> Actually, I hit the same problem.
>>
>> The issue seems to be the libpthread library doesn't get found.
>>
>> When you build PF_RING libraries you find the shared library depends on
>> libpthread:
>>
>>> ldd libpfring.so
>>> linux-vdso.so.1 => (0x00007fff681c0000)
>>> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fb691144000)
>>> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb690d87000)
>>> /lib64/ld-linux-x86-64.so.2 (0x00007fb691589000)
>> but the shared libcap library (which is statically linked to
>> libpfring.a) doesn't:
>>
>>> ldd libpcap.so.1.1.1
>>> linux-vdso.so.1 => (0x00007fffd8385000)
>>> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f695471b000)
>>> /lib64/ld-linux-x86-64.so.2 (0x00007f6954d36000)
>> I'm not good enough at this sort of thing to know how to fix it
>> properly, but I hacked the Suricata "configure" script to add
>> "-lpthread" explicitly:-
>>
>> $as_echo_n "checking for pcap_open_live in -lpcap... ">&6; }
>> if ${ac_cv_lib_pcap_pcap_open_live+:} false; then :
>> $as_echo_n "(cached) ">&6
>> else
>> ac_check_lib_save_LIBS=$LIBS
>> -LIBS="-lpcap $LIBS"
>> +LIBS="-lpcap -lpthread $LIBS"
>>
>> which seems to fix it.
>>
>> What confuses me is that "-lpthread" is already in the generated compile
>> flags, but somehow the order matters, at least in Ubuntu 12.04.
>>
>> Best Wishes,
>> Chris
More information about the Oisf-users
mailing list