[Oisf-users] Suricata with PF_RING on latest git

Eric Leblond eric at regit.org
Wed Jul 4 20:44:39 UTC 2012


Hello,

Le mercredi 04 juillet 2012 à 21:36 +0100, Chris Wakelin a écrit :
> Actually, I hit the same problem.
> 
> The issue seems to be the libpthread library doesn't get found.
> 
> When you build PF_RING libraries you find the shared library depends on
> libpthread:
> 
> > ldd libpfring.so 
> >         linux-vdso.so.1 =>  (0x00007fff681c0000)
> >         libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fb691144000)
> >         libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb690d87000)
> >         /lib64/ld-linux-x86-64.so.2 (0x00007fb691589000)
> 
> but the shared libcap library (which is statically linked to
> libpfring.a) doesn't:
> 
> > ldd libpcap.so.1.1.1 
> >         linux-vdso.so.1 =>  (0x00007fffd8385000)
> >         libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f695471b000)
> >         /lib64/ld-linux-x86-64.so.2 (0x00007f6954d36000)
> 
> I'm not good enough at this sort of thing to know how to fix it
> properly, but I hacked the Suricata "configure" script to add
> "-lpthread" explicitly:-
> 
>  $as_echo_n "checking for pcap_open_live in -lpcap... " >&6; }
>  if ${ac_cv_lib_pcap_pcap_open_live+:} false; then :
>    $as_echo_n "(cached) " >&6
>  else
>    ac_check_lib_save_LIBS=$LIBS
> -LIBS="-lpcap $LIBS"
> +LIBS="-lpcap -lpthread $LIBS"
> 
> which seems to fix it.
> 
> What confuses me is that "-lpthread" is already in the generated compile
> flags, but somehow the order matters, at least in Ubuntu 12.04.

That's weird! I will have a look. I'm currently downloading an ubuntu.

People should really use af-packet instead of pf-ring ;)

BR,

> 
> Best Wishes,
> Chris
> 
> On 04/07/12 20:35, Edward Fjellskål wrote:
> > On 06/19/2012 03:55 PM, Peter Bates wrote:
> >>
> >> Hello again all
> >>
> >> I'm mostly trying to follow: 
> >> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104
> > 
> > I
> >>
> > just tried:
> > https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204
> > 
> > on a new installed host.
> > 
> > Same issues as Peter :(
> > 
> > also:
> > "If I install libpcap-dev (i.e. the distro supplied one)
> > then everything builds okay."
> > 
> > And it seems to work okay... from a 5 minute test...
> > 
> > E
> > 
> > 
> >> At the moment it doesn't seem to build with libpcap in another 
> >> location either - or am I missing something?
> >>
> >> ./configure --with-libpcap-includes=/usr/local/include 
> >> --with-libpcap-libraries=/usr/local/lib
> >>
> >> checking pcap.h usability... yes checking pcap.h presence... yes 
> >> checking for pcap.h... yes checking for pcap_open_live in -lpcap...
> >> no
> >>
> >> ERROR!  libpcap library not found, go get it from
> >> http://www.tcpdump.org or your distribution:
> >>
> >> Ubuntu: apt-get install libpcap-dev Fedora: yum install
> >> libpcap-devel
> >>
> >> In config.log:
> >>
> >> configure:15618: checking for pcap.h configure:15618: result: yes 
> >> configure:15632: checking for pcap_open_live in -lpcap 
> >> configure:15657: gcc -o conftest -g -O2 -Wextra -Wall
> >> -fno-strict-aliasing -fno-tree-pre -Wno-unused-parameter -std=gnu99
> >> -march=native -DHAVE_LIBNET11 -D_BSD_SOURCE -D__BSD_SOURCE
> >> -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H  -I/usr/local/include 
> >> -L/usr/local/lib conftest.c -lpcap  -lnet -lpthread -lyaml -lpcre
> >>> &5 /usr/local/lib/libpcap.so: undefined reference to
> >> `pfring_get_ring_id' /usr/local/lib/libpcap.so: undefined reference
> >> to `pfring_breakloop' /usr/local/lib/libpcap.so: undefined
> >> reference to `pfring_enable_ring' /usr/local/lib/libpcap.so:
> >> undefined reference to `pfring_send' <snip>
> >>
> >> I can see there is clearly an interaction between the PF_RING
> >> modified libpcap and this process.
> >>
> >> If I install libpcap-dev (i.e. the distro supplied one) then
> >> everything builds okay.
> >>
> >>
> >> _______________________________________________ Oisf-users mailing
> >> list Oisf-users at openinfosecfoundation.org 
> >> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >>
> > 
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > 
> 
> 

-- 
Eric Leblond 
Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120704/9f738f47/attachment.sig>


More information about the Oisf-users mailing list