[Oisf-users] Error compiling suricata 1.3.2 against pf_ring 5.4.6

Peter Manev petermanev at gmail.com
Mon Oct 29 21:09:52 UTC 2012 

Hi Carlo,

I just followed the guide here for the pfring installation:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204

and i was able to build Suricata with pfring without any trouble on CenOS.
-

[user at localhost oisf]$ LD_LIBRARY_PATH=/usr/local/pfring/lib suricata
--build-info
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:540) <Info> (SCPrintBuildInfo)
-- This is Suricata version 1.4dev (rev bca1b7c)
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:613) <Info> (SCPrintBuildInfo)
-- Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING AF_PACKET
HAVE_PACKET_FANOUT LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK
HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:627) <Info> (SCPrintBuildInfo)
-- 64-bits, Little-endian architecture
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:629) <Info> (SCPrintBuildInfo)
-- GCC version 4.4.6 20120305 (Red Hat 4.4.6-4), C version 199901
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:635) <Info> (SCPrintBuildInfo)
-- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:638) <Info> (SCPrintBuildInfo)
-- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:641) <Info> (SCPrintBuildInfo)
-- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:644) <Info> (SCPrintBuildInfo)
-- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
[28175] 29/10/2012 -- 18:59:54 - (suricata.c:647) <Info> (SCPrintBuildInfo)
-- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16

[user at localhost oisf]$ cat /proc/net/pf_ring/info
PF_RING Version     : 5.4.6 ($Revision: exported$)
Ring slots          : 4096
Slot version        : 14
Capture TX          : Yes [RX+TX]
IP Defragment       : No
Socket Mode         : Standard
Transparent mode    : Yes (mode 0)
Total rings         : 0
Total plugins       : 0
[user at localhost oisf]$

[user at localhost oisf]$ uname -a
Linux localhost.localdomain 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24
01:07:11 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[user at localhost oisf]$

[user at localhost oisf]$ cat /etc/redhat-release
CentOS release 6.3 (Final)


My configure/compile line was:

sudo git clone git://phalanx.openinfosecfoundation.org/oisf.git
 cd oisf/
 sudo ./autogen.sh
 ./configure --enable-pfring
--with-libpfring-includes=/usr/local/pfring/include
--with-libpfring-libraries=/usr/local/pfring/lib
--with-libpcap-includes=/usr/local/pfring/include
--with-libpcap-libraries=/usr/local/pfring/lib
make clean
make
sudo make install
sudo ldconfig

or if you like an all-in-one line, just execute:

sudo git clone git://phalanx.openinfosecfoundation.org/oisf.git && cd oisf/
&& sudo ./autogen.sh &&  ./configure --enable-pfring
--with-libpfring-includes=/usr/local/pfring/include
--with-libpfring-libraries=/usr/local/pfring/lib
--with-libpcap-includes=/usr/local/pfring/include
--with-libpcap-libraries=/usr/local/pfring/lib   &&  make clean &&  make &&
sudo make install && sudo ldconfig

Thanks


On Mon, Oct 29, 2012 at 9:21 AM, Peter Manev <petermanev at gmail.com> wrote:

> ooops sorry Carlo,
>
> I will try to reproduce the issue on a virtual test CentOS here ... see if
> i hit the same problem....
>
>
> On Mon, Oct 29, 2012 at 2:17 PM, C. L. Martinez <carlopmart at gmail.com>wrote:
>
>> I can't do this Peter ... I haven't suricata binary yet ...
>>
>>
>> On Mon, Oct 29, 2012 at 12:34 PM, Peter Manev <petermanev at gmail.com>
>> wrote:
>> > Hi,
>> >
>> > What would be the outcome of the following :
>> >
>> > sudo LD_LIBRARY_PATH=/usr/local/pfring/lib suricata --pfring-int=eth3
>> > --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow -c
>> > /etc/suricata/suricata.yaml -D
>> >
>> > for example?
>> >
>> > thank you
>> >
>> >
>> > On Mon, Oct 29, 2012 at 1:08 PM, C. L. Martinez <carlopmart at gmail.com>
>> > wrote:
>> >>
>> >> I have modified location for pf_ring and libpcap libs. My commands:
>> >>
>> >> git clone git://phalanx.openinfosecfoundation.org/oisf.gitsuricata-git
>> >> cd suricata-git
>> >> sh autogen.sh
>> >> ./configure --prefix=/opt/suricata --enable-pfring --enable-af-packet
>> >> --enable-profiling --with-libpfring-includes=/opt/pf_ring/include
>> >> --with-libpfring-libraries=/opt/pf_ring/lib
>> >> --with-libpcap-includes=/opt/libpcap/include
>> >> --with-libpcap-libraries=/opt/libpcap/lib
>> >>
>> >> I use same compile options for 1.3.2 version ... And, yes I see the
>> >> guide in suricata's redmine, but my host is a CentOS 6.3 64bits ..
>> >>
>> >> On Mon, Oct 29, 2012 at 12:03 PM, Peter Manev <petermanev at gmail.com>
>> >> wrote:
>> >> > Hi ,
>> >> >
>> >> > What is our exact start command?
>> >> > I am not sure if you have seen this guide -
>> >> >
>> >> >
>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204
>> >> >
>> >> >
>> >> > thank you
>> >> >
>> >> >
>> >> > On Mon, Oct 29, 2012 at 12:57 PM, C. L. Martinez <
>> carlopmart at gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> Uhmm, strange. I have changed where pfring, libpcap libs and
>> includes
>> >> >> are located and error is:
>> >> >>
>> >> >> configure:17890: gcc -o conftest -g -O2 -Wextra -Wall
>> >> >> -fno-strict-aliasing -fno-tree-pre -Wno-unused-parameter -std=gnu99
>> >> >> -march=native -DPROFILING -DHAVE_LIBNET11 -D_BSD_SOURCE
>> >> >> -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H
>> >> >> -DHAVE_LIBNET_ICMPV6_UNREACH -DHAVE_PFRING  -I/opt/pf_ring/include
>> >> >> -L/opt/pf_ring/lib conftest.c -lpfring -lpcap -lnet -lpthr
>> >> >> ead -lyaml -lpcre  >&5
>> >> >> /usr/bin/ld: cannot find -lpcap
>> >> >>
>> >> >> Why?? I have setup LD_LIBRARY_PATH variable in this environment to
>> >> >> point to libpcap and pfring libs, and my ldconfig output is:
>> >> >>
>> >> >> /opt/libpcap/lib:
>> >> >>         libpcap.so.1 -> libpcap.so.1.1.1
>> >> >> /usr/lib64/mysql:
>> >> >>         libmysqlclient.so.16 -> libmysqlclient.so.16.0.0
>> >> >>         libmysqlclient_r.so.16 -> libmysqlclient_r.so.16.0.0
>> >> >> /opt/pf_ring/lib:
>> >> >>         libpfring.so -> libpfring.so
>> >> >>
>> >> >> ....
>> >> >>
>> >> >> At this time, it is the same error for release 1.3.2 and from git
>> >> >> version
>> >> >> ...
>> >> >>
>> >> >>
>> >> >> On Sat, Oct 27, 2012 at 7:27 AM, Victor Julien <lists at inliniac.net>
>> >> >> wrote:
>> >> >> > On 10/26/2012 10:13 PM, Martin Holste wrote:
>> >> >> >> --with-libpcre-includes=/usr/local/pcre-8.20-RC1/include
>> >> >> >> --with-libpcre-libraries=/usr/local/pcre-8.20-RC1/lib
>> >> >> >
>> >> >> > pcre is at 8.31 already, time to upgrade :)
>> >> >> >
>> >> >> > --
>> >> >> > ---------------------------------------------
>> >> >> > Victor Julien
>> >> >> > http://www.inliniac.net/
>> >> >> > PGP: http://www.inliniac.net/victorjulien.asc
>> >> >> > ---------------------------------------------
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > Oisf-users mailing list
>> >> >> > Oisf-users at openinfosecfoundation.org
>> >> >> >
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >> >> _______________________________________________
>> >> >> Oisf-users mailing list
>> >> >> Oisf-users at openinfosecfoundation.org
>> >> >> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Regards,
>> >> > Peter Manev
>> >> >
>> >> _______________________________________________
>> >> Oisf-users mailing list
>> >> Oisf-users at openinfosecfoundation.org
>> >> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Peter Manev
>> >
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
>
> --
> Regards,
> Peter Manev
>
>


-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20121029/cac698b4/attachment-0002.html>

More information about the Oisf-users mailing list