[Oisf-users] Building Suricata 2.0.6 with PF_Ring 6.0.2 on Ubuntu
Michał Purzyński
michalpurzynski1 at gmail.com
Sun Feb 22 11:58:22 UTC 2015
Both the --with-libpcap-includes and --with-libpcap-libraries are not
necessary at all. Suricata will use pfring_open() directly, without
going through libpcap.
On Sun, Feb 22, 2015 at 10:39 AM, Peter Manev <petermanev at gmail.com> wrote:
> On Sun, Feb 22, 2015 at 6:02 AM, Andy Schworer <schworer at gmail.com> wrote:
>> I'm having trouble getting the ./configure script to complete for Suricata
>> 2.0.6 with the following options. With pf_ring 6.0.2 "vanilla" built and
>> installed.
>>
>> uname -a Linux hosta 3.13.0-45-generic #74~precise1-Ubuntu SMP Thu Jan 15
>> 20:21:55 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>>
>> ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc/suricata/
>> --localstatedir=/usr/local/var/
>> --with-libpfring-libraries=/usr/local/pfring/lib
>> --with-libpfring-includes=/usr/local/pfring/include
>> --with-libpcap-includes=/usr/local/pfring/include
>> --with-libpcap-libraries=/usr/local/pfring/lib --enable-pfring
>> --enable-geoip --disable-profiling
>>
>> I get the following error:
>> ...
>>
>> checking pcap/pcap.h presence... yes
>>
>> checking for pcap/pcap.h... yes
>>
>> checking pcap/bpf.h usability... yes
>>
>> checking pcap/bpf.h presence... yes
>>
>> checking for pcap/bpf.h... yes
>>
>> checking for pcap_open_live in -lpcap... no
>>
>>
>> ERROR! libpcap library not found, go get it
>>
>> from http://www.tcpdump.org or your distribution:
>>
>>
>> Ubuntu: apt-get install libpcap-dev
>>
>> Fedora: yum install libpcap-devel
>>
>>
>>
>> The following shows that libpcap library and pcap.h are installed in the
>> right paths being supplied to the configure script.I
>>
>> ls -l /usr/local/pfring/include/
>>
>> total 116
>>
>> drwxr-xr-x 2 root root 4096 Feb 21 19:51 pcap
>>
>> -rw-r--r-- 1 root root 2393 Feb 21 19:51 pcap-bpf.h
>>
>> -rw-r--r-- 1 root root 2320 Feb 21 19:51 pcap.h
>>
>> -rw-r--r-- 1 root root 2125 Feb 21 19:51 pcap-namedb.h
>>
>> -rw-r--r-- 1 root root 57700 Feb 21 19:51 pfring.h
>>
>> -rw-r--r-- 1 root root 12321 Feb 21 19:51 pfring_mod_sysdig.h
>>
>> -rw-r--r-- 1 root root 20974 Feb 21 19:51 pfring_zc.h
>>
>>
>> ls -l /usr/local/pfring/lib/
>>
>> total 1928
>>
>> -rw-r--r-- 1 root root 412264 Feb 21 19:51 libpcap.a
>>
>> lrwxrwxrwx 1 root root 12 Feb 21 19:51 libpcap.so -> libpcap.so.1
>>
>> lrwxrwxrwx 1 root root 16 Feb 21 19:51 libpcap.so.1 -> libpcap.so.1.1.1
>>
>> -rwxr-xr-x 1 root root 609569 Feb 21 19:51 libpcap.so.1.1.1
>>
>> -rw-r--r-- 1 root root 537384 Feb 21 19:51 libpfring.a
>>
>> -rwxr-xr-x 1 root root 407811 Feb 21 19:51 libpfring.so
>>
>>
>> Has anyone else had this issue?
>>
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Training now available: http://suricata-ids.org/training/
>
>
> How did you compile/install pf-ring?
>
> Did you follow the instructions here -
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204#Pre-installation-requirements
>
>
>
> Thanks
>
>
> --
> Regards,
> Peter Manev
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/
More information about the Oisf-users
mailing list