[Oisf-users] Building Suricata 2.0.6 with PF_Ring 6.0.2 on Ubuntu

Peter Manev petermanev at gmail.com
Sun Feb 22 12:16:58 UTC 2015


On Sun, Feb 22, 2015 at 12:58 PM, Michał Purzyński
<michalpurzynski1 at gmail.com> wrote:
> Both the --with-libpcap-includes and --with-libpcap-libraries are not
> necessary at all. Suricata will use pfring_open() directly, without
> going through libpcap.
>

Correct - I have updated the docs for PF_RING on the wiki  -
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation

Andy please make sure you have installed the pf_ring correctly though.

thanks

> On Sun, Feb 22, 2015 at 10:39 AM, Peter Manev <petermanev at gmail.com> wrote:
>> On Sun, Feb 22, 2015 at 6:02 AM, Andy Schworer <schworer at gmail.com> wrote:
>>> I'm having trouble getting the ./configure script to complete for Suricata
>>> 2.0.6 with the following options.  With pf_ring 6.0.2 "vanilla" built and
>>> installed.
>>>
>>> uname -a Linux hosta 3.13.0-45-generic #74~precise1-Ubuntu SMP Thu Jan 15
>>> 20:21:55 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>> ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc/suricata/
>>> --localstatedir=/usr/local/var/
>>> --with-libpfring-libraries=/usr/local/pfring/lib
>>> --with-libpfring-includes=/usr/local/pfring/include
>>> --with-libpcap-includes=/usr/local/pfring/include
>>> --with-libpcap-libraries=/usr/local/pfring/lib --enable-pfring
>>> --enable-geoip --disable-profiling
>>>
>>> I get the following error:
>>> ...
>>>
>>> checking pcap/pcap.h presence... yes
>>>
>>> checking for pcap/pcap.h... yes
>>>
>>> checking pcap/bpf.h usability... yes
>>>
>>> checking pcap/bpf.h presence... yes
>>>
>>> checking for pcap/bpf.h... yes
>>>
>>> checking for pcap_open_live in -lpcap... no
>>>
>>>
>>>    ERROR!  libpcap library not found, go get it
>>>
>>>    from http://www.tcpdump.org or your distribution:
>>>
>>>
>>>    Ubuntu: apt-get install libpcap-dev
>>>
>>>    Fedora: yum install libpcap-devel
>>>
>>>
>>>
>>> The following shows that libpcap library and pcap.h are installed in the
>>> right paths being supplied to the configure script.I
>>>
>>> ls -l /usr/local/pfring/include/
>>>
>>> total 116
>>>
>>> drwxr-xr-x 2 root root  4096 Feb 21 19:51 pcap
>>>
>>> -rw-r--r-- 1 root root  2393 Feb 21 19:51 pcap-bpf.h
>>>
>>> -rw-r--r-- 1 root root  2320 Feb 21 19:51 pcap.h
>>>
>>> -rw-r--r-- 1 root root  2125 Feb 21 19:51 pcap-namedb.h
>>>
>>> -rw-r--r-- 1 root root 57700 Feb 21 19:51 pfring.h
>>>
>>> -rw-r--r-- 1 root root 12321 Feb 21 19:51 pfring_mod_sysdig.h
>>>
>>> -rw-r--r-- 1 root root 20974 Feb 21 19:51 pfring_zc.h
>>>
>>>
>>> ls -l /usr/local/pfring/lib/
>>>
>>> total 1928
>>>
>>> -rw-r--r-- 1 root root 412264 Feb 21 19:51 libpcap.a
>>>
>>> lrwxrwxrwx 1 root root     12 Feb 21 19:51 libpcap.so -> libpcap.so.1
>>>
>>> lrwxrwxrwx 1 root root     16 Feb 21 19:51 libpcap.so.1 -> libpcap.so.1.1.1
>>>
>>> -rwxr-xr-x 1 root root 609569 Feb 21 19:51 libpcap.so.1.1.1
>>>
>>> -rw-r--r-- 1 root root 537384 Feb 21 19:51 libpfring.a
>>>
>>> -rwxr-xr-x 1 root root 407811 Feb 21 19:51 libpfring.so
>>>
>>>
>>> Has anyone else had this issue?
>>>
>>>
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> Training now available: http://suricata-ids.org/training/
>>
>>
>> How did you compile/install pf-ring?
>>
>> Did you follow the instructions here -
>> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204#Pre-installation-requirements
>>
>>
>>
>> Thanks
>>
>>
>> --
>> Regards,
>> Peter Manev
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Training now available: http://suricata-ids.org/training/



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list