[Oisf-users] Building Suricata 2.0.6 with PF_Ring 6.0.2 on Ubuntu

Andy Schworer schworer at gmail.com
Sun Feb 22 19:04:07 UTC 2015 

Thanks for the quick responses.  Removing --with-libpcap-includes and
--with-libpcap-libraries didn't change the results.

below is my PF ring install script.

#
http://sourceforge.net/projects/ntop/files/PF_RING/PF_RING-6.0.2.tar.gz/download
tar -xvf PF_RING-6.0.2.tar.gz
cd PF_RING-6.0.2/
cd kernel; make;
sudo su
make install; modprobe pf_ring;
cd ../userland/lib
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../libpcap-1.1.1-ring
./configure --prefix=/usr/local/pfring && make && sudo make install
echo "/usr/local/pfring/lib" >> /etc/ld.so.conf
cd ../tcpdump-4.1.1
./configure --prefix=/usr/local/pfring && make && sudo make install
# Add PF_RING to the ldconfig include list
echo "PATH=$PATH:/usr/local/pfring/bin:/usr/local/pfring/sbin" >>
/etc/bash.bashrc
cat /proc/net/pf_ring/info




On Sun, Feb 22, 2015 at 4:16 AM, Peter Manev <petermanev at gmail.com> wrote:

> On Sun, Feb 22, 2015 at 12:58 PM, Michał Purzyński
> <michalpurzynski1 at gmail.com> wrote:
> > Both the --with-libpcap-includes and --with-libpcap-libraries are not
> > necessary at all. Suricata will use pfring_open() directly, without
> > going through libpcap.
> >
>
> Correct - I have updated the docs for PF_RING on the wiki  -
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Installation
>
> Andy please make sure you have installed the pf_ring correctly though.
>
> thanks
>
> > On Sun, Feb 22, 2015 at 10:39 AM, Peter Manev <petermanev at gmail.com>
> wrote:
> >> On Sun, Feb 22, 2015 at 6:02 AM, Andy Schworer <schworer at gmail.com>
> wrote:
> >>> I'm having trouble getting the ./configure script to complete for
> Suricata
> >>> 2.0.6 with the following options.  With pf_ring 6.0.2 "vanilla" built
> and
> >>> installed.
> >>>
> >>> uname -a Linux hosta 3.13.0-45-generic #74~precise1-Ubuntu SMP Thu Jan
> 15
> >>> 20:21:55 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
> >>>
> >>> ./configure --prefix=/usr/local --sysconfdir=/usr/local/etc/suricata/
> >>> --localstatedir=/usr/local/var/
> >>> --with-libpfring-libraries=/usr/local/pfring/lib
> >>> --with-libpfring-includes=/usr/local/pfring/include
> >>> --with-libpcap-includes=/usr/local/pfring/include
> >>> --with-libpcap-libraries=/usr/local/pfring/lib --enable-pfring
> >>> --enable-geoip --disable-profiling
> >>>
> >>> I get the following error:
> >>> ...
> >>>
> >>> checking pcap/pcap.h presence... yes
> >>>
> >>> checking for pcap/pcap.h... yes
> >>>
> >>> checking pcap/bpf.h usability... yes
> >>>
> >>> checking pcap/bpf.h presence... yes
> >>>
> >>> checking for pcap/bpf.h... yes
> >>>
> >>> checking for pcap_open_live in -lpcap... no
> >>>
> >>>
> >>>    ERROR!  libpcap library not found, go get it
> >>>
> >>>    from http://www.tcpdump.org or your distribution:
> >>>
> >>>
> >>>    Ubuntu: apt-get install libpcap-dev
> >>>
> >>>    Fedora: yum install libpcap-devel
> >>>
> >>>
> >>>
> >>> The following shows that libpcap library and pcap.h are installed in
> the
> >>> right paths being supplied to the configure script.I
> >>>
> >>> ls -l /usr/local/pfring/include/
> >>>
> >>> total 116
> >>>
> >>> drwxr-xr-x 2 root root  4096 Feb 21 19:51 pcap
> >>>
> >>> -rw-r--r-- 1 root root  2393 Feb 21 19:51 pcap-bpf.h
> >>>
> >>> -rw-r--r-- 1 root root  2320 Feb 21 19:51 pcap.h
> >>>
> >>> -rw-r--r-- 1 root root  2125 Feb 21 19:51 pcap-namedb.h
> >>>
> >>> -rw-r--r-- 1 root root 57700 Feb 21 19:51 pfring.h
> >>>
> >>> -rw-r--r-- 1 root root 12321 Feb 21 19:51 pfring_mod_sysdig.h
> >>>
> >>> -rw-r--r-- 1 root root 20974 Feb 21 19:51 pfring_zc.h
> >>>
> >>>
> >>> ls -l /usr/local/pfring/lib/
> >>>
> >>> total 1928
> >>>
> >>> -rw-r--r-- 1 root root 412264 Feb 21 19:51 libpcap.a
> >>>
> >>> lrwxrwxrwx 1 root root     12 Feb 21 19:51 libpcap.so -> libpcap.so.1
> >>>
> >>> lrwxrwxrwx 1 root root     16 Feb 21 19:51 libpcap.so.1 ->
> libpcap.so.1.1.1
> >>>
> >>> -rwxr-xr-x 1 root root 609569 Feb 21 19:51 libpcap.so.1.1.1
> >>>
> >>> -rw-r--r-- 1 root root 537384 Feb 21 19:51 libpfring.a
> >>>
> >>> -rwxr-xr-x 1 root root 407811 Feb 21 19:51 libpfring.so
> >>>
> >>>
> >>> Has anyone else had this issue?
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >>> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> >>> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >>> Training now available: http://suricata-ids.org/training/
> >>
> >>
> >> How did you compile/install pf-ring?
> >>
> >> Did you follow the instructions here -
> >>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1204#Pre-installation-requirements
> >>
> >>
> >>
> >> Thanks
> >>
> >>
> >> --
> >> Regards,
> >> Peter Manev
> >> _______________________________________________
> >> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> >> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> Training now available: http://suricata-ids.org/training/
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150222/4e80fafa/attachment-0002.html>

More information about the Oisf-users mailing list