[Oisf-users] Suricata compilation issues with pf_ring

Shirkdog shirkdog at gmail.com
Wed Sep 23 01:50:19 UTC 2015 

Make sure you build the libpcap that comes with the pf_ring source code and
link to that when building suricata.
On Sep 22, 2015 9:48 PM, "Spransy, Derek" <dsprans at emory.edu> wrote:

> Thanks Jason. Would you also mind sharing the configure statement you
> used? I updated all of the pf_ring modules to the latest nightly build.
> Configure now gets past the pf_ring linking stage (maybe a previous pf_ring
> install issue?) without the LIBS variable being defined, but it's still
> failing with libcap-ng-devel and nspr-devel.
>
> checking for capng_clear in -lcap-ng... no
>
>    WARNING!  libcap-ng library not found, go get it
>    from http://people.redhat.com/sgrubb/libcap-ng/
>    or your distribution:
>
>    Ubuntu: apt-get install libcap-ng-dev
>    Fedora: yum install libcap-ng-devel
>
>    Suricata will be built without support for dropping privs.
>
> checking for libnspr... yes
> checking nspr.h usability... yes
> checking nspr.h presence... yes
> checking for nspr.h... yes
> checking for PR_GetCurrentThread in -lnspr4... no
>
>    ERROR!  libnspr library not found, go get it
>    from Mozilla or your distribution:
>
>    Ubuntu: apt-get install libnspr4-dev
>    Fedora: yum install nspr-devel
>
> However, interestingly, if I compile suricate 2.1beta4 it compiles without
> issue. Does anyone know if something changed in the linking for these two
> modules between 2.0.8 and 2.1beta?
>
> ________________________________________
> From: Spransy, Derek
> Sent: Tuesday, September 22, 2015 9:22 AM
> To: Jason Ish
> Cc: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Suricata compilation issues with pf_ring
>
> Hi Jason,
>
> Can you share which pf_ring packages you've used? I've also installed
> pf_ring via packages rather than compiling. Here's what I currently have
> installed:
>
> pfring-6.1.1-58.x86_64
> pfring-drivers-zc-dkms-1.2-0.noarch
> pfring-dkms-6.1.1-156.noarch
> e1000e-zc-3.0.4.1.162-1dkms.noarch.rpm
> i40e-zc-1.1.23.162-1dkms.noarch.rpm
> pfring-drivers-zc-dkms-1.2-0.noarch.rpm
> igb-zc-5.2.5.162-1dkms.noarch.rpm
> ixgbe-zc-3.22.3.156-1dkms.noarch.rpm
>
> Thanks
>
> ________________________________________
> From: lists at ish.cx <lists at ish.cx> on behalf of Jason Ish <lists at unx.ca>
> Sent: Monday, September 21, 2015 5:15 PM
> To: Spransy, Derek
> Cc: oisf-users at lists.openinfosecfoundation.org
> Subject: Re: [Oisf-users] Suricata compilation issues with pf_ring
>
> On Mon, Sep 21, 2015 at 12:53 PM, Spransy, Derek <dsprans at emory.edu>
> wrote:
> > Hello all,
> >
> > My apologies if this has been asked and answered previously, but I'm new
> to the list. I'm attempting to compile Suricata 2.0.8 on RHEL 7 with
> pf_ring (zero-copy) support. I encountered some problems while running
> configure during the linking of the pf_ring libraries. I found another
> listserv post that suggested setting LIBS="-lrt -lnuma" prior to running
> configure. This does indeed get me past the problems linking pf_ring, but
> later on I believe it causes issues with linking libpcap and file. The
> necessary packages are installed, and if I compile Suricata without pf_ring
> support, everything configures and compiles as expected.
> >
> > Here's a link to the output that I get when I compile with the LIBS
> variable defined, and without:
> >
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fpastebin.com%2f8TfCAJQ3&data=01%7c01%7cdsprans%40emory.edu%7cac5588eb7ee8415de6bf08d2c2c9bdc1%7ce004fb9cb0a4424fbcd0322606d5df38%7c1&sdata=6bpl2CgNcGTShjQont1TDbus3VZ0YzXwzCjMnww8utk%3d
> >
> > And here's a snipped of the errors in config.log when run configure with
> and without the LIBS variable defined:
> >
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fpastebin.com%2fSFz0GR26&data=01%7c01%7cdsprans%40emory.edu%7cac5588eb7ee8415de6bf08d2c2c9bdc1%7ce004fb9cb0a4424fbcd0322606d5df38%7c1&sdata=hB4fdb%2fWMZNI0%2fCHkYoYbUx7mA29v%2flI8LmdABlJNn0%3d
> >
> > If anyone has seen this previously, can you suggest a workaround? Any
> help would be appreciated!
>
> I wonder if this has more to do with how PF_RING was built?  I just
> used the PF_RING packages for CentOS 7 and build Suricata just fine,
> then I built it PF_RING with the latest git checkout and it built just
> fine again - I also checked to make sure it was linking against the
> pfring enabled libpcap.
>
> Sorry I don't have a better answer for you at this time.
>
> ________________________________
>
> This e-mail message (including any attachments) is for the sole use of
> the intended recipient(s) and may contain confidential and privileged
> information. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution
> or copying of this message (including any attachments) is strictly
> prohibited.
>
> If you have received this message in error, please contact
> the sender by reply e-mail message and destroy all copies of the
> original message (including attachments).
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150922/f13c0a31/attachment-0002.html>

More information about the Oisf-users mailing list