[Oisf-users] Suricata and PF_RING ZC - won't compile

Mark Stingley mark.stingley at gmail.com
Fri Jan 15 16:28:00 UTC 2016 

I just tried this on the latest git of pf_ring and Suricata 2.0.11,
but had the same problem with Suricata 2.0.8 and pf_ring 6.0.3.  Error
output and configuration data below.

Has anyone gotten Suricata to compile and work with pf_ring ZC?

Please advise.

Thanks.

---------------------------------

gcc -DHAVE_CONFIG_H -I. -I..   -I./../libhtp/
-I/usr/local/pfring/include -I/usr/include/nspr  -I/usr/include/nss
-I/usr/include/nspr  -I/usr/include/luajit-2.0
-DLOCAL_STATE_DIR=\"/var\" -g -O2 -Wextra
-Werror-implicit-function-declaration -fno-tree-pre -Wall
-Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H
-DHAVE_LIBNET_ICMPV6_UNREACH -DHAVE_PFRING  -I/usr/local/include
-DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT
runmode-erf-dag.o -MD -MP -MF .deps/runmode-erf-dag.Tpo -c -o
runmode-erf-dag.o runmode-erf-dag.c
In file included from source-pfring.h:31:0,
                 from runmode-erf-dag.c:25:
/usr/local/pfring/include/pfring.h:90:0: warning: "likely" redefined
 #define likely(x)       __builtin_expect((x),1)
 ^
In file included from flow.h:31:0,
                 from detect.h:29,
                 from detect-engine-alert.h:29,
                 from suricata-common.h:321,
                 from runmode-erf-dag.c:18:
util-optimize.h:32:0: note: this is the location of the previous definition
 #define likely(expr) __builtin_expect(!!(expr), 1)
 ^
In file included from source-pfring.h:31:0,
                 from runmode-erf-dag.c:25:
/usr/local/pfring/include/pfring.h:91:0: warning: "unlikely" redefined
 #define unlikely(x)     __builtin_expect((x),0)
 ^
In file included from flow.h:31:0,
                 from detect.h:29,
                 from detect-engine-alert.h:29,
                 from suricata-common.h:321,
                 from runmode-erf-dag.c:18:
util-optimize.h:35:0: note: this is the location of the previous definition
 #define unlikely(expr) __builtin_expect(!!(expr), 0)
 ^
In file included from source-pfring.h:31:0,
                 from runmode-erf-dag.c:25:
/usr/local/pfring/include/pfring.h:184:5: error: unknown type name ‘dna_device’
     dna_device dna_dev;
     ^
/usr/local/pfring/include/pfring.h:185:5: error: unknown type name ‘dna_indexes’
     dna_indexes *indexes_ptr;
     ^
/usr/local/pfring/include/pfring.h:188:5: error: unknown type name
‘dna_device_operation’
     dna_device_operation last_dna_operation;
     ^
Makefile:1379: recipe for target 'runmode-erf-dag.o' failed
make[3]: *** [runmode-erf-dag.o] Error 1
make[3]: Leaving directory '/usr/local/src/suricata-2.0.11/src'
Makefile:925: recipe for target 'all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory '/usr/local/src/suricata-2.0.11/src'
Makefile:446: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/usr/local/src/suricata-2.0.11'
Makefile:375: recipe for target 'all' failed
make: *** [all] Error 2


CONFIGURE OUTPUT---------------------------------------
suricata-2.0.11# LIBS="-lrt -lnuma" ./configure --prefix=/usr
--sysconfdir=/etc --localstatedir=/var --enable-luajit --enable-pfring
--with-libpfring-includes=/usr/local/pfring/include
--with-libpfring-libraries=/usr/local/pfring/lib

Suricata Configuration:
  AF_PACKET support:                       yes
  PF_RING support:                         yes
  NFQueue support:                         no
  NFLOG support:                           no
  IPFW support:                            no
  DAG enabled:                             no
  Napatech enabled:                        no
  Unix socket enabled:                     yes
  Detection enabled:                       yes

  libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      yes
  Prelude support:                         no
  PCRE jit:                                yes
  LUA support:                             yes
  libluajit:                               yes
  libgeoip:                                no
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
  CUDA enabled:                            no

  Suricatasc install:                      yes

  Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no
  Profiling enabled:                       no
  Profiling locks enabled:                 no
  Coccinelle / spatch:                     yes

Generic build parameters:
  Installation prefix (--prefix):          /usr
  Configuration directory (--sysconfdir):  /etc/suricata/
  Log directory (--localstatedir) :        /var/log/suricata/

  Host:                                    x86_64-unknown-linux-gnu
  GCC binary:                              gcc
  GCC Protect enabled:                     no
  GCC march native enabled:                yes
  GCC Profile enabled:                     no

gcc -DHAVE_CONFIG_H -I. -I..   -I./../libhtp/
-I/usr/local/pfring/include -I/usr/include/nspr  -I/usr/include/nss
-I/usr/include/nspr  -I/usr/include/luajit-2.0
-DLOCAL_STATE_DIR=\"/var\" -g -O2 -Wextra
-Werror-implicit-function-declaration -fno-tree-pre -Wall
-Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11
-D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H
-DHAVE_LIBNET_ICMPV6_UNREACH -DHAVE_PFRING  -I/usr/local/include
-DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT
runmode-erf-dag.o -MD -MP -MF .deps/runmode-erf-dag.Tpo -c -o
runmode-erf-dag.o runmode-erf-dag.c
In file included from source-pfring.h:31:0,
                 from runmode-erf-dag.c:25:
/usr/local/pfring/include/pfring.h:90:0: warning: "likely" redefined
 #define likely(x)       __builtin_expect((x),1)
 ^
In file included from flow.h:31:0,
                 from detect.h:29,
                 from detect-engine-alert.h:29,
                 from suricata-common.h:321,
                 from runmode-erf-dag.c:18:
util-optimize.h:32:0: note: this is the location of the previous definition
 #define likely(expr) __builtin_expect(!!(expr), 1)
 ^
In file included from source-pfring.h:31:0,
                 from runmode-erf-dag.c:25:
/usr/local/pfring/include/pfring.h:91:0: warning: "unlikely" redefined
 #define unlikely(x)     __builtin_expect((x),0)
 ^
In file included from flow.h:31:0,
                 from detect.h:29,
                 from detect-engine-alert.h:29,
                 from suricata-common.h:321,
                 from runmode-erf-dag.c:18:
util-optimize.h:35:0: note: this is the location of the previous definition
 #define unlikely(expr) __builtin_expect(!!(expr), 0)
 ^
In file included from source-pfring.h:31:0,
                 from runmode-erf-dag.c:25:
/usr/local/pfring/include/pfring.h:184:5: error: unknown type name ‘dna_device’
     dna_device dna_dev;
     ^
/usr/local/pfring/include/pfring.h:185:5: error: unknown type name ‘dna_indexes’
     dna_indexes *indexes_ptr;
     ^
/usr/local/pfring/include/pfring.h:188:5: error: unknown type name
‘dna_device_operation’
     dna_device_operation last_dna_operation;
     ^
Makefile:1379: recipe for target 'runmode-erf-dag.o' failed
make[3]: *** [runmode-erf-dag.o] Error 1
make[3]: Leaving directory '/usr/local/src/suricata-2.0.11/src'
Makefile:925: recipe for target 'all' failed
make[2]: *** [all] Error 2
make[2]: Leaving directory '/usr/local/src/suricata-2.0.11/src'
Makefile:446: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/usr/local/src/suricata-2.0.11'
Makefile:375: recipe for target 'all' failed
make: *** [all] Error 2

More information about the Oisf-users mailing list