Re: Snort with PF_RING - Compile question

[Balasubramaniam Natarajan <bala150985 () gmail com>]

You could be having a problem with libdumbnet or the former libdnet.

On Tue, Apr 12, 2016 at 2:26 AM, Chris Chiaverini <cchiaverini () bnl gov>
wrote:

> Hello,
>
> Has anyone compiled Snort w/ pfring on RHEL 7.x?  I am attempting on 7.2
> and hitting an issue with libpcap linking.
>
> I used the NTOP PF_RING RPM with snort source and it appears to be a basic
> linking problem but I have specified them within the configure options:
>
> [root@squealer snort-2.9.8.2]# rpm -ql
> pfring
>
> /etc/init.d/cluster
> /etc/init.d/pf_ring
> /etc/init/pf_ring.conf
> /etc/ld.so.conf.d/pf_ring.conf
> /lib64/libanic.so
> /lib64/libntapi.so
> /lib64/libntos.so
> /lib64/libsnf.so
> /usr/local/bin/pfcount
> /usr/local/bin/pfdnabounce
> /usr/local/bin/pfdnacluster_master
> /usr/local/bin/pfsend
> /usr/local/bin/zbalance_ipc
> /usr/local/bin/zcount
> /usr/local/bin/zcount_ipc
> /usr/local/bin/zsend
> /usr/local/include/linux/pf_ring.h
> /usr/local/include/pfring.h
> /usr/local/include/pfring_zc.h
> /usr/local/lib/daq/daq_pfring.la
> /usr/local/lib/daq/daq_pfring.so
> /usr/local/lib/daq/daq_pfring_zc.la
> /usr/local/lib/daq/daq_pfring_zc.so
> */usr/local/lib/libpcap.a*
> */usr/local/lib/libpcap.so.1.6.2*
> /usr/local/lib/libpfring.a
> /usr/local/lib/libpfring.so
> /usr/local/lib/libsfbpf.so.0
> /usr/local/lib/libsfbpf.so.0.0.1
> /usr/local/pfring/README-DAQ.1st
> /usr/local/pfring/README.FIRST
> [root@squealer snort-2.9.8.2]# ll /usr/local/lib/libpcap.*
> *-rw-r--r--. 1 root root  479112 Apr  9 09:26 /usr/local/lib/libpcap.a*
> *lrwxrwxrwx. 1 root root      16 Apr  4 14:25 /usr/local/lib/libpcap.so.1
> -> libpcap.so.1.6.2*
> *-rwxr-xr-x. 1 root root 1377998 Apr  9 09:26
> /usr/local/lib/libpcap.so.1.6.2*
> [root@squealer snort-2.9.8.2]#
>
>
> [root@squealer snort-2.9.8.2]# cat ../configure_snort.sh
> #!/bin/sh
>
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/dell/srvadmin/bin:/opt/dell/srvadmin/sbin:/root/bin:/opt/daq/bin
> LD_LIBRARY_PATH=/opt/daq/lib:*/usr/local/lib*
> :/lib64:/lib:/usr/lib64:/usr/lib:/usr/local/lib/daq
> export PATH LD_LIBRARY_PATH
>
> ./configure --prefix=/opt/snort-2.9.8.2
> --with-dnet-includes=/usr/local/include
> --with-dnet-libraries=/usr/local/lib *--with-libpcap-includes=/usr/local/lib/
> **--with-libpcap-libraries=/usr/local/lib *--with-libpfring-includes=/usr/local/include/daq
> --with-libpfring-libraries=/usr/local/lib/daq
> --with-daq-libraries=/usr/local/lib --with-daq-includes=/usr/local/include \
> --enable-sourcefire \
> --enable-zlib \
> --enable-perfprofiling \
> --enable-gre \
> --enable-mpls \
> --enable-targetbased \
> --enable-ppm \
> --enable-perfprofiling \
> --enable-active-response \
> --enable-normalizer \
> --enable-reload \
> --enable-react \
> --enable-flexresp3 \
> --enable-linux-smp-stats \
> --enable-large-pcap \
> --enable-targetbased \
> --enable-sourcefire
> [root@squealer snort-2.9.8.2]#
>
>
> [root@squealer snort-2.9.8.2]# sh ../configure_snort.sh
> configure: WARNING: unrecognized options: --enable-zlib
> checking for a BSD-compatible install... /usr/bin/install -c
> checking whether build environment is sane... yes
> checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
> checking for gawk... gawk
> checking whether make sets $(MAKE)... yes
>
> <OMMITTED>
>
> checking for INADDR_NONE... yes
> checking for __FUNCTION__... yes
> checking for pcap_datalink in -lpcap... no
> checking pfring.h usability... yes
> checking pfring.h presence... yes
> checking for pfring.h... yes
> checking for pfring_open in -lpfring... no
> *checking for pfring_open in -lpcap... no*
>
> *   ERROR!  Libpcap library/headers (libpcap.a (or .so)/pcap.h)*
> *   not found, go get it from http://www.tcpdump.org
> <http://www.tcpdump.org>*
> *   or use the --with-libpcap-* options, if you have it installed*
> *   in unusual place.  Also check if your libpcap depends on another*
> *   shared library that may be installed in an unusual place*
> [root@squealer snort-2.9.8.2]#
>
>
>
> --
>
>
> Regards,
>
> Chris Chiaverini
>
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!



-- 
Regards,
Balasubramaniam Natarajan
http://blog.etutorshop.com
https://www.youracclaim.com/user/balasubramaniam-natarajan

------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!