Peter,
I had a dickens of a time getting that one right but with some help
along the away I arrived at this method that works, at least on CentOS 5
platforms.
The process assumes you have checked out PF_RING to /opt/PF_RING. It
also assumes you are not doing any "make install" stuff of the "lib" or
"libpcap-1.0.0-ring" parts of the PF_RING package. This means we aren't
interfering with other apps that use libpcap but don't need PF_RING.
If anyone has any improvements to offer on this method, I'm all ears.
I use a similar method to successfully build daemonlogger and argus
against PF_RING and am happy to share details upon request.
Maybe we could put a Wiki page somewhere on how to build popular apps
against PF_RING?
Building snort against PF_RING
cd /opt/PF_RING/userland
wget http://dl.snort.org/snort-current/snort-2.8.5.2.tar.gz
tar zxvf snort-2.8.5.2.tar.gz
cd snort-2.8.5.2
LD_LIBRARY_PATH=/opt/PF_RING/userland/libpcap-1.0.0-ring:/root/packages/PF_RING/userland/lib
LD_RUN_PATH=/opt/PF_RING/userland/libpcap-1.0.0-ring:/opt/PF_RING/userland/lib
export LD_LIBRARY_PATH
export LD_RUN_PATH
./configure
--with-libpcap-includes=/opt/PF_RING/userland/libpcap-1.0.0-ring/ \
--with-libpcap-libraries=/opt/PF_RING/userland/libpcap-1.0.0-ring/ \
--with-libpfring-includes=/opt/PF_RING/userland/lib \
--with-libpfring-libraries=/opt/PF_RING/userland/lib \
LDFLAGS="-L/opt/PF_RING/userland/lib
-L/opt/PF_RING/userland/libpcap-1.0.0-ring -lpfring -lpcap"
make
make install
On 2/12/2010 9:27 AM, Peter Bates wrote:
Hello again all...
Replying to my own message in this case.
I do realize this is technically a Snort problem as I have a happy
copy of tcpdump and pfcount and have also compiled another application
(ipaudit) against pfring and the modified libpcap.
I have updated from svn and am trying again, mostly following the
instructions from ntop.org and PF_RING/userland/README.snort.
I follow those instructions:
Prerequisites
# cd PF_RING/kernel
# make
# sudo make install
I can see:
Feb 12 10:46:07 netman3 kernel: [176840.220281] [PF_RING] Welcome to
PF_RING 4.1.2 ($Revision: 4132$)
and I have /proc/net/pf_ring.
Snort
# download snort source (e.g. into ~/Downloads/snort-2.8.5.1.tar.gz)
# cd PF_RING/userland
# tar xvfz ~/Downloads/snort-2.8.5.1.tar.gz
# cd snort-2.8.5.1/
# ./configure --with-libpcap-includes=../libpcap-1.0.0-ring/
--with-libpcap-libr
aries=../libpcap-1.0.0-ring/ -with-libpfring-includes=../lib
--with-libpfring-li
braries=../lib LDFLAGS="-lpfring -lpcap"
# make
Snort is 2.8.5.2 so I've downloaded that version.
The configure line is missing a '-' in the libpfring-includes
- but when I fix that, I get:
checking for gcc... gcc
checking for C compiler default output file name...
configure: error: C compiler cannot create executables
See `config.log' for more details.
Which is because of:
configure:2941: checking for C compiler default output file name
configure:2968: gcc -lpfring -lpcap conftest.c >&5
/usr/bin/ld: cannot find -lpfring
collect2: ld returned 1 exit status
As I say, I realize this is more Snort failing to compile than
anything to do with
PF_RING but if anyone has done this recently I'd appreciate it you
could help
as to why I'm having problems with this - my next stop is to try on
the Snort list.
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
