[Snort-users] Re: Snort failed to install using Phil Woods' shared memory ring buffer libpcap
This is a discussion on [Snort-users] Re: Snort failed to install using Phil Woods' shared memory ring buffer libpcap within the Snort forums, part of the System Security and Security Related category; On Wed, Dec 29, 2004 at 02:22:29PM +0800, Steve Smith wrote: > > I posted the following message ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-29-2004
|
|||
|
|||
[Snort-users] Re: Snort failed to install using Phil Woods' shared memory ring buffer libpcap
On Wed, Dec 29, 2004 at 02:22:29PM +0800, Steve Smith wrote:
> > I posted the following message to the Snort user list and got no response. As such, I would appreciate if you could point me in the right direction so that I could continue. > > > I am installing Snort 2.20 using the MMaped libpcap from Phil Woods web-site: http://public.lanl.gov/cpw/. > The latest version of the MMAPed libpcap is: libpcap-1.0.20041001 > > The Snort installation went well without any problem under Fedora Core 1. > > However, the same installation under Fedora core 2, I got the following error messages: > > /usr/local/lib/libpcap.a(pcap-ring.o)(.text+0x4d4): In function `pcap_ring_recv': > /usr/local/src/libpcap/pcap-ring.c:392: undefined reference to `mb' This is usually a sign that your /usr/include hierarchy does not have the same common headers as used in the kernel you are running. I normally use Debian. However, I have a redhat system: $ uname -r 2.6.9-1.715_FC3smp $ Unfortunately, the trick I use on Debian systems does not work on RedHat systems. (The trick is discussed under build issues on my web page). Redhat has inserted some code in its compiler to check that the user does not use any of the headers supplied under the /lib/modules hierarchy. Fortunately for me the redhat release indicated above, the gcc version: gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3) and possibly the /usr/include hierarchy (although the definition for mb cannot be found in it [at least by me]), resolve the mb() macro call in the pcap-ring.c file. The definition is in the /lib/modules hierachy. I guess if you just make sure you have: /lib/modules/`uname -r`/source/include/asm/system.h the libpcap make should work out. > collect2: ld returned 1 exit status > > The Fedora core 2 kernel version is: Linux 2.6.9-1.6 > > Any ideas or suggestions? $ grep "define mb" /lib/modules/`uname -r`/source/include/asm/system.h Once that works and return this line: #define mb() alternative("lock; addl $0,0(%%esp)", "mfence", X86_FEATURE_XMM2) you should be good to go. > Thanks. > > > SS -- Phil Wood (cpw_at-sign_lanl.gov) ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
