Hello everyone,
after a problematic install, I thought of writing a little guide to hopefully ease your pain while compiling Suricata on CentOS8 with PF_RING.
During ./configure --enable-pfring phase I was always hit by an error
checking for pfring_open in -lpfring... yes
ERROR! --enable-pfring was passed but the library version is < 6, go get it
from http://www.ntop.org/products/pf_ring/
despite the fact I had PF_RING installed.
So, to start from the beginning, I installed PF_RING using the provided ntop guide
sudo wget https://packages.ntop.org/centos-stable/ntop.repo -O /etc/yum.repos.d/ntop.repo
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
rpm -ivh http://rpms.remirepo.net/enterprise/remi-release-8.rpm
yum install dnf-plugins-core
dnf config-manager --set-enabled powertools
dnf config-manager --set-enabled remi
yum erase zeromq3
yum clean all
yum update
yum install pfring-dkms n2disk nprobe ntopng cento
and then I have used configure command again with additional CFLAGS parameter “-D_GNU_SOURCE” and continued in compilation as normal without errors. For me, missing -D_GNU_SOURCE flag was causing errors in config.log as
unknown type name 'u_int'; did you mean 'int'
or
unknown type name 'u_char'; did you mean 'char'
./configure command and the rest of the compilation:
LIBS="-lrt" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-pfring CFLAGS="-D_GNU_SOURCE"
make
sudo make install-full
You might also need to execute these commands as well:
grep "/usr/lib" /etc/ld.so.conf > /dev/null || echo "/usr/lib" | sudo tee -a /etc/ld.so.conf > /dev/null
sudo ldconfig
If someone can get me feedback on this, I’ll be glad, hopefully I have not missed anything. Alternatively, while dealing with this problem, I followed a guide from @jonny5 . I do not think it has resolved my problem but maybe it can put somebody in a correct direction if this guide did not.