Suricata 6.0.6 fails to compile with pf_ring 8

Help
,
1

Hi
I’m trying to compile Suricata 6.0.6 with pf_ring 8 on Debian 10 with kernel 4.19.0-21-amd64, but it fails with the error

ERROR! --enable-pfring was passed but the library version is < 6, go get it
from http://www.ntop.org/products/pf_ring/

PF_RING installation

git clone https://github.com/ntop/PF_RING.git /root/PF_RING
cd /root/PF_RING/kernel
make && make install
insmod ./pf_ring.ko
cd /root/PF_RING/userland
make && make install

Modinfo

root@proxy01:~/suricata-6.0.6# modinfo pf_ring
filename:       /lib/modules/4.19.0-21-amd64/kernel/net/pf_ring/pf_ring.ko
alias:          net-pf-27
version:        8.3.0
description:    Packet capture acceleration and analysis
author:         ntop.org
license:        GPL
srcversion:     AEAD4B1122BFB356A2A3951
depends:
retpoline:      Y
name:           pf_ring
vermagic:       4.19.0-21-amd64 SMP mod_unload modversions
parm:           min_num_slots:Min number of ring slots (uint)
parm:           perfect_rules_hash_size:Perfect rules hash size (uint)
parm:           enable_tx_capture:Set to 1 to capture outgoing packets (uint)
parm:           enable_frag_coherence:Set to 1 to handle fragments (flow coherence) in clusters (uint)
parm:           enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is defragmentead) (uint)
parm:           quick_mode:Set to 1 to run at full speed but with upto one socket per interface (uint)
parm:           force_ring_lock:Set to 1 to force ring locking (automatically enable with rss) (uint)
parm:           enable_debug:Set to 1 to enable PF_RING debug tracing into the syslog, 2 for more verbosity (uint)
parm:           transparent_mode:(deprecated) (uint)

Suricata Installation

wget https://www.openinfosecfoundation.org/download/suricata-6.0.6.tar.gz
tar xf suricata-6.0.6.tar.gz
cd suricata-6.0.6/
CFLAGS="-O0 -ggdb"  ./configure --enable-python --enable-pfring --enable-geoip --disable-gccmarch-native --with-libjansson --prefix=/usr/ --sysconfdir=/etc --localstatedir=/var --with-libpfring-includes=/usr/local/pfring/include/ --with-libpfring-libraries=/usr/local/pfring/lib/ --with-libpcap-includes=/usr/local/pfring/include/ --with-libpcap-libraries=/usr/local/pfring/lib/ --with-libnss-libraries=/usr/lib --with-libnss-includes=/usr/include/nss/ --with-libnspr-libraries=/usr/lib --with-libnspr-includes=/usr/include/nspr --with-libgeoip-includes=/usr/include --with-libgeoip-libraries=/usr/lib/x86_64-linux-gnu/

Result

checking whether make supports nested variables... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether UID '0' is supported by ustar format... yes
checking whether GID '0' is supported by ustar format... yes
checking how to create a ustar tar archive... gnutar
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking whether make supports the include directive... yes (GNU style)
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... yes
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking for pkg-config... /usr/bin/pkg-config
checking pkg-config is at least version 0.9.0... yes
checking whether GCC or Clang is our compiler... gcc
checking for clang... no
checking gcc version... 8
checking for gawk... (cached) gawk
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking how to run the C preprocessor... gcc -E
checking for ranlib... (cached) ranlib
checking whether ln -s works... yes
checking whether make sets $(MAKE)... (cached) yes
checking for grep that handles long lines and -e... (cached) /usr/bin/grep
checking for cygpath... no
checking for pkg-config... /usr/bin/pkg-config
checking for python3... /usr/bin/python3
checking for python-distutils... yes
checking for python-yaml... no
checking for wget... /usr/bin/wget
checking stddef.h usability... yes
checking stddef.h presence... yes
checking for stddef.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking assert.h usability... yes
checking assert.h presence... yes
checking for assert.h... yes
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking for inttypes.h... (cached) yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking poll.h usability... yes
checking poll.h presence... yes
checking for poll.h... yes
checking sched.h usability... yes
checking sched.h presence... yes
checking for sched.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking stdarg.h usability... yes
checking stdarg.h presence... yes
checking for stdarg.h... yes
checking for stdint.h... (cached) yes
checking stdio.h usability... yes
checking stdio.h presence... yes
checking for stdio.h... yes
checking for stdlib.h... (cached) yes
checking stdbool.h usability... yes
checking stdbool.h presence... yes
checking for stdbool.h... yes
checking for string.h... (cached) yes
checking for strings.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking sys/prctl.h usability... yes
checking sys/prctl.h presence... yes
checking for sys/prctl.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking for sys/stat.h... (cached) yes
checking sys/syscall.h usability... yes
checking sys/syscall.h presence... yes
checking for sys/syscall.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking time.h usability... yes
checking time.h presence... yes
checking for time.h... yes
checking for unistd.h... (cached) yes
checking sys/param.h usability... yes
checking sys/param.h presence... yes
checking for sys/param.h... yes
checking for sys/ioctl.h... (cached) yes
checking linux/if_ether.h usability... yes
checking linux/if_ether.h presence... yes
checking for linux/if_ether.h... yes
checking linux/if_packet.h usability... yes
checking linux/if_packet.h presence... yes
checking for linux/if_packet.h... yes
checking linux/filter.h usability... yes
checking linux/filter.h presence... yes
checking for linux/filter.h... yes
checking linux/ethtool.h usability... yes
checking linux/ethtool.h presence... yes
checking for linux/ethtool.h... yes
checking linux/sockios.h usability... yes
checking linux/sockios.h presence... yes
checking for linux/sockios.h... yes
checking glob.h usability... yes
checking glob.h presence... yes
checking for glob.h... yes
checking locale.h usability... yes
checking locale.h presence... yes
checking for locale.h... yes
checking grp.h usability... yes
checking grp.h presence... yes
checking for grp.h... yes
checking pwd.h usability... yes
checking pwd.h presence... yes
checking for pwd.h... yes
checking dirent.h usability... yes
checking dirent.h presence... yes
checking for dirent.h... yes
checking fnmatch.h usability... yes
checking fnmatch.h presence... yes
checking for fnmatch.h... yes
checking sys/resource.h usability... yes
checking sys/resource.h presence... yes
checking for sys/resource.h... yes
checking for sys/types.h... (cached) yes
checking sys/un.h usability... yes
checking sys/un.h presence... yes
checking for sys/un.h... yes
checking sys/random.h usability... yes
checking sys/random.h presence... yes
checking for sys/random.h... yes
checking utime.h usability... yes
checking utime.h presence... yes
checking for utime.h... yes
checking libgen.h usability... yes
checking libgen.h presence... yes
checking for libgen.h... yes
checking mach/mach.h usability... no
checking mach/mach.h presence... no
checking for mach/mach.h... no
checking stdatomic.h usability... yes
checking stdatomic.h presence... yes
checking for stdatomic.h... yes
checking for sys/socket.h... (cached) yes
checking for net/if.h... yes
checking for sys/mman.h... yes
checking for linux/if_arp.h... yes
checking for windows.h... no
checking for winsock2.h... no
checking for ws2tcpip.h... no
checking for w32api/wtypes.h... no
checking for w32api/winbase.h... no
checking for wincrypt.h... no
checking for inline... inline
checking for C/C++ restrict keyword... __restrict
checking for pid_t... yes
checking for mode_t... yes
checking for size_t... yes
checking for ssize_t... yes
checking for int8_t... yes
checking for int16_t... yes
checking for int32_t... yes
checking for int64_t... yes
checking for uint8_t... yes
checking for uint16_t... yes
checking for uint32_t... yes
checking for uint64_t... yes
checking for u_int... yes
checking for u_short... yes
checking for u_long... yes
checking for u_char... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for struct tm.tm_zone... yes
checking for ptrdiff_t... yes
checking for stdbool.h that conforms to C99... (cached) yes
checking for _Bool... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking for stdlib.h... (cached) yes
checking for GNU libc compatible realloc... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking whether time.h and sys/time.h may both be included... yes
checking for sys/time.h... (cached) yes
checking for unistd.h... (cached) yes
checking for stdlib.h... (cached) yes
checking for sys/param.h... (cached) yes
checking for alarm... yes
checking for working mktime... yes
checking for getpagesize... yes
checking for working mmap... yes
checking for working strtod... yes
checking for memmem... yes
checking for memset... yes
checking for memchr... yes
checking for memrchr... yes
checking for memmove... yes
checking for strcasecmp... yes
checking for strchr... yes
checking for strrchr... yes
checking for strdup... yes
checking for strndup... yes
checking for strncasecmp... yes
checking for strtol... yes
checking for strtoul... yes
checking for strstr... yes
checking for strpbrk... yes
checking for strtoull... yes
checking for strtoumax... yes
checking for strerror... yes
checking for gethostname... yes
checking for inet_ntoa... yes
checking for uname... yes
checking for gettimeofday... yes
checking for clock_gettime... yes
checking for utime... yes
checking for strptime... yes
checking for tzset... yes
checking for localtime_r... yes
checking for socket... yes
checking for setenv... yes
checking for select... yes
checking for putenv... yes
checking for dup2... yes
checking for endgrent... yes
checking for endpwent... yes
checking for atexit... yes
checking for munmap... yes
checking for fwrite_unlocked... yes
checking whether getrandom is declared... yes
checking for strlcpy... no
checking for strlcat... no
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking host os... installation for x86_64-pc-linux-gnu OS... ok
checking for c11 support... yes
checking for thread local storage gnu __thread support... yes
checking for dlfcn.h... (cached) yes
checking for plugin support... yes
checking for spatch... no
checking zlib.h usability... yes
checking zlib.h presence... yes
checking for zlib.h... yes
checking for inflate in -lz... yes
checking pcre.h usability... yes
checking pcre.h presence... yes
checking for pcre.h... yes
checking for pcre_get_substring in -lpcre... yes
checking for LIBPCREVERSION... no
checking for pcre_dfa_exec in -lpcre... yes
checking for PCRE JIT support... yes
checking for PCRE JIT support usability... yes
checking for PCRE JIT exec availability... yes
checking for libhs... yes
checking hs.h usability... yes
checking hs.h presence... yes
checking for hs.h... yes
checking for hs_compile in -lhs... yes
checking for hs_valid_platform... yes
checking yaml.h usability... yes
checking yaml.h presence... yes
checking for yaml.h... yes
checking for yaml_parser_initialize in -lyaml... yes
checking for pthread_create in -lpthread... yes
checking for pthread_spin_unlock... yes
checking jansson.h usability... yes
checking jansson.h presence... yes
checking for jansson.h... yes
checking for json_dump_callback in -ljansson... yes
checking whether OS_WIN32 is declared... no
checking for libnet.h version 1.1.x... no
checking for pcap.h... yes
checking for pcap.h... (cached) yes
checking for pcap/pcap.h... yes
checking for pcap/bpf.h... no
checking for PCAP... yes
checking for pcap_open_live in -lpcap... yes
checking for pcap_activate in -lpcap... yes
checking for pcap-config... /usr/local/bin/pcap-config
checking for pcap_set_buffer_size in -lpcap... yes
checking for pfring_open in -lpfring... yes

   ERROR! --enable-pfring was passed but the library version is < 6, go get it
   from http://www.ntop.org/products/pf_ring/
2

I have the same problem.
env:
os: rhel 8.2
suricata: 6.0.6
pfring: 8.2.0

When run ./configure with enable-pfring, it say “–enable-pfring was passed but the library version is < 6”, please take a look thanks.

3

Can someone open a ticket for this?

4

Hi,
Can you post the config.log file?

5

This is interesting, Suricata 6.0.6 compiles fine with PF_RING 8.2.0 on
RHEL7

LIBS=“-lrt” ./configure --prefix=/opt/suricata --enable-pfring=yes --with-libpfring-includes=/usr/include --with-libpfring-libraries=/usr/lib --with-libhs-includes=/usr/local/include/hs --with-libhs-libraries=/usr/local/lib64 --enable-af-packet=no

Greg

6

yes, I try ok on rhel7 with suricata6.0.4 too.

8

config.log (184.1 KB)
Please take a look, thanks.

9

Hi,

Could you try patching configure.ac and then re-running configure?

Your config.log file shows that types defined in <sys/types.h> aren’t being found – these are basic typedefs available on your system (they were checked earlier in the configure process): u_char, u_int, ...

Here’s the patch:

diff --git a/configure.ac b/configure.ac
index 34b2b811c..4b2e8ecfc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1409,6 +1409,7 @@
             AC_COMPILE_IFELSE(
                 [AC_LANG_PROGRAM(
                     [
+                    #include <sys/types.h>
                     #include <pfring.h>
                     ],
                     [
10

Thanks a lot, I have switched to af_packet.

11

FYI PF_RING 8.2 builds fine. It’s also the only version of PF_RING that is supported by ntop:

8.0 and older versions are EOL.

13

But my environment is:
os: rhel 8.2
suricata: 6.0.6
pfring: 8.2.0

It didn’t work out.
It say “–enable-pfring was passed but the library version is < 6”, please take a look thanks.

14

And is there a tutorial on using dpdk on version 6?
Thanks.

15

DPDK is introduced in Suricata 7. You could try 7.0.0-beta1.

16

Can you attach the config.log?

17

Suricata 6.0.8 builds just fine with most recent PF_RING - update your
Suricata version…

Greg

18

OK,I will try Suricata 7
the log file: Suricata 6.0.6 fails to compile with pf_ring 8 - #8 by storm_zy

19

OK, I will try 6.0.8, thanks.

20

Today I tried Suricata6.0.8 with pfring 8.2.0.
It still wrong with: ERROR! --enable-pfring was passed but the library version is < 6

OS: rhel 8.2
uname -r: 4.18.0-193.el8.x86_64
Suricata: 6.0.8
pfring: 8.2.0
The config.log file:
config.log (184.3 KB)

I’m so depressed T_T.
Please take a look. Thank you.

21

Hello,

Yes this can be confusing, here is how to do it

Use only the Linux package manager available from NTOP to install pf_ring,
don’t bother trying to compile it and install it yourself, it just
causes headaches.

Once pf_ring is installed with the package manager, configure and compile
Suricata as follows

cd suricata-6.0.8

LIBS=“-lrt” ./configure --prefix=/opt/suricata --enable-pfring=yes --with-libpfring-includes=/usr/include --with-libpfring-libraries=/usr/lib --with-libhs-includes=/usr/local/include/hs --with-libhs-libraries=/usr/local/lib64 --enable-af-packet=no

make
make install

You may or may not need the libhs includes depending on your install and
you may need to update the prefix path to suit your environment.

Greg

23

Thank you very much.
But I am in an Intranet environment and it is difficult for me to use the package manager.