Suricata 6.0.6 fails to compile with pf_ring 8

I have the same problem.
env:
os: rhel 8.2
suricata: 6.0.6
pfring: 8.2.0

When run ./configure with enable-pfring, it say “–enable-pfring was passed but the library version is < 6”, please take a look thanks.

Can someone open a ticket for this?

Hi,
Can you post the config.log file?

This is interesting, Suricata 6.0.6 compiles fine with PF_RING 8.2.0 on
RHEL7

LIBS=“-lrt” ./configure --prefix=/opt/suricata --enable-pfring=yes --with-libpfring-includes=/usr/include --with-libpfring-libraries=/usr/lib --with-libhs-includes=/usr/local/include/hs --with-libhs-libraries=/usr/local/lib64 --enable-af-packet=no

Greg

yes, I try ok on rhel7 with suricata6.0.4 too.

config.log (184.1 KB)
Please take a look, thanks.

Hi,

Could you try patching configure.ac and then re-running configure?

Your config.log file shows that types defined in <sys/types.h> aren’t being found – these are basic typedefs available on your system (they were checked earlier in the configure process): u_char, u_int, ...

Here’s the patch:

diff --git a/configure.ac b/configure.ac
index 34b2b811c..4b2e8ecfc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1409,6 +1409,7 @@
             AC_COMPILE_IFELSE(
                 [AC_LANG_PROGRAM(
                     [
+                    #include <sys/types.h>
                     #include <pfring.h>
                     ],
                     [

Thanks a lot, I have switched to af_packet.

FYI PF_RING 8.2 builds fine. It’s also the only version of PF_RING that is supported by ntop:

8.0 and older versions are EOL.

But my environment is:
os: rhel 8.2
suricata: 6.0.6
pfring: 8.2.0

It didn’t work out.
It say “–enable-pfring was passed but the library version is < 6”, please take a look thanks.

And is there a tutorial on using dpdk on version 6?
Thanks.

DPDK is introduced in Suricata 7. You could try 7.0.0-beta1.

Can you attach the config.log?

Suricata 6.0.8 builds just fine with most recent PF_RING - update your
Suricata version…

Greg

OK,I will try Suricata 7
the log file: Suricata 6.0.6 fails to compile with pf_ring 8 - #8 by storm_zy

OK, I will try 6.0.8, thanks.

Today I tried Suricata6.0.8 with pfring 8.2.0.
It still wrong with: ERROR! --enable-pfring was passed but the library version is < 6

OS: rhel 8.2
uname -r: 4.18.0-193.el8.x86_64
Suricata: 6.0.8
pfring: 8.2.0
The config.log file:
config.log (184.3 KB)

I’m so depressed T_T.
Please take a look. Thank you.

Hello,

Yes this can be confusing, here is how to do it

Use only the Linux package manager available from NTOP to install pf_ring,
don’t bother trying to compile it and install it yourself, it just
causes headaches.

Once pf_ring is installed with the package manager, configure and compile
Suricata as follows

cd suricata-6.0.8

LIBS=“-lrt” ./configure --prefix=/opt/suricata --enable-pfring=yes --with-libpfring-includes=/usr/include --with-libpfring-libraries=/usr/lib --with-libhs-includes=/usr/local/include/hs --with-libhs-libraries=/usr/local/lib64 --enable-af-packet=no

make
make install

You may or may not need the libhs includes depending on your install and
you may need to update the prefix path to suit your environment.

Greg

Thank you very much.
But I am in an Intranet environment and it is difficult for me to use the package manager.

Well you are obviously able to get external sources to your system, NTOP
provides RPMs you can download as well, then install locally instead of
using the system package manager.

That said, how exactly do you perform security updates to this system if
you don’t have external access? It is a hugely bad idea to run Suricata
or any other IDS on systems that are not regularly patched.