Argh - the 0.8a57 release uses some new libpcap functionality
(pcap_compile_nocap(), and calling pcap_freecode() with a bpf_program*)
that isn't supported in older libpcap releases. If someone could please
contribute autoconf tweaks to deal with this incompatibility, I'd much
appreciate it.
Argh - the 0.8a57 release uses some new libpcap functionality
(pcap_compile_nocap(), and calling pcap_freecode() with a bpf_program*)
that isn't supported in older libpcap releases. If someone could please
contribute autoconf tweaks to deal with this incompatibility, I'd much
appreciate it.
mhmm ... it seems that pcap_compile_nopcap() was added in 0.5, and
pcap_freecode() without the pcap_t in 0.6.1, so I guess there should be
a check for versions >= 0.6.1.
I'm attaching a patch that seems to work -- it checks whether the
pcap_compile_nocap symbol exists, and whether a program passing only one
argument to pcap_freecode() can build.
I haven't checked if the autoconf macros are available in older versions
as well (at that point I'm usually losing my patience Apply with -p0
in the toplevel directory of the source tree.
I just build and deployed bro-0.8a57 and the thing segfaults after about
5-100 minutes of running. I tried '-t file', but then it segfaults
immediately.
Platform is RedHat 9; default build of bro with ssl. Deployed on a fairly
loaded 10MB/s link.