Right now we see that bro mis-compiles on RHEL4. This appears to be an issues with the glibc-headers package.
Hmm... I've seen this before but right now I can't remember what's
the fix. Does anybody?
(Just a guess: does it help if you remove "-I../../linux-include"
from the command line?)
Any thoughts on this ? Also, I am wondering if anyone here running bro with endace DAG 6.2 cards ?
We have some prototypical code to add native DAG support to Bro
(rather than relying on libpcap). I'd have to check what the current
state is but if you're interested to try it, I'll see.
(We're using a 4.3GE currently but this shouldn't make a difference
in terms of the API.)
> Right now we see that bro mis-compiles on RHEL4. This appears to be
an issues with the glibc-headers package.
Hmm... I've seen this before but right now I can't remember what's
the fix. Does anybody?
mhmmm the archive says that in November Vidar Seeberg had a similar
problem ("Compiling error on Ubuntu Linux - now: make-problem"), but I
cannot seem to find a mail that detailed a fix. Vern pointed out that
the ef tool isn't actually needed, and iirc we have removed it in more
recent releases(?).
>
> > Right now we see that bro mis-compiles on RHEL4. This appears to be
> an issues with the glibc-headers package.
>
> Hmm... I've seen this before but right now I can't remember what's
> the fix. Does anybody?
mhmmm the archive says that in November Vidar Seeberg had a similar
problem ("Compiling error on Ubuntu Linux - now: make-problem"), but I
cannot seem to find a mail that detailed a fix. Vern pointed out that
the ef tool isn't actually needed, and iirc we have removed it in more
recent releases(?).
Here is the error. It did go a lot further in compilation then initially. Not sure if this is useful for you or I should send you the binpac coredumps as well.
PktSrc.o(.text+0x74c): In function `PktSrc::SetHdrSize()':
/usr/local/packages/bro/bro-1.0/src/PktSrc.cc:248: undefined reference to `pcap_snprintf'
PktSrc.o(.text+0xd7e): In function `PktInterfaceSrc::PktInterfaceSrc(char const*, char const*, PktSrc_Filter_Type)':
/usr/local/packages/bro/bro-1.0/src/PktSrc.cc:360: undefined reference to `pcap_snprintf'
PktSrc.o(.text+0xdd0):/usr/local/packages/bro/bro-1.0/src/PktSrc.cc:326: undefined reference to `pcap_snprintf'
PktSrc.o(.text+0xef6): In function `PktInterfaceSrc::PktInterfaceSrc(char const*, char const*, PktSrc_Filter_Type)':
/usr/local/packages/bro/bro-1.0/src/PktSrc.cc:360: undefined reference to `pcap_snprintf'
PktSrc.o(.text+0xf48):/usr/local/packages/bro/bro-1.0/src/PktSrc.cc:326: undefined reference to `pcap_snprintf'
collect2: ld returned 1 exit status
make[2]: *** [bro] Error 1
make[2]: Leaving directory `/usr/local/packages/bro/bro-1.0/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/local/packages/bro/bro-1.0/src'
make: *** [all] Error 2
Is it just in aux/{cf,hf} that things are failing? If you cd into src
directly once configure has finished and type "make", does it fail
similarly?
> (Just a guess: does it help if you remove "-I../../linux-include"
> from the command line?)
Yeah, a good thing to try!
I tried removing "-I../../linux-include" by commenting it gets erros. Both of running make after configure as well as running make inside the src directory. If you want to look at the errors I can sent that out as well.
Thanks a lot for the prompt responses and all the help.
Looks like it cant find some header files for libpcap.
I have a very similar setup to what you are doing, here is the skinny on how I configured my DAG cards with DAG compatible libpcap and bro:
I got the libpcap source from endace.com's website, then compiled with the following:
./configure '--with-dag=/opt/dag' '--prefix=/opt' && make
make install
For bro using bro-1.X:
CFLAGS='-I/opt/include' LDFLAGS='-L/opt/lib' ./configure '--disable-localpcap' '--enable-selectloop' '--prefix=/opt/bro-1.0' && make
make install
You will need to use endace's libpcap until bro supports DAG devices natively. The endace-libpcap allows the dag devices to be seen as dag0 and dag1 (sort of like eth0/eth1).
This usually indicates that the used pcap.h does not match the
version of libpcap which is linked in. Do you have different
versions installed? If not, it may also be the case that Bro's
configure confuses the system libpcap with the included libpcap (I
forgot whether in 1.0 the pcap which ships with Bro is still the
default used by configure; this has changed recently).