Sorry about that. I don't know what redhat has done. I presume they
are attempting to totally separate kernel and user space/knowledge (in
my mind it cannot be done. But, who am I). In their infinite wisdom,
they have made the 'mb()' macro unavailable to user libraries.
Consequently, when you compile libpcap it just assumes that mb is some
routine in the library world that will get resolved at load time instead
of a macro which expands to some code and gets compiled when the library
is built. So, I've included a patch which you need to run like so in
my pcap library source directory:
Assuming the patch is named /tmp/pcap-ring.patch,
and that libpcap source is in /tmp/libpcap-1.0.20041001 then
cd /tmp/libpcap-1.0.20041001
patch < /tmp/pcap-ring.patch
make clean
make
should get around the problem.
On Thu, Dec 30, 2004 at 02:07:19PM +0800, Steve Smith wrote:
Thanks for your information.
I do have the info and definition for mb in
/lib/modules/`uname -r`/source/include/asm/system.h
The installation of pcap is not the problem, I was able to install
libpcap-1.0.20041001 successfully in both FC2 and FC3.
Once the MMaped libpcap was installed, the installation of Snort 2.20 was
not successful and returned the following errors as I indicated in the
previous email:
/usr/local/lib/libpcap.a(pcap-ring.o)(.text+0x4d4): In function
`pcap_ring_recv':
/usr/local/src/libpcap/pcap-ring.c:392: undefined reference to `mb'
SS
----- Original Message -----
From: "Phil Wood" <cpw@lanl.gov>
To: "Steve Smith" <steves@is-focus.net>
Cc: <snort-users@lists.sourceforge.net>
Sent: Thursday, December 30, 2004 5:05 AM
Subject: Re: Snort failed to install using Phil Woods' shared memory ring
buffer libpcap
On Wed, Dec 29, 2004 at 02:22:29PM +0800, Steve Smith wrote:
I posted the following message to the Snort user list and got no
response. As such, I would appreciate if you could point me in the right
direction so that I could continue.
I am installing Snort 2.20 using the MMaped libpcap from Phil Woods
web-site: http://public.lanl.gov/cpw/.
The latest version of the MMAPed libpcap is: libpcap-1.0.20041001
The Snort installation went well without any problem under Fedora Core 1.
However, the same installation under Fedora core 2, I got the following
error messages:
/usr/local/lib/libpcap.a(pcap-ring.o)(.text+0x4d4): In function
`pcap_ring_recv':
/usr/local/src/libpcap/pcap-ring.c:392: undefined reference to `mb'
This is usually a sign that your /usr/include hierarchy does not have
the same common headers as used in the kernel you are running.
I normally use Debian. However, I have a redhat system:
$ uname -r
2.6.9-1.715_FC3smp
$
Unfortunately, the trick I use on Debian systems does not work on RedHat
systems. (The trick is discussed under build issues on my web page).
Redhat has inserted some code in its compiler to check that the user does
not use any of the headers supplied under the /lib/modules hierarchy.
Fortunately for me the redhat release indicated above, the gcc version:
gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
and possibly the /usr/include hierarchy (although the definition for mb
cannot be found in it [at least by me]), resolve the mb() macro call in
the pcap-ring.c file.
The definition is in the /lib/modules hierachy. I guess if you just make
sure you have:
/lib/modules/`uname -r`/source/include/asm/system.h
the libpcap make should work out.
collect2: ld returned 1 exit status
The Fedora core 2 kernel version is: Linux 2.6.9-1.6
Any ideas or suggestions?
$ grep "define mb" /lib/modules/`uname -r`/source/include/asm/system.h
Once that works and return this line:
#define mb() alternative("lock; addl $0,0(%%esp)", "mfence",
X86_FEATURE_XMM2)
you should be good to go.
Thanks.
SS
--
Phil Wood (cpw_at-sign_lanl.gov)
--
Phil Wood (cpw_at-sign_lanl.gov)
pcap-ring.patch
Description: Text document
