Libpcap installed but no detected

[Peter_APIIT]

Dear All,

I had installed libpcap-1.7.4 from tcpdump.org into my OpenBSD machine but when I running ./configure command for DAQ packages, it cannot detected the libpcap installation.

Why is the error?

Error:
Code:
Checking for pcap_lib_version >= 1.0.0 not found
Error:
Get it from http://www.tcpdump.org

Please help. Thanks.

Reference

[LeFrettchen]

You've got an answer on Linuxquestions :

Quote:

Originally Posted by http://www.linuxquestions.org

If you followed the instructions (you never posted what you actually did, neither did you show if files were installed properly nor is there any evidence you checked the configure.log) 'make install;' puts libraries in /usr/local/lib and the headers in /usr/local/include.

I presume your libraries are not in the good place.
You installed your libraries from a generic site, and the libraries directory may differ from OpenBSD.

Find'em, and copy them in the right place, or create a symbolic link.

[IdOp]

Speaking very generically, you may also be able to tell it where to find the libraries using environment variables. Run

% ./configure --help

and look at the bottom of the output. You may see something like this:

Code:

Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
              nonstandard directory <lib dir>
  CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
              headers in a nonstandard directory <include dir>
  CPP         C preprocessor

The part that I've put in green could be what you're looking for. For example,

% export LDFLAGS=-L/usr/local/lib

or whatever modification of that makes sense for your situation.

[Peter_APIIT]

Quote:

Originally Posted by LeFrettchen

You've got an answer on Linuxquestions :


I presume your libraries are not in the good place.
You installed your libraries from a generic site, and the libraries directory may differ from OpenBSD.

Find'em, and copy them in the right place, or create a symbolic link.

The step I'm used to installed libpcap is very generic.

Code:

./configure
make
make clean
make install

I able to find the libpcap.a and libpcap.so from /usr/local/lib but it cannot daq cannot detect the library version.

When i configure the daq, I also point the libpcap library to the /usr/local/lib/ but it still cannot find it.

What should I do now? Thanks a lot.

[blackhole]

Looking at the linked thread at linuxquestions.org this seems to be the result of some attempt to port the Linux netfilter/iptables firewall...?

[jggimi]

It's an attempt to port an unexplained application for an unknown purpose. Peter might read this, so I'll explain graphically.

----

Peter, you have a goal.



You never ask us the best way to reach it. There are usually multiple paths to the goal. Some may be better than others.



We never know the goal you are trying to reach. We are only ever asked about the immediate obstacle.



We never know if you are on the wrong path. If you tell us the goal, we might be able to direct you to the correct path.

[denta]

Quote:

Originally Posted by cynwulf

Looking at the linked thread at linuxquestions.org this seems to be the result of some attempt to port the Linux netfilter/iptables firewall...?

It appears so, while it's still very much unclear why anyone would ever want to do that.

[Peter_APIIT]

OK. Lets me explain it clearly.

I tried to install Snort with IPS configured but Snort packages from OpenBSD repositories does not contain afpacket module. Thus, I install the generic source packages for libpcap, lidnet, daq and snort in order to configure Snort as IPS.

Based on Snort documentation, Snort IPS mode is only applicable on Linux with afpacket and not applicable to OpenBSD pf. I think so.

Based on this documentation, IPFW in daq modules should be using for inline mode together with pf divert-to. Is this correct?

Is it recommend to use Snort inline mode with ipfw daq module in OpenBSD PF? Thanks.

[ocicat]

Quote:

Originally Posted by Peter_APIIT

Lets me explain it clearly.

I tried to install Snort with IPS configured...

You need to go back even further. What problem are you experiencing which makes you believe Snort will help resolve?

[Peter_APIIT]

Quote:

Originally Posted by ocicat

You need to go back even further. What problem are you experiencing which makes you believe Snort will help resolve?

Snort offer signatures based network traffic detection. Thus, If there is virus or malware during the network transmission, it will automatically block it.

Edit:

Snort also offers preprocessor normalize function. For instance, if TOS was set to non zero value, it will get reset by snort to zero.

[ocicat]

Quote:

Originally Posted by Peter_APIIT

...If there is virus or malware during the network transmission, it will automatically block it.

If you are looking at Snort simply for its antivirus capabilities, why not install security/clamav which has already been ported to OpenBSD?

[J65nko]

From ftp://ftp.nluug.nl/pub/OpenBSD/5.7/packages/amd64/

Code:

File:snort-2.9.7.0.tgz 	3627 KB 	03/08/15 	14:34:00
File:snort2pf-4.5p0.tgz    9 KB 	03/08/15 	14:34:00

Quote:

Originally Posted by Peter_APIIT

I tried to install Snort with IPS configured but Snort packages from OpenBSD repositories does not contain afpacket module.

Maybe the port does allow configuration/inclusion of that module?

[Peter_APIIT]

The correct module is ipfw. I wonder how to configure ipfw with snort pf. Thanks.

[jggimi]

https://en.wikipedia.org/wiki/Ipfirewall

Please note the Operating Systems where this is available.