[Snort-users] DAQ and libpcap 1.1.1 vs 1.0.0

vincent at ...15035... vincent at ...15035...
Tue Nov 9 05:25:13 EST 2010


Hi everyone,

The new rpms are up (libpcap1 rpms version 1.1.1-8) and are using the 
pristine source from tcpdump.org. All this is very unfortunate since this 
issue (using a modified 1.1.1 libpcap source) is something which I didn't 
verify. So, for now, my final list of rpms for RHEL5/centos5 is as 
follows:

snort/RHEL5/SRPMS/snort-2.9.0.1-3.el5.src.rpm
snort/RHEL5/SRPMS/daq-0.3-5.el5.src.rpm
snort/RHEL5/SRPMS/snort-2.9.0-1.el5.src.rpm
snort/RHEL5/SRPMS/libpcap1-1.1.1-8.el5.src.rpm
snort/RHEL5/SRPMS/libdnet-1.12-6.el5.src.rpm

snort/RHEL5/i386/snort-2.9.0.1-3.el5.i386.rpm
snort/RHEL5/i386/daq-debuginfo-0.3-5.el5.i386.rpm
snort/RHEL5/i386/libdnet-1.12-6.el5.i386.rpm
snort/RHEL5/i386/libpcap1-devel-1.1.1-8.el5.i386.rpm
snort/RHEL5/i386/libpcap1-debuginfo-1.1.1-8.el5.i386.rpm
snort/RHEL5/i386/libpcap1-1.1.1-8.el5.i386.rpm
snort/RHEL5/i386/daq-0.3-5.el5.i386.rpm
snort/RHEL5/i386/libdnet-progs-1.12-6.el5.i386.rpm
snort/RHEL5/i386/snort-mysql-2.9.0.1-3.el5.i386.rpm
snort/RHEL5/i386/snort-debuginfo-2.9.0.1-3.el5.i386.rpm
snort/RHEL5/i386/libdnet-devel-1.12-6.el5.i386.rpm

snort/RHEL5/x86_64/libpcap1-debuginfo-1.1.1-8.el5.x86_64.rpm
snort/RHEL5/x86_64/libpcap1-devel-1.1.1-8.el5.x86_64.rpm
snort/RHEL5/x86_64/libpcap1-1.1.1-8.el5.x86_64.rpm
snort/RHEL5/x86_64/snort-2.9.0.1-3.el5.x86_64.rpm
snort/RHEL5/x86_64/snort-mysql-2.9.0.1-3.el5.x86_64.rpm
snort/RHEL5/x86_64/snort-debuginfo-2.9.0.1-3.el5.x86_64.rpm
snort/RHEL5/x86_64/libdnet-devel-1.12-6.el5.x86_64.rpm
snort/RHEL5/x86_64/libdnet-1.12-6.el5.i386.rpm
snort/RHEL5/x86_64/libdnet-progs-1.12-6.el5.x86_64.rpm
snort/RHEL5/x86_64/libdnet-1.12-6.el5.x86_64.rpm
snort/RHEL5/x86_64/daq-debuginfo-0.3-5.el5.x86_64.rpm
snort/RHEL5/x86_64/daq-0.3-5.el5.x86_64.rpm
snort/RHEL5/x86_64/libdnet-devel-1.12-6.el5.i386.rpm

I guess most people will want to use the source rpms to make their own 
build and the binary rpms are only provided for reference.

Thanks for all the help and feedback.

Vincent

On Tue, 9 Nov 2010, vincent at ...15035... wrote:

> On Mon, 8 Nov 2010, Russ Combs wrote:
>
>> Did you enable debug on your DAQ build (-g -O0)?
>> 
>> I don't have --disable-remote (or anything "remote") with libpcap-1.1.1.
>
> Hi Russ,
>
> You are right. The libpcap I was passed by a trustable 3rd-party was a 
> modified 1.1.1 with remote packet capture 
> (http://www.liberouter.org/nific/usecases/rpcap/rpcap.php). I'm reverting to 
> standard libpcap and will push new rpms really soon.
>
> Thank you,
>
> Vincent




More information about the Snort-users mailing list