[Snort-users] snort-2.9.0 on RHEL5

Michael Altizer xiche at ...3147...
Fri Oct 8 01:52:32 EDT 2010

  On 10/08/2010 12:34 AM, waldo kitty wrote:
> On 10/8/2010 00:08, Jason Haar wrote:
>>    Hi there
>> So far snort pre-2.9 has compiled just fine on RHEL5 systems, but with
>> the new requirement for libpcap-1.0, that is no longer the case. We'll
>> have to port that from Fedora or something.
> there's nothing to port, really... you should be able to grab the libpcap
> sources from www.tcpdump.net (IIRC) and go from there... that's what i did in
> this custom environment i'm working in... i did have some other mess to deal
> with trying to get thru this but i was finally successful... and after all of
> that, i still can't test 2.9.0 in my environment because of the below...
>> Has anyone done that yet, and are there any war-stories about it killing
>> tcpdump or any other app that depended on pre-1.0 libpcap? Do they all
>> need to be recompiled too?
> that's what i've been wondering since my foray into 2.9.0... tcpdump, iftop, and
> ppp are at least three that are built against libpcap... i'm looking at the
> war-stories boat same as you because i definitely cannot loose my PPP DSL
> connection to some stupid library snafu :
Conveniently enough, the new and old LibPCAP libraries can coexist on 
the same system due to the change in library major number, so old 
binaries can continue on with life just fine.  Just make sure that you 
only have development files (headers, static library, and .so symlink) 
for the version of LibPCAP that you want to build against.

For example:
     /usr/lib/libpcap.a (libpcap 1.1.1 static archive)
     /usr/lib/libpcap.so -> libpcap.so.1* (library that things compiled 
dynamically against -lpcap will link with)
     /usr/lib/libpcap.so.1 -> libpcap.so.1.1.1*
     /usr/lib/libpcap.so.0 -> libpcap.so.0.9.8* (binaries compiled 
against this version can still dynamically link at runtime)


More information about the Snort-users mailing list