[Snort-users] snort-2.9.0 on RHEL5
xiche at ...3147...
Fri Oct 8 01:52:32 EDT 2010
On 10/08/2010 12:34 AM, waldo kitty wrote:
> On 10/8/2010 00:08, Jason Haar wrote:
>> Hi there
>> So far snort pre-2.9 has compiled just fine on RHEL5 systems, but with
>> the new requirement for libpcap-1.0, that is no longer the case. We'll
>> have to port that from Fedora or something.
> there's nothing to port, really... you should be able to grab the libpcap
> sources from www.tcpdump.net (IIRC) and go from there... that's what i did in
> this custom environment i'm working in... i did have some other mess to deal
> with trying to get thru this but i was finally successful... and after all of
> that, i still can't test 2.9.0 in my environment because of the below...
>> Has anyone done that yet, and are there any war-stories about it killing
>> tcpdump or any other app that depended on pre-1.0 libpcap? Do they all
>> need to be recompiled too?
> that's what i've been wondering since my foray into 2.9.0... tcpdump, iftop, and
> ppp are at least three that are built against libpcap... i'm looking at the
> war-stories boat same as you because i definitely cannot loose my PPP DSL
> connection to some stupid library snafu :
Conveniently enough, the new and old LibPCAP libraries can coexist on
the same system due to the change in library major number, so old
binaries can continue on with life just fine. Just make sure that you
only have development files (headers, static library, and .so symlink)
for the version of LibPCAP that you want to build against.
/usr/lib/libpcap.a (libpcap 1.1.1 static archive)
/usr/lib/libpcap.so -> libpcap.so.1* (library that things compiled
dynamically against -lpcap will link with)
/usr/lib/libpcap.so.1 -> libpcap.so.1.1.1*
/usr/lib/libpcap.so.0 -> libpcap.so.0.9.8* (binaries compiled
against this version can still dynamically link at runtime)
More information about the Snort-users