DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 2nd August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default Libpcap installed but no detected

Dear All,

I had installed libpcap-1.7.4 from tcpdump.org into my OpenBSD machine but when I running ./configure command for DAQ packages, it cannot detected the libpcap installation.

Why is the error?

Error:
Code:
Checking for pcap_lib_version >= 1.0.0 not found
Error:
Get it from http://www.tcpdump.org

Please help. Thanks.

Reference

Last edited by Peter_APIIT; 2nd August 2015 at 09:42 AM.
Reply With Quote
  #2   (View Single Post)  
Old 2nd August 2015
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: France
Posts: 394
Default

You've got an answer on Linuxquestions :
Quote:
Originally Posted by http://www.linuxquestions.org
If you followed the instructions (you never posted what you actually did, neither did you show if files were installed properly nor is there any evidence you checked the configure.log) 'make install;' puts libraries in /usr/local/lib and the headers in /usr/local/include.
I presume your libraries are not in the good place.
You installed your libraries from a generic site, and the libraries directory may differ from OpenBSD.

Find'em, and copy them in the right place, or create a symbolic link.
__________________
ThinkPad W500 P8700 6GB HD3650 SSD
ThinkStation P700 2x2620v3 32GB 1050ti SSD 3xHDD
Reply With Quote
  #3   (View Single Post)  
Old 2nd August 2015
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 950
Default

Speaking very generically, you may also be able to tell it where to find the libraries using environment variables. Run

% ./configure --help

and look at the bottom of the output. You may see something like this:

Code:
Some influential environment variables:
  CC          C compiler command
  CFLAGS      C compiler flags
  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
              nonstandard directory <lib dir>
  CPPFLAGS    C/C++ preprocessor flags, e.g. -I<include dir> if you have
              headers in a nonstandard directory <include dir>
  CPP         C preprocessor
The part that I've put in green could be what you're looking for. For example,

% export LDFLAGS=-L/usr/local/lib

or whatever modification of that makes sense for your situation.
Reply With Quote
  #4   (View Single Post)  
Old 3rd August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Quote:
Originally Posted by LeFrettchen View Post
You've got an answer on Linuxquestions :


I presume your libraries are not in the good place.
You installed your libraries from a generic site, and the libraries directory may differ from OpenBSD.

Find'em, and copy them in the right place, or create a symbolic link.
The step I'm used to installed libpcap is very generic.
Code:
./configure
make
make clean
make install
I able to find the libpcap.a and libpcap.so from /usr/local/lib but it cannot daq cannot detect the library version.

When i configure the daq, I also point the libpcap library to the /usr/local/lib/ but it still cannot find it.

What should I do now? Thanks a lot.
Reply With Quote
  #5   (View Single Post)  
Old 3rd August 2015
cynwulf's Avatar
cynwulf cynwulf is offline
tying up some loose ends
 
Join Date: Mar 2014
Posts: 270
Default

Looking at the linked thread at linuxquestions.org this seems to be the result of some attempt to port the Linux netfilter/iptables firewall...?
Reply With Quote
  #6   (View Single Post)  
Old 3rd August 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,183
Default

It's an attempt to port an unexplained application for an unknown purpose. Peter might read this, so I'll explain graphically.

----

Peter, you have a goal.



You never ask us the best way to reach it. There are usually multiple paths to the goal. Some may be better than others.



We never know the goal you are trying to reach. We are only ever asked about the immediate obstacle.



We never know if you are on the wrong path. If you tell us the goal, we might be able to direct you to the correct path.

Reply With Quote
  #7   (View Single Post)  
Old 3rd August 2015
denta denta is offline
Shell Scout
 
Join Date: Nov 2009
Location: Sweden
Posts: 95
Default

Quote:
Originally Posted by cynwulf View Post
Looking at the linked thread at linuxquestions.org this seems to be the result of some attempt to port the Linux netfilter/iptables firewall...?
It appears so, while it's still very much unclear why anyone would ever want to do that.
Reply With Quote
  #8   (View Single Post)  
Old 4th August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

OK. Lets me explain it clearly.

I tried to install Snort with IPS configured but Snort packages from OpenBSD repositories does not contain afpacket module. Thus, I install the generic source packages for libpcap, lidnet, daq and snort in order to configure Snort as IPS.

Based on Snort documentation, Snort IPS mode is only applicable on Linux with afpacket and not applicable to OpenBSD pf. I think so.

Based on this documentation, IPFW in daq modules should be using for inline mode together with pf divert-to. Is this correct?

Is it recommend to use Snort inline mode with ipfw daq module in OpenBSD PF? Thanks.

Last edited by Peter_APIIT; 4th August 2015 at 03:28 AM.
Reply With Quote
  #9   (View Single Post)  
Old 4th August 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,307
Default

Quote:
Originally Posted by Peter_APIIT View Post
Lets me explain it clearly.

I tried to install Snort with IPS configured...
You need to go back even further. What problem are you experiencing which makes you believe Snort will help resolve?
Reply With Quote
Old 4th August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

Quote:
Originally Posted by ocicat View Post
You need to go back even further. What problem are you experiencing which makes you believe Snort will help resolve?
Snort offer signatures based network traffic detection. Thus, If there is virus or malware during the network transmission, it will automatically block it.

Edit:

Snort also offers preprocessor normalize function. For instance, if TOS was set to non zero value, it will get reset by snort to zero.

Last edited by Peter_APIIT; 5th August 2015 at 02:01 AM.
Reply With Quote
Old 4th August 2015
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,307
Default

Quote:
Originally Posted by Peter_APIIT View Post
...If there is virus or malware during the network transmission, it will automatically block it.
If you are looking at Snort simply for its antivirus capabilities, why not install security/clamav which has already been ported to OpenBSD?
Reply With Quote
Old 5th August 2015
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,615
Default

From ftp://ftp.nluug.nl/pub/OpenBSD/5.7/packages/amd64/

Code:
File:snort-2.9.7.0.tgz 	3627 KB 	03/08/15 	14:34:00
File:snort2pf-4.5p0.tgz    9 KB 	03/08/15 	14:34:00
Quote:
Originally Posted by Peter_APIIT
I tried to install Snort with IPS configured but Snort packages from OpenBSD repositories does not contain afpacket module.
Maybe the port does allow configuration/inclusion of that module?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 5th August 2015 at 07:24 AM.
Reply With Quote
Old 17th August 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 121
Default

The correct module is ipfw. I wonder how to configure ipfw with snort pf. Thanks.
Reply With Quote
Old 17th August 2015
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,183
Default

https://en.wikipedia.org/wiki/Ipfirewall

Please note the Operating Systems where this is available.

Last edited by jggimi; 17th August 2015 at 01:05 PM. Reason: typo
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Triggering pf.conf anchor load based on ip detected daemonbak OpenBSD Security 10 27th July 2015 10:43 PM
5.4 amd64 on Thinkpad x200: "render error detected" on booting. karl OpenBSD Installation and Upgrading 2 5th November 2013 04:28 AM
Partition(s) present but not detected after panic jb_daefo FreeBSD General 0 29th May 2009 07:01 PM
Memory Not Detected jrs OpenBSD Installation and Upgrading 3 19th May 2009 05:50 PM
Installed 4.3 & No GUI warriors OpenBSD General 24 14th August 2008 11:28 AM


All times are GMT. The time now is 09:26 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick