• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2035
  • Last Modified:

compile tcpdump with pf_ring

Hi,

i downloaded pf_ring 5.0.0. I successfully compiled libpcap and pf_ring libraries. I'm now trying to compile tcpdump but that does not seem to work. I get this error when doing make:


gcc -O2 -DHAVE_CONFIG_H  -I./missing  -D_U_="__attribute__((unused))" -DHAVE_PF_RING -I. -I./../libpcap  -I./missing  -o tcpdump addrtoname.o af.o checksum.o cpack.o gmpls.o oui.o gmt2local.o ipproto.o nlpid.o l2vpn.o machdep.o parsenfsfh.o print-802_11.o print-ap1394.o print-ah.o print-arcnet.o print-aodv.o print-arp.o print-ascii.o print-atalk.o print-atm.o print-beep.o print-bfd.o print-bgp.o print-bootp.o print-bt.o print-cdp.o print-cfm.o print-chdlc.o print-cip.o print-cnfp.o print-dccp.o print-decnet.o print-domain.o print-dtp.o print-dvmrp.o print-enc.o print-egp.o print-eap.o print-eigrp.o print-esp.o print-ether.o print-fddi.o print-fr.o print-gre.o print-hsrp.o print-icmp.o print-igmp.o print-igrp.o print-ip.o print-ipcomp.o print-ipfc.o print-ipnet.o print-ipx.o print-isoclns.o print-juniper.o print-krb.o print-l2tp.o print-lane.o print-ldp.o print-lldp.o print-llc.o print-lmp.o print-lspping.o print-lwapp.o print-lwres.o print-mobile.o print-mpcp.o print-mpls.o print-msdp.o print-nfs.o print-ntp.o print-null.o print-olsr.o print-ospf.o print-pgm.o print-pim.o print-ppp.o print-pppoe.o print-pptp.o print-radius.o print-raw.o print-rip.o print-rrcp.o print-rsvp.o print-rx.o print-sctp.o print-sflow.o print-sip.o print-sl.o print-sll.o print-slow.o print-snmp.o print-stp.o print-sunatm.o print-sunrpc.o print-symantec.o print-syslog.o print-tcp.o print-telnet.o print-tftp.o print-timed.o print-token.o print-udld.o print-udp.o print-usb.o print-vjc.o print-vqp.o print-vrrp.o print-vtp.o print-forces.o print-wb.o print-zephyr.o signature.o setsignal.o tcpdump.o util.o version.o print-ip6.o print-ip6opts.o print-mobility.o print-ripng.o print-icmp6.o print-frag6.o print-rt6.o print-ospf6.o print-dhcp6.o print-smb.o smbutil.o strlcat.o strlcpy.o datalinks.o dlnames.o pcap_dump_ftell.o print-isakmp.o ./../libpcap/libpcap.a ../lib/libpfring.a  ../lib/libpfring.a -lpthread ../lib/libpfring.a -lpthread
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_name_to_val':
pcap.c:(.text+0x130): multiple definition of `pcap_datalink_name_to_val'
dlnames.o:dlnames.c:(.text+0xa0): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_val_to_name':
pcap.c:(.text+0x1a0): multiple definition of `pcap_datalink_val_to_name'
dlnames.o:dlnames.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_datalink_val_to_description':
pcap.c:(.text+0x1f0): multiple definition of `pcap_datalink_val_to_description'
dlnames.o:dlnames.c:(.text+0x50): first defined here
./../libpcap/libpcap.a(pcap.o): In function `pcap_list_datalinks':
pcap.c:(.text+0xca0): multiple definition of `pcap_list_datalinks'
datalinks.o:datalinks.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(sf-pcap.o): In function `pcap_dump_ftell':
sf-pcap.c:(.text+0x40): multiple definition of `pcap_dump_ftell'
pcap_dump_ftell.o:pcap_dump_ftell.c:(.text+0x0): first defined here
./../libpcap/libpcap.a(grammar.o): In function `pcap_parse':
grammar.c:(.text+0x44e): undefined reference to `pcap_lex'
collect2: ld returned 1 exit status
make: *** [tcpdump] Error 1


It seems to be a problem that other people are facing as well, but i haven't found any solution yet.

Can someone help?

Thanks
0
Commsquare
Asked:
Commsquare
  • 2
  • 2
1 Solution
 
medveddCommented:
First, you need to recompile libpcap to include pf_ring support.
Sources for this enhanced libpcap are in directory userland/libpcap-1.1.1-ring
in pf_ring 5.0.0 source tree. Then you have to use this new libpcap to compile tcpdump.
0
 
CommsquareAuthor Commented:
I have successfully compiled libpcap. I then go to the tcpdump directory and do "./configure" and "make" which gives me the error. I don't see what i do differently than what you suggest.
0
 
medveddCommented:
Pf_ring distribution also includes tcpdump, did you try to compile this version?

My steps:

tar xvfz PF_RING-5.0.0.tar.gz
cd PF_RING-5.0.0/userland/lib
./configure
make

cd ../libpcap-1.1.1-ring
./confgure
make

cd ../tcpdump-4.1.1
./configure
make

tcpdump compiled with pf_ring support and no errors

0
 
CommsquareAuthor Commented:
apparently something had been messed up. I followed your procedure from scratch with a fresh pf_ring installation and now it works... thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now