cpungasc
commented
1 year ago I have ran into the same issue. My observation is that daq API has changed, there's no daq_api.h anymore, now it's daq.h.
You can solve this (specific) issue by changing the _PFRING source_ code to include daq.h. Nonetheless, that is a high level approach, as I have no idea if the API remained the same and if compilation will succeed.
Not to mention that sfbpf was removed and that will be the next issue... see https://github.com/snort3/libdaq/commit/ff72be6190ef6d5340cb131a23701156c700b4ba
Would be great if someone from _PFRING dev team would give more insight into this issue and possible resolution.
Hope that it makes you feel a bit better knowing that you're not alone in this 'battle' ;)
ntallfellow
Hi, I'm currently experiencing an issue when attempting to compile the pfring-daq-module. I'm getting the following error when running ./configure.
Currently I'm trying to compile the daq-module to get snort3 working with it. I have followed the installation guide via the following link, but the instructions appear to be specific to snort 2.9 https://www.ntop.org/guides/pf_ring/thirdparty/snort-daq.html
I have the following software installed on the Debian 10 test system at the moment.
The libdaq-3.0.4 module was a requirement for the snort3 installation, as it would not compile with the earlier DAQ 2.0.6 version installed with the previous Snort 2.9 installation. From looking into the source code of libdaq, it doesn't appear to have the daq_api.h file anymore which was a requirement for the pf_ring module to compile.