Unable to compile suricata with latest pf_ring installation

[a-czyrny]

Summary

The suricata configuration script does not find the installed pf_ring libraries due to an "error" during the check:

> LIBS="-lrt" ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-geoip --enable-pfring --with-libpfring-includes=/usr/local/include --with-libpfring-libraries=/usr/local/lib

[...]
checking for pfring_open in -lpfring... no

   ERROR! --enable-pfring was passed but the library was not found, go get it
   from http://www.ntop.org/products/pf_ring/
[...]

> cat config.log

[...]
configure:17469: checking for pfring_open in -lpfring
configure:17494: gcc -o conftest -g -O2 -std=c11 -march=native   -I/usr/local/include  -rdynamic  -L/usr/local/lib conftest.c -lpfring -lpcap -lpcap -lnet -ljansson -lpthread -lyaml -lpcre -lrt -lnuma -lz -lpcap >&5
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/9/../../../../lib/libpfring.so: undefined reference to `utils_ethtoa'
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/9/../../../../lib/libpfring.so: undefined reference to `utils_read_version'
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/9/../../../../lib/libpfring.so: undefined reference to `utils_time_msec'
collect2: error: ld returned 1 exit status
[...]

This is the first time this error has occurred with this version of suricata. The version has already been successfully compiled.

pf_ring was installed from packages.

Additional information

> cat /proc/net/pf_ring/info

PF_RING Version          : 8.0.0 (8.0.0-stable:58e764f619bb4711a66b021f7a475401d99ba371)
Total rings              : 0

Standard (non ZC) Options
Ring slots               : 65536
Slot version             : 18
Capture TX               : Yes [RX+TX]
IP Defragment            : No
Socket Mode              : Standard
Cluster Fragment Queue   : 0
Cluster Fragment Discard : 0

> modinfo pf_ring

filename:       /lib/modules/5.4.0-100-generic/updates/dkms/pf_ring.ko
alias:          net-pf-27
version:        8.0.0
description:    Packet capture acceleration and analysis
author:         ntop.org
license:        GPL
srcversion:     39A03DB35F34BABB24A42CB
depends:        
retpoline:      Y
name:           pf_ring
vermagic:       5.4.0-100-generic SMP mod_unload modversions 
parm:           min_num_slots:Min number of ring slots (uint)
parm:           perfect_rules_hash_size:Perfect rules hash size (uint)
parm:           enable_tx_capture:Set to 1 to capture outgoing packets (uint)
parm:           enable_frag_coherence:Set to 1 to handle fragments (flow coherence) in clusters (uint)
parm:           enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is defragmentead) (uint)
parm:           quick_mode:Set to 1 to run at full speed but with upto one socket per interface (uint)
parm:           force_ring_lock:Set to 1 to force ring locking (automatically enable with rss) (uint)
parm:           enable_debug:Set to 1 to enable PF_RING debug tracing into the syslog, 2 for more verbosity (uint)
parm:           transparent_mode:(deprecated) (uint)

> uname -a

Linux [private] 5.4.0-100-generic #113-Ubuntu SMP Thu Feb 3 18:43:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

[cardigliano]

@a-czyrny could you check if pf_ring dev (8.1) is also affected by this issue?

[a-czyrny]

@a-czyrny could you check if pf_ring dev (8.1) is also affected by this issue?

After switching to pf_ring dev (8.1) the problem does not occur.

[victorjulien]

@cardigliano is this the proper fix for this issue? It would mean 8.0.0-stable isn't supported for Suricata. 7.8.0 and 8.2.0 seem to compile fine.

[cardigliano]

@victorjulien we only support latest stable (8.2) and dev (8.3) branches, 8.0 is EOL

[victorjulien]

Ok, good to know. Thanks!

[novaksam]

Looks like, at least with gcc-12 on ubuntu 22.04LTS, the std=c11 option on the suricata autoconf file is what is causing the compilation errors.