search

ntop / nDPI

Open Source Deep Packet Inspection Software Toolkit
http://www.ntop.org
GNU Lesser General Public License v3.0
3.85k stars 898 forks source link

configure --disable-gcrypt still runs UT that depend on it. #1117

Closed nickbroon closed 3 years ago

nickbroon commented 3 years ago 
./autogen.sh
./configure --disable-gcrypt
make
cd test; do.sh

./configure --disable-gcrypt should disable those UT that depend on gcrypt, so that running the UT still succeeds.

pjaitken commented 3 years ago

--disable-gcrypt is required because debian/buster has libgcrypt20=1.8.4. Perhaps libgcrypt20=1.8.7 (per sid/bullseye) is required.

Without --disable-gcrypt, the build failure is:

[   27s] /usr/bin/ld: ../src/lib/libndpi.a(quic.o): undefined reference to symbol 'gcry_cipher_setiv@@GCRYPT_1.6'
[   27s] /usr/bin/ld: //lib/x86_64-linux-gnu/libgcrypt.so.20: error adding symbols: DSO missing from command line

Although nDPI builds with --disable-gcrypt, the following tests fail:

[   26s] gquic.pcap                         ERROR
[   26s] quic-23.pcap                       ERROR
[   26s] quic-24.pcap                       ERROR
[   26s] quic-27.pcap                       ERROR
[   27s] quic-28.pcap                       ERROR
[   27s] quic-29.pcap                       ERROR
[   27s] quic-mvfst-22.pcap                 ERROR
[   27s] quic-mvfst-27.pcap                 ERROR
[   27s] quic-mvfst-exp.pcap                ERROR
[   27s] quic_q50.pcap                      ERROR
[   27s] quic_t50.pcap                      ERROR
[   27s] quic_t51.pcap                      ERROR
utoni commented 3 years ago

You are right indeed. A possible solution involves Automake. I'm working on that issue.

IvanNardi commented 3 years ago

--disable-gcrypt is required because debian/buster has libgcrypt20=1.8.4. Perhaps libgcrypt20=1.8.7 (per sid/bullseye) is required.

This is quite strange to me. AFAIK, libgcrypt20 1.8.4 is far more than enough to have QUIC decryption support: minimum version should be 1.6.0 Are you using some "strange" configure/compilation flags?

nickbroon commented 3 years ago

Build on Debian Buster with libgcrypt20=1.8.4 resulting in the below link error:

dh_auto_configure -- --prefix=/usr
    ./configure --build=x86_64-linux-gnu --prefix=/usr --includedir=\${prefix}/include --mandir=\${prefix}/share/man --infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-silent-rules --libdir=\${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --prefix=/usr
configure: WARNING: unrecognized options: --disable-maintainer-mode
checking for numa_available in -lnuma... yes
checking for pcap_open_live in -lpcap... yes
checking for pthread_setaffinity_np in -lpthread... yes
checking for gcry_cipher_checktag in -lgcrypt... yes
checking for gpg_strerror_r in -lgpg-error... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
gcc -g -O2 -fdebug-prefix-map=/home/user1/work/DANOS/ndpi=. -fstack-protector-strong -Wformat -Werror=format-security -I/usr/include/json-c -fPIC -DPIC -I../include -Ithird_party/include -DNDPI_LIB_COMPILATION -Wall -g -O2 -fdebug-prefix-map=/home/user1/work/DANOS/ndpi=. -fstack-protector-strong -Wformat -Werror=format-security -I/usr/include/json-c  -Wdate-time -D_FORTIFY_SOURCE=2 -c protocols/quic.c -o protocols/quic.o
gcc -shared -fPIC -Wl,-soname,libndpi.so.3.4 -o libndpi.so.3.4.0  protocols/amazon_video.o  protocols/mail_pop.o  protocols/dhcp.o  protocols/tcp_udp.o  protocols/rtp.o  protocols/world_of_warcraft.o  protocols/rtmp.o  protocols/rdp.o  protocols/viber.o  protocols/tinc.o  protocols/edonkey.o  protocols/quic.o  protocols/tls.o  protocols/apple_push.o  protocols/xdmcp.o  protocols/whoisdas.o  protocols/s7comm.o  protocols/whatsapp.o  protocols/rtsp.o  protocols/vmware.o  protocols/ssdp.o  protocols/memcached.o  protocols/rtcp.o  protocols/tftp.o  protocols/afp.o  protocols/zabbix.o  protocols/mpegts.o  protocols/coap.o  protocols/vnc.o  protocols/ayiya.o  protocols/sopcast.o  protocols/kakaotalk_voice.o  protocols/directdownloadlink.o  protocols/targus_getdata.o  protocols/radius.o  protocols/wireguard.o  protocols/maplestory.o  protocols/git.o  protocols/dropbox.o  protocols/warcraft3.o  protocols/nfs.o  protocols/mysql.o  protocols/websocket.o  protocols/iec60870-5-104.o  protocols/teamviewer.o  protocols/ssh.o  protocols/mining.o  protocols/nats.o  protocols/ftp_control.o  protocols/steam.o  protocols/stun.o  protocols/capwap.o  protocols/bittorrent.o  protocols/dns.o  protocols/fbzero.o  protocols/sip.o  protocols/openvpn.o  protocols/rx.o  protocols/zattoo.o  protocols/florensia.o  protocols/starcraft.o  protocols/shoutcast.o  protocols/http.o  protocols/ubntac2.o  protocols/lisp.o  protocols/mgcp.o  protocols/kontiki.o  protocols/collectd.o  protocols/mail_imap.o  protocols/halflife2_and_mods.o  protocols/kerberos.o  protocols/skinny.o  protocols/thunder.o  protocols/teamspeak.o  protocols/smpp.o  protocols/postgres.o  protocols/noe.o  protocols/soulseek.o  protocols/iax.o  protocols/jabber.o  protocols/icecast.o  protocols/http_activesync.o  protocols/rsync.o  protocols/smb.o  protocols/gnutella.o  protocols/lotus_notes.o  protocols/zeromq.o  protocols/citrix.o  protocols/spotify.o  protocols/guildwars.o  protocols/h323.o  protocols/pptp.o  protocols/aimini.o  protocols/netflow.o  protocols/eaq.o  protocols/non_tcp_udp.o  protocols/telegram.o  protocols/snmp_proto.o  protocols/redis_net.o  protocols/bgp.o  protocols/netbios.o  protocols/stealthnet.o  protocols/syslog.o  protocols/telnet.o  protocols/crossfire.o  protocols/soap.o  protocols/applejuice.o  protocols/irc.o  protocols/mqtt.o  protocols/fix.o  protocols/dhcpv6.o  protocols/mail_smtp.o  protocols/dcerpc.o  protocols/drda.o  protocols/hangout.o  protocols/upnp.o  protocols/qq.o  protocols/xbox.o  protocols/ipp.o  protocols/ookla.o  protocols/diameter.o  protocols/dnscrypt.o  protocols/teredo.o  protocols/csgo.o  protocols/amqp.o  protocols/ftp_data.o  protocols/socks45.o  protocols/ntp.o  protocols/skype.o  protocols/sflow.o  protocols/bjnp.o  protocols/ajp.o  protocols/oracle.o  protocols/modbus.o  protocols/fiesta.o  protocols/gtp.o  protocols/openft.o  protocols/corba.o  protocols/usenet.o  protocols/nintendo.o  protocols/mssql_tds.o  protocols/dofus.o  protocols/checkmk.o  protocols/world_of_kung_fu.o  protocols/someip.o  protocols/imo.o  protocols/ppstream.o  protocols/megaco.o  protocols/directconnect.o  protocols/dnp3.o  protocols/vhua.o  protocols/ldap.o  protocols/armagetron.o  protocols/tor.o  protocols/ciscovpn.o  protocols/btlib.o  protocols/tvuplayer.o  protocols/nest_log_sink.o  protocols/fasttrack.o  third_party/src/libinjection_sqli.o  third_party/src/ndpi_md5.o  third_party/src/strptime.o  third_party/src/libcache.o  third_party/src/ndpi_patricia.o  third_party/src/node.o  third_party/src/ahocorasick.o  third_party/src/sort.o  third_party/src/ht_hash.o  third_party/src/libinjection_xss.o  third_party/src/sha1-fast.o  third_party/src/ndpi_sha1.o  third_party/src/libinjection_html5.o  ./ndpi_main.o  ./ndpi_community_id.o  ./ndpi_classify.o  ./ndpi_serializer.o  ./ndpi_utils.o  ./ndpi_analyze.o -Wl,-z,relro -Wl,-z,now  -lgcrypt -lgpg-error -lgcrypt
ranlib libndpi.a
ln -fs libndpi.so.3.4.0 libndpi.so
ln -fs libndpi.so.3.4.0 libndpi.so.3.4
make[2]: Leaving directory '/home/user1/work/DANOS/ndpi/src/lib'
Making all in generation
make[2]: Entering directory '/home/user1/work/DANOS/ndpi/generation'
gcc -g -I../src/include -g -O2 -fdebug-prefix-map=/home/user1/work/DANOS/ndpi=. -fstack-protector-strong -Wformat -Werror=format-security -I/usr/include/json-c applications_list.c -o applications_list ../src/lib/libndpi.a -lpcap -lpthread -lm -Wl,-z,relro -Wl,-z,now
gcc -g -I../src/include -g -O2 -fdebug-prefix-map=/home/user1/work/DANOS/ndpi=. -fstack-protector-strong -Wformat -Werror=format-security -I/usr/include/json-c ndpi_show_name.c -o ndpi_show_name ../src/lib/libndpi.a -lpcap -lpthread -lm -Wl,-z,relro -Wl,-z,now
/usr/bin/ld: ../src/lib/libndpi.a(ndpi_main.o): in function `ndpi_init_detection_module':
./src/lib/ndpi_main.c:2005: undefined reference to `gcry_control'
/usr/bin/ld: ./src/lib/ndpi_main.c:2006: undefined reference to `gcry_check_version'
/usr/bin/ld: ./src/lib/ndpi_main.c:2014: undefined reference to `gcry_control'
/usr/bin/ld: ../src/lib/libndpi.a(ndpi_main.o): in function `ndpi_get_gcrypt_version':
./src/lib/ndpi_main.c:6412: undefined reference to `gcry_check_version'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `hkdf_expand':
./src/lib/protocols/quic.c:307: undefined reference to `gcry_md_get_algo_dlen'
/usr/bin/ld: ./src/lib/protocols/quic.c:315: undefined reference to `gcry_md_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:321: undefined reference to `gcry_md_reset'
/usr/bin/ld: ./src/lib/protocols/quic.c:322: undefined reference to `gcry_md_setkey'
/usr/bin/ld: ./src/lib/protocols/quic.c:321: undefined reference to `gcry_md_reset'
/usr/bin/ld: ./src/lib/protocols/quic.c:322: undefined reference to `gcry_md_setkey'
/usr/bin/ld: ./src/lib/protocols/quic.c:324: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:326: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:329: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:331: undefined reference to `gcry_md_read'
/usr/bin/ld: ./src/lib/protocols/quic.c:335: undefined reference to `gcry_md_close'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `ws_hmac_buffer':
./src/lib/protocols/quic.c:285: undefined reference to `gcry_md_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:289: undefined reference to `gcry_md_setkey'
/usr/bin/ld: ./src/lib/protocols/quic.c:294: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:295: undefined reference to `gcry_md_get_algo_dlen'
/usr/bin/ld: ./src/lib/protocols/quic.c:295: undefined reference to `gcry_md_read'
/usr/bin/ld: ./src/lib/protocols/quic.c:296: undefined reference to `gcry_md_close'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_prepare':
./src/lib/protocols/quic.c:542: undefined reference to `gcry_cipher_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:543: undefined reference to `gcry_cipher_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:552: undefined reference to `gcry_cipher_get_algo_keylen'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_init':
./src/lib/protocols/quic.c:491: undefined reference to `gcry_md_get_algo_dlen'
/usr/bin/ld: ./src/lib/protocols/quic.c:503: undefined reference to `gcry_cipher_setkey'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_reset':
./src/lib/protocols/quic.c:476: undefined reference to `gcry_cipher_close'
/usr/bin/ld: ./src/lib/protocols/quic.c:477: undefined reference to `gcry_cipher_close'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_init':
./src/lib/protocols/quic.c:504: undefined reference to `gcry_cipher_setkey'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_decrypt_header':
./src/lib/protocols/quic.c:588: undefined reference to `gcry_cipher_encrypt'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_decrypt_message':
./src/lib/protocols/quic.c:680: undefined reference to `gcry_cipher_ctl'
/usr/bin/ld: ./src/lib/protocols/quic.c:681: undefined reference to `gcry_cipher_setiv'
/usr/bin/ld: ./src/lib/protocols/quic.c:692: undefined reference to `gcry_cipher_authenticate'
/usr/bin/ld: ./src/lib/protocols/quic.c:705: undefined reference to `gcry_cipher_decrypt'
/usr/bin/ld: ./src/lib/protocols/quic.c:714: undefined reference to `gcry_cipher_checktag'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_reset':
./src/lib/protocols/quic.c:476: undefined reference to `gcry_cipher_close'
/usr/bin/ld: ./src/lib/protocols/quic.c:477: undefined reference to `gcry_cipher_close'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:9: ndpi_show_name] Error 1
make[2]: *** Waiting for unfinished jobs....
/usr/bin/ld: ../src/lib/libndpi.a(ndpi_main.o): in function `ndpi_init_detection_module':
./src/lib/ndpi_main.c:2005: undefined reference to `gcry_control'
/usr/bin/ld: ./src/lib/ndpi_main.c:2006: undefined reference to `gcry_check_version'
/usr/bin/ld: ./src/lib/ndpi_main.c:2014: undefined reference to `gcry_control'
/usr/bin/ld: ../src/lib/libndpi.a(ndpi_main.o): in function `ndpi_get_gcrypt_version':
./src/lib/ndpi_main.c:6412: undefined reference to `gcry_check_version'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `hkdf_expand':
./src/lib/protocols/quic.c:307: undefined reference to `gcry_md_get_algo_dlen'
/usr/bin/ld: ./src/lib/protocols/quic.c:315: undefined reference to `gcry_md_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:321: undefined reference to `gcry_md_reset'
/usr/bin/ld: ./src/lib/protocols/quic.c:322: undefined reference to `gcry_md_setkey'
/usr/bin/ld: ./src/lib/protocols/quic.c:321: undefined reference to `gcry_md_reset'
/usr/bin/ld: ./src/lib/protocols/quic.c:322: undefined reference to `gcry_md_setkey'
/usr/bin/ld: ./src/lib/protocols/quic.c:324: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:326: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:329: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:331: undefined reference to `gcry_md_read'
/usr/bin/ld: ./src/lib/protocols/quic.c:335: undefined reference to `gcry_md_close'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `ws_hmac_buffer':
./src/lib/protocols/quic.c:285: undefined reference to `gcry_md_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:289: undefined reference to `gcry_md_setkey'
/usr/bin/ld: ./src/lib/protocols/quic.c:294: undefined reference to `gcry_md_write'
/usr/bin/ld: ./src/lib/protocols/quic.c:295: undefined reference to `gcry_md_get_algo_dlen'
/usr/bin/ld: ./src/lib/protocols/quic.c:295: undefined reference to `gcry_md_read'
/usr/bin/ld: ./src/lib/protocols/quic.c:296: undefined reference to `gcry_md_close'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_prepare':
./src/lib/protocols/quic.c:542: undefined reference to `gcry_cipher_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:543: undefined reference to `gcry_cipher_open'
/usr/bin/ld: ./src/lib/protocols/quic.c:552: undefined reference to `gcry_cipher_get_algo_keylen'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_init':
./src/lib/protocols/quic.c:491: undefined reference to `gcry_md_get_algo_dlen'
/usr/bin/ld: ./src/lib/protocols/quic.c:503: undefined reference to `gcry_cipher_setkey'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_reset':
./src/lib/protocols/quic.c:476: undefined reference to `gcry_cipher_close'
/usr/bin/ld: ./src/lib/protocols/quic.c:477: undefined reference to `gcry_cipher_close'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_init':
./src/lib/protocols/quic.c:504: undefined reference to `gcry_cipher_setkey'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_decrypt_header':
./src/lib/protocols/quic.c:588: undefined reference to `gcry_cipher_encrypt'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_decrypt_message':
./src/lib/protocols/quic.c:680: undefined reference to `gcry_cipher_ctl'
/usr/bin/ld: ./src/lib/protocols/quic.c:681: undefined reference to `gcry_cipher_setiv'
/usr/bin/ld: ./src/lib/protocols/quic.c:692: undefined reference to `gcry_cipher_authenticate'
/usr/bin/ld: ./src/lib/protocols/quic.c:705: undefined reference to `gcry_cipher_decrypt'
/usr/bin/ld: ./src/lib/protocols/quic.c:714: undefined reference to `gcry_cipher_checktag'
/usr/bin/ld: ../src/lib/libndpi.a(quic.o): in function `quic_cipher_reset':
./src/lib/protocols/quic.c:476: undefined reference to `gcry_cipher_close'
/usr/bin/ld: ./src/lib/protocols/quic.c:477: undefined reference to `gcry_cipher_close'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:9: applications_list] Error 1
IvanNardi commented 3 years ago

Sorry for the silly question, but may it be possible that in the line: gcc -g -I../src/include -g -O2 -fdebug-prefix-map=/home/user1/work/DANOS/ndpi=. -fstack-protector-strong -Wformat -Werror=format-security -I/usr/include/json-c ndpi_show_name.c -o ndpi_show_name ../src/lib/libndpi.a -lpcap -lpthread -lm -Wl,-z,relro -Wl,-z,now "-lgcrypt" is missing? Please note that I don't know what ndpi_show_name is My 2 cents

utoni commented 3 years ago

@IvanNardi: GCC with the parameter -c tells the compiler to generate object files without any linkage.

EDIT: Sorry I was wrong. I thought you were referencing a different line.

pjaitken commented 3 years ago

ndpi_show_name is a little application we wrote to show some details about an application, ie the name/type mapping.

ndpi_show_name aside, we cannot build nDPI with gcrypt:

[   27s] /usr/bin/ld: ../src/lib/libndpi.a(quic.o): undefined reference to symbol 'gcry_cipher_setiv@@GCRYPT_1.6'
[   27s] /usr/bin/ld: //lib/x86_64-linux-gnu/libgcrypt.so.20: error adding symbols: DSO missing from command line

After building with --disable-gcrypt, the quic tests fail because the generated output does not match the expected test result:

[   31s] ../example/ndpiReader -p ../example/protos.txt -c ../example/categories.txt -q -t -i pcap/quic-23.pcap -w /tmp/reader.out -v 2 [old vs new] 
[   31s] 3,8c3
[   31s] < JA3 Host Stats: 
[   31s] <               IP Address                      # JA3C     
[   31s] <      1        2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7         1      
[   31s] < 
[   31s] < 
[   31s] <      1       UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][ALPN: h3-22][TLS Supported Versions: TLSv1.3][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][TLSv1.3][Client: quic.aiortc.org][JA3C: d9e7bdb15af8e499820ca74a68affd78][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0]
[   31s] ---
[   31s] >      1       UDP [2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7]:50339 <-> [3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab]:443 [proto: 188/QUIC][cat: Web/5][10 pkts/2613 bytes <-> 10 pkts/4578 bytes][Goodput ratio: 76/86][0.11 sec][bytes ratio: -0.273 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 6/8 38/34 12/15][Pkt Len c2s/s2c min/avg/max/stddev: 92/94 261/458 1342/1342 373/458][Plen Bins: 5,35,15,10,5,0,0,5,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,5,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0]
[   31s] -rw-r--r-- 1 abuild abuild 666 Dec 18 09:50 result/quic-24.pcap.out

Since these tests seem to require gcrypt, they should be disabled when nDPI is not built with gcrypt.

IvanNardi commented 3 years ago

ndpi_show_name aside, we cannot build nDPI with gcrypt:

Could you kindly attach the entire log (configure + make) showing the build failure, please? I am asking that, because I am a bit confused by the first lines:

gcc -shared -fPIC -Wl,-soname,libndpi.so.3.4 -o libndpi.so.3.4.0  protocols/amazon_video.o  protocols/mail_pop.o  protocols/dhcp.o  protocols/tcp_udp.o  protocols/rtp.o  protocols/world_of_warcraft.o  protocols/rtmp.o  protocols/rdp.o  protocols/viber.o  protocols/tinc.o  protocols/edonkey.o  protocols/quic.o  protocols/tls.o  protocols/apple_push.o  protocols/xdmcp.o  protocols/whoisdas.o  protocols/s7comm.o  protocols/whatsapp.o  protocols/rtsp.o  protocols/vmware.o  protocols/ssdp.o  protocols/memcached.o  protocols/rtcp.o  protocols/tftp.o  protocols/afp.o  protocols/zabbix.o  protocols/mpegts.o  protocols/coap.o  protocols/vnc.o  protocols/ayiya.o  protocols/sopcast.o  protocols/kakaotalk_voice.o  protocols/directdownloadlink.o  protocols/targus_getdata.o  protocols/radius.o  protocols/wireguard.o  protocols/maplestory.o  protocols/git.o  protocols/dropbox.o  protocols/warcraft3.o  protocols/nfs.o  protocols/mysql.o  protocols/websocket.o  protocols/iec60870-5-104.o  protocols/teamviewer.o  protocols/ssh.o  protocols/mining.o  protocols/nats.o  protocols/ftp_control.o  protocols/steam.o  protocols/stun.o  protocols/capwap.o  protocols/bittorrent.o  protocols/dns.o  protocols/fbzero.o  protocols/sip.o  protocols/openvpn.o  protocols/rx.o  protocols/zattoo.o  protocols/florensia.o  protocols/starcraft.o  protocols/shoutcast.o  protocols/http.o  protocols/ubntac2.o  protocols/lisp.o  protocols/mgcp.o  protocols/kontiki.o  protocols/collectd.o  protocols/mail_imap.o  protocols/halflife2_and_mods.o  protocols/kerberos.o  protocols/skinny.o  protocols/thunder.o  protocols/teamspeak.o  protocols/smpp.o  protocols/postgres.o  protocols/noe.o  protocols/soulseek.o  protocols/iax.o  protocols/jabber.o  protocols/icecast.o  protocols/http_activesync.o  protocols/rsync.o  protocols/smb.o  protocols/gnutella.o  protocols/lotus_notes.o  protocols/zeromq.o  protocols/citrix.o  protocols/spotify.o  protocols/guildwars.o  protocols/h323.o  protocols/pptp.o  protocols/aimini.o  protocols/netflow.o  protocols/eaq.o  protocols/non_tcp_udp.o  protocols/telegram.o  protocols/snmp_proto.o  protocols/redis_net.o  protocols/bgp.o  protocols/netbios.o  protocols/stealthnet.o  protocols/syslog.o  protocols/telnet.o  protocols/crossfire.o  protocols/soap.o  protocols/applejuice.o  protocols/irc.o  protocols/mqtt.o  protocols/fix.o  protocols/dhcpv6.o  protocols/mail_smtp.o  protocols/dcerpc.o  protocols/drda.o  protocols/hangout.o  protocols/upnp.o  protocols/qq.o  protocols/xbox.o  protocols/ipp.o  protocols/ookla.o  protocols/diameter.o  protocols/dnscrypt.o  protocols/teredo.o  protocols/csgo.o  protocols/amqp.o  protocols/ftp_data.o  protocols/socks45.o  protocols/ntp.o  protocols/skype.o  protocols/sflow.o  protocols/bjnp.o  protocols/ajp.o  protocols/oracle.o  protocols/modbus.o  protocols/fiesta.o  protocols/gtp.o  protocols/openft.o  protocols/corba.o  protocols/usenet.o  protocols/nintendo.o  protocols/mssql_tds.o  protocols/dofus.o  protocols/checkmk.o  protocols/world_of_kung_fu.o  protocols/someip.o  protocols/imo.o  protocols/ppstream.o  protocols/megaco.o  protocols/directconnect.o  protocols/dnp3.o  protocols/vhua.o  protocols/ldap.o  protocols/armagetron.o  protocols/tor.o  protocols/ciscovpn.o  protocols/btlib.o  protocols/tvuplayer.o  protocols/nest_log_sink.o  protocols/fasttrack.o  third_party/src/libinjection_sqli.o  third_party/src/ndpi_md5.o  third_party/src/strptime.o  third_party/src/libcache.o  third_party/src/ndpi_patricia.o  third_party/src/node.o  third_party/src/ahocorasick.o  third_party/src/sort.o  third_party/src/ht_hash.o  third_party/src/libinjection_xss.o  third_party/src/sha1-fast.o  third_party/src/ndpi_sha1.o  third_party/src/libinjection_html5.o  ./ndpi_main.o  ./ndpi_community_id.o  ./ndpi_classify.o  ./ndpi_serializer.o  ./ndpi_utils.o  ./ndpi_analyze.o -Wl,-z,relro -Wl,-z,now  -lgcrypt -lgpg-error -lgcrypt 
ranlib libndpi.a
ln -fs libndpi.so.3.4.0 libndpi.so
ln -fs libndpi.so.3.4.0 libndpi.so.3.4

where it seems that libndpi is correctly built with gcrypt. Am I missing something obvious here?

I understand that your main concern might be the test failures, but it is a pity to ship nDPI on modern distribution without QUIC support...

pjaitken commented 3 years ago

After looking carefully at the build log, I see that the build failure was in ndpi_show_name and was fixed by adding -lgcrypt. Now the build succeeds, and the tests pass - provided that libgcrypt was either enabled or detected. However with --disable-gcrypt, the build succeeds but all the quic tests fail.

pjaitken commented 3 years ago

DANOS uses openSSL for encryption. There's push-back against the extra red-tape we'd encounter by adding another crypto library just for nDPI - so we had to build without libgcrypt and remove the quic tests.

Could nDPI optionally use OpenSSL rather than libgcrypt?

I've opened https://github.com/ntop/nDPI/issues/1120 to track this.