Docker build fails for 1.7.0

[RichardMore]

Hi,

I am trying to build the 1.7.0 version in docker using the following Dockerfile

FROM alpine:3

ARG NFDUMP_VERSION=1.7.0

WORKDIR /tmp

ADD https://github.com/phaag/nfdump/archive/refs/tags/v.$NFDUMP_VERSION.tar.gz /tmp
RUN  \
   apk add --no-cache libtool bzip2-dev && \
   apk add --no-cache --virtual build-deps libtool autoconf automake m4 pkgconfig make g++ flex byacc

RUN  \
    tar xfz v.$NFDUMP_VERSION.tar.gz  \
    && cd /tmp/nfdump-v.$NFDUMP_VERSION \
    && ./autogen.sh  \
    && ./configure --enable-nsel=yes --enable-shared=true --enable-sflow=yes \
    && make  \
    && cd /tmp/nfdump-v.$NFDUMP_VERSION && make install  \
    && cd .. \
    && rm -rf nfdump-v.$NFDUMP_VERSION  \
    && rm /tmp/v.$NFDUMP_VERSION.tar.gz  \
    && apk del build-deps

VOLUME /data

CMD ["sfcapd", "-T", "all", "-l", "/data", "-S", "1", "-w", "-z", "-p", "9999"]

I get the following error: checking for lex library... none needed checking for library containing yywrap... no configure: WARNING: yywrap not found; giving up on flex configure: error: No lex or flex found on system The command '/bin/sh -c tar xfz v.$NFDUMP_VERSION.tar.gz && cd /tmp/nfdump-v.$NFDUMP_VERSION && ./autogen.sh && ./configure --enable-nsel=yes --enable-shared=true --enable-sflow=yes && make && cd /tmp/nfdump-v.$NFDUMP_VERSION && make install && cd .. && rm -rf nfdump-v.$NFDUMP_VERSION && rm /tmp/v.$NFDUMP_VERSION.tar.gz && apk del build-deps' returned a non-zero code: 1

Am I missing some lib that is not installed? I tried adding flex-dev but no success. Docker readme still references v1.6.19 in the v1.7.0 release

[phaag]

It seems, as Alpine Linux uses different flex versions and therefore flex libraries. I fixed the configure process in order to support Alpine Linux. I also updated in the extra/docker directory the docker files and added a generic Dockerfile for alpine Linux. As I am not a docker expert, someone else could help to maintain them.

Just as a hint: Your ./configure command is a bit wired and the sfcapd process results from a rather old NfSen script. Most users would not need --enable-nsel and start sfcpad finally. I would recommend to run configure as ./configure --enable-sflow --enable-maxmind --enable-nfpcapd. This builds nfcapd, sfcapd and nfcapd as well as geolookup. If you really need the nsel version, build it on request or have an extra Dockerfile. To start a collector change CMD to: CMD ["sfcapd", "-w", "/data", "-S", "1", "-y", "-p", "9999"] or CMD ["nfcapd", "-w", "/data", "-S", "1", "-y", "-p", "9995"] nfpcapd is basically identical than nfcapd but needs an interface -i instead of a port -p

[phaag]

Please use the Dockerfile in master repo. I missed to add the correct one t the release .. sigh ..

[RichardMore]

Hi, Thank you for the correction, the master is good now after I added the backslashes to the multiline commands

RUN \
  apk add --no-cache build-base gcc abuild binutils make && \
  apk add --no-cache libtool bzip2-dev libpcap-dev flex bison && \
  apk add --no-cache autoconf automake m4 pkgconfig

RUN \
  tar zxf v$NFDUMP_VERSION.tar.gz && \
  cd /tmp/nfdump-$NFDUMP_VERSION && \
  ./autogen.sh && \
  ./configure --enable-maxmind --enable-nfpcapd --enable-sflow && \
  make && \
  cd /tmp/nfdump-$NFDUMP_VERSION && make install && \
  cd .. && \
  rm -rf nfdump-v$NFDUMP_VERSION && \
  rm /tmp/v$NFDUMP_VERSION.tar.gz && \
  apk del build-base gcc flex bison autoconf automake m4 pkgconfig

Now that it has been built successfully and there is flow collection when I check the data with nfdump -R /data I get the following warning/error for all flows and in the case of -s before the results show it is showing this infinite times:

nbar application ID length 13 > 8 bytes not supported
Unknown extension '20'

Unknown extension '22'

What are these warnings refer to? Is it an issue with the build or app?

[phaag]

As the original subject of the ticket is fixed, I will close it and moved the new issues into a new ticket #361