No afpacket module

[Gunkkk]

./bootstrap ./configure and

[Xiche]

You'd have to check the config output from earlier and config.log as to why it decided not to build the AFPacket DAQ module. Judging by your other issue, it looks like you're using CentOS 7 with Linux kernel 3.10.0, which does not meet the requirements for the AFPacket DAQ module. See https://github.com/snort3/libdaq/blob/master/modules/afpacket/README.afpacket.md.

[Gunkkk]

You'd have to check the config output from earlier and config.log as to why it decided not to build the AFPacket DAQ module. Judging by your other issue, it looks like you're using CentOS 7 with Linux kernel 3.10.0, which does not meet the requirements for the AFPacket DAQ module. See https://github.com/snort3/libdaq/blob/master/modules/afpacket/README.afpacket.md.

Well, it seems that kernel version requires 3.14+, however, with daq2.2, the afpacket can be built, can we use daq2.2 in snort 3.1 please? Thanks！

[Xiche]

No, the final version of Snort 3 requires LibDAQ 3. LibDAQ 2.2 was a temporary solution based on Snort 2 before moving to the new framework. Unfortunately for you, CentOS 7 is basically a time capsule from 2013 and Snort 3 is modern software with modern dependencies and requirements. I could have conditionalized/augmented the code in the AFPacket DAQ module to work in a degraded form with the older kernel, but I decided to draw the line at the capabilities provided by Linux kernel 3.14, which was released in March 2014 to limit the support/testing surface of the code. You'll also find the that toolchain in CentOS 7 is not modern enough to support the required C++ standard used by Snort 3 (C++14).

[redbaron4]

@Xiche I just hit this. While I can understand your reasoning for excluding Linux Kernel pre 3.14, CentOS7 is pretty stable & well supported so I think atleast Kernel-3.10 should have been supported.

With regards to rest of toolchain not being modern enough, I can build CentOS7 RPM for SNort using the devtoolset software collection repo out of the box.