Compile error in Plugin.cc / AF_Packet.h with latest build

[EWickens]

Hey,

Have been building this within a docker container on the latest release (c993fc275864fd068e6a816fd2f3892a0d5f4cb7)

Encountered an issue during compilation which I've provided below, I rolled back to the 2.1.2 release and all is working on install again.

Hope this helps!

In file included from /tmp/zeek-af_packet-plugin/src/Plugin.cc:3:
/tmp/zeek-af_packet-plugin/src/AF_Packet.h:28:55: error: expected class-name before '{' token
   28 | class AF_PacketSource : public zeek::iosource::PktSrc {
      |                                                       ^
/tmp/zeek-af_packet-plugin/src/AF_Packet.h:46:9: error: 'PktSrc' does not name a type; did you mean 'pktsrc'?
   46 |  static PktSrc* InstantiateAF_Packet(const std::string& path, bool is_live);
      |         ^~~~~~
      |         pktsrc
/tmp/zeek-af_packet-plugin/src/AF_Packet.h:52:33: error: 'zeek::Packet' has not been declared
   52 |  virtual bool ExtractNextPacket(zeek::Packet* pkt);
      |                                 ^~~~
/tmp/zeek-af_packet-plugin/src/AF_Packet.h:56:26: error: 'Stats' has not been declared
   56 |  virtual void Statistics(Stats* stats);
      |                          ^~~~~
/tmp/zeek-af_packet-plugin/src/AF_Packet.h:59:2: error: 'Properties' does not name a type
   59 |  Properties props;
      |  ^~~~~~~~~~
/tmp/zeek-af_packet-plugin/src/AF_Packet.h:60:2: error: 'Stats' does not name a type
   60 |  Stats stats;
      |  ^~~~~
/tmp/zeek-af_packet-plugin/src/Plugin.cc: In member function 'virtual zeek::plugin::Configuration plugin::Zeek_AF_Packet::Plugin::Configure()':
/tmp/zeek-af_packet-plugin/src/Plugin.cc:12:19: error: expected type-specifier before '::' token
   12 |  AddComponent(new ::zeek::iosource::PktSrcComponent("AF_PacketReader", "af_packet", ::zeek::iosource::PktSrcComponent::LIVE, ::zeek::iosource::pktsrc::AF_PacketSource::InstantiateAF_Packet));
      |                   ^~
make[3]: Leaving directory '/tmp/zeek-af_packet-plugin/build'
make[3]: *** [CMakeFiles/Zeek-AF_Packet.linux-x86_64.dir/build.make:102: CMakeFiles/Zeek-AF_Packet.linux-x86_64.dir/src/Plugin.cc.o] Error 1
make[2]: *** [CMakeFiles/Makefile2:134: CMakeFiles/Zeek-AF_Packet.linux-x86_64.dir/all] Error 2
make[2]: Leaving directory '/tmp/zeek-af_packet-plugin/build'
make[1]: Leaving directory '/tmp/zeek-af_packet-plugin/build'
make[1]: *** [Makefile:172: all] Error 2
make: *** [Makefile:13: build-it] Error 2

[J-Gras]

Hey, thanks for the feedback! Which version of Zeek are you using? The current master was updated to be compatible with the changes of the upcoming Zeek release.

[EWickens]

No problem. My apologies I should have included that - my Zeek version is set as 3.2.3 based to match a dockerfile contained within ActiveCM's single-system Zeek cluster project. Cheers!

[J-Gras]

Hmm... so there are breaking changes with Zeek 4.0. It would be possible to add a compatibility layer to support versions down to 3.1. However, your approach to use the latest release (2.1.2) of the plugin is totally fine. Furthermore, the package manager should use the latest release by default. I am tempted to make a major release of the plugin once Zeek 4.0 is available to indicate the breaking changes and omit the compatibility layer. Would that work for you?

[EWickens]

That would be totally fine. I'm relatively new to using your plugin but will be using it going forward so I'm happy to keep using 2.1.2, just wanted to raise this with you for visibility :)

Thanks for the great work!

[J-Gras]

Cool, in that case I will stick to the plan of doing a new release for Zeek 4.0. Thanks a lot for bringing this up. I will keep the issue open until then.