[Rpcap-users] Re: rtdump won't compile...

[Mattt <ma...@ab...>]

On Sat, 2002-11-02 at 05:59, S. Krishnan wrote:
> It looks like rtdump is not able to link to librpcap.

Yes, that's what I thought. I've played around a bit with it, but can't
make it budge...

> - Which platform (H/W, OS) and OS version are you using?

I originally tried (without success) to build rpcap locally, on my
Debian Sarge (testing) box, K6II/500, 128mb/RAM, debian libpcap-dev
package.

I then shifted over to a Sid (unstable) unstable box I'm running as a
collector and analysis box (loghost, snort, etc, etc). This one has an
IDT Winchip 200mhz CPU (ix86 compat), and 64mb/RAM. After a short play
with the Debian libpcap-dev package, I built pcap from source, and
installed it.

rpcap was still complaining about the lack of pcap/pcap.h, and after
some trial and error, I managed to build rpcap from clean source by
adjusting some paths (/usr/local/lib and /usr/lib) in rpcap and copying
/usr/local/lib/pcap.h to /usr/local/lib/pcap/pcap.h - I'm guessing
(having not tested the probe yet) that this is where the problem lies.

> - What problems did you encounter with building and installing rpcap,
> since an improper rpcap install would cause the error messages that you
> encountered?  It would be nice to have a copy of the configure logfile
> that running ./configure would have generated in the build directory.

As described abovely, rpcap is now built and installed on the collector
machine (the probes won't be run from there, but for the purpose of the
build....). I haven't run the executable yet, as I don't have a client
to listen... config.log is attached.

> - Do you see any librpcap libraries in your install directory (the
> default is /usr/local/lib, unless you have changed it)?  

Yes. librcap-dev.so librpcap.a librpcap.la librpcap.so (libpcap.a is
also there).

> - Could you also see if you could mail a copy of the configure log file
> for rtdump too?

Certainly. Done ;-)
 
> Also, would it be possible for you to subscribe to the rpcap-users
> mailing list (you can find it on the sourceforge project page, at

Of course. I only failed to this time as it was empty. Now subscribed
;-)

> --- Mattt <ma...@ab...> wrote:
> > Greetings,
> > 
> > Finally arm-wrestled rpcap into building (although as yet untested) -
> > now can't get rtdump to compile. It fails with :
> > 
> > 
> >
> ======================================================================
> > gcc -O2 -DHAVE_CONFIG_H -I.  -I./missing -I/usr/include
> > -I/usr/include/openssl -L/usr/lib  -o
> > rtd                                               ump rtdump.o
> > print-arp.o print-atalk.o print-atm.o print-bootp.o print-decnet.o
> > print-domain.o pr                                              
> > int-dvmrp.o print-egp.o print-ether.o print-fddi.o print-gre.o
> > print-icmp.o print-igmp.o
> > print-ig                                               rp.o
> > print-ip.o
> > print-ipx.o print-isoclns.o print-krb.o print-llc.o print-nfs.o
> > print-ntp.o print                                              
> > -null.o
> > print-ospf.o print-pim.o print-ppp.o print-raw.o print-rip.o
> > print-sl.o
> > print-snmp.o prin                                              
> > t-stp.o
> > print-sunrpc.o print-tcp.o print-tftp.o print-udp.o print-wb.o
> > addrtoname.o gmt2local.o m                                           
> >   
> > achdep.o parsenfsfh.o util.o savestr.o setsignal.o print-esp.o
> > print-ah.o print-vjc.o
> > print-isakm                                               p.o
> > print-chdlc.o print-ipcomp.o print-mobile.o print-l2tp.o print-bgp.o
> > print-rx.o print-lane.o                                              
> > 
> > print-cip.o print-pppoe.o print-lcp.o print-smb.o smbutil.o
> > print-ascii.o print-telnet.o
> > print-cn                                               fp.o
> > print-vrrp.o
> > print-cdp.o print-token.o print-bxxp.o print-timed.o print-radius.o
> > print-sll.o                                               
> > str_utils.o
> > version.o  strlcat.o strlcpy.o bpf_dump.o -lcrypto -lrpcap -lnsl 
> > rtdump.o(.text+0x52c): In function `main':
> > : undefined reference to `pcap_open_offline'
> > rtdump.o(.text+0x94e): In function `main':
> > : undefined reference to `pcap_dump_open'
> > rtdump.o(.text+0x976): In function `main':
> > : undefined reference to `pcap_dump'
> > rtdump.o(.text+0xa65): In function `cleanup':
> > : undefined reference to `pcap_file'
> > rtdump.o(.text+0xbe1): In function `usage':
> > : undefined reference to `pcap_version'
> > addrtoname.o(.text+0x938): In function `init_eprotoarray':
> > : undefined reference to `eproto_db'
> > addrtoname.o(.text+0x93e): In function `init_eprotoarray':
> > : undefined reference to `eproto_db'
> > addrtoname.o(.text+0x99e): In function `init_eprotoarray':
> > : undefined reference to `eproto_db'
> > addrtoname.o(.text+0x9c8): In function `init_protoidarray':
> > : undefined reference to `eproto_db'
> > addrtoname.o(.text+0x9ce): In function `init_protoidarray':
> > : undefined reference to `eproto_db'
> > addrtoname.o(.text+0xa79): more undefined references to `eproto_db'
> > follow
> > util.o(.text+0x566): In function `read_infile':
> > : undefined reference to `pcap_strerror'
> > util.o(.text+0x59a): In function `read_infile':
> > : undefined reference to `pcap_strerror'
> > util.o(.text+0x5e1): In function `read_infile':
> > : undefined reference to `pcap_strerror'
> > bpf_dump.o(.text+0xaf): In function `bpf_dump':
> > : undefined reference to `bpf_image'
> > collect2: ld returned 1 exit status
> > make: *** [rtdump] Error 1
> > direwolf:/usr/local/src/rtdump# 
> >
> ========================================================================
> > 
> > Any ideas?

-- 
Cheers,
 Mattt.                               icq : 117539757 
 aboveNetworks                        tel : 0438 749 962
 ma...@ab... (mail/jabber)   www : www.above.nq4u.net
     
   There are only 10 kinds of people.
        Those who understand binary, and those who don't.