Project

General

Profile

Actions

Support #1225

closed

configure: error: libnetfilter_queue/libnetfilter_queue.h not found

Added by Jorick Astrego almost 10 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

As the libnetfilter_queue packages referenced in the install guide for centos 65 are several years old:

http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-0.0.15-1.x86_64.rpm
http://rules.emergingthreatspro.com/projects/emergingrepo/x86_64/libnetfilter_queue-devel-0.0.15-1.x86_64.rpm

I installed newer versions from the another source:

ftp://ftp5.gwdg.de/pub/opensuse/repositories/security%3A/netfilter/RHEL_6/x86_64/libnetfilter_queue1-1.0.2-38.3.x86_64.rpm
ftp://ftp5.gwdg.de/pub/opensuse/repositories/security%3A/netfilter/RHEL_6/x86_64/libnetfilter_queue-devel-1.0.2-38.3.x86_64.rpm

But when I try to compile with "--enable-nfqueue", I get an error that it can't find libnetfilter_queue/libnetfilter_queue.h:

configure: error: libnetfilter_queue/libnetfilter_queue.h not found ..

But it's there:

locate libnetfilter_queue.h
/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue.h

I also tried to specify the path without success:

--with-libnetfilter_queue-includes=/usr/include/libnetfilter_queue-1.0.2/ --with-libnetfilter_queue-libraries=/usr/include/libnetfilter_queue-1.0.2/

Actions #1

Updated by Victor Julien almost 10 years ago

Check your config.log, it's likely that you are missing nfnetlink.h. Make sure to install that library and it's dev headers as well.

Actions #2

Updated by Jorick Astrego almost 10 years ago

I installed the nfnetlink that is in base Centos repo now:

locate nfnetlink.h
/usr/include/libnfnetlink/libnfnetlink.h
/usr/include/linux/netfilter/nfnetlink.h

rpm -qa|grep nfnetlink
libnfnetlink-devel-1.0.0-1.el6.x86_64
libnfnetlink-1.0.0-1.el6.x86_64

from config.log:

configure:15155: checking for nfnl_fd in -lnfnetlink
configure:15180: gcc -o conftest -g -O2 -Wextra -Werror-implicit-function-declaration -fno-tree-pre -Wall -Wno-unused-parameter -std=gnu99 -march=native conftest.c -lnfnetlink -lpthread -lyaml -lpcre >&5
configure:15180: $? = 0
configure:15189: result: yes
configure:15249: checking libnetfilter_queue/libnetfilter_queue.h usability
configure:15249: gcc -c -g -O2 -Wextra -Werror-implicit-function-declaration -fno-tree-pre -Wall -Wno-unused-parameter -std=gnu99 -march=native -DNFQ conftest.c >&5
conftest.c:117:51: error: libnetfilter_queue/libnetfilter_queue.h: No such file or directory

Actions #3

Updated by Victor Julien almost 10 years ago

Hmm, you're passing --with-libnetfilter_queue-includes=/usr/include/libnetfilter_queue-1.0.2/, and Suricata's configure will add libnetfilter_queue/libnetfilter_queue.h to that. Are you sure the version number is part of the path on your system? /usr/include/libnetfilter_queue-1.0.2/. If so, I guess you should create a symlink to /usr/include/libnetfilter_queue

Actions #4

Updated by Victor Julien almost 10 years ago

Hmm no, you wrote it's in /usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/libnetfilter_queue.h

Actions #5

Updated by Victor Julien almost 10 years ago

Can you try with --with-libnetfilter-queue-includes=/usr/include/libnetfilter_queue-1.0.2/ --with-libnetfilter-queue-libraries=/usr/include/libnetfilter_queue-1.0.2/ Note: replaced the underscore by a dash in --with-libnetfilter-queue-includes and --with-libnetfilter-queue-libraries

Actions #6

Updated by Jorick Astrego almost 10 years ago

Nope:

checking for nfnl_fd in -lnfnetlink... yes
checking libnetfilter_queue/libnetfilter_queue.h usability... no
checking libnetfilter_queue/libnetfilter_queue.h presence... no
checking for libnetfilter_queue/libnetfilter_queue.h... no
configure: error: libnetfilter_queue/libnetfilter_queue.h not found ...

./configure --help|grep libnetfilter_queue
--with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory
--with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory
ls la /usr/include/libnetfilter_queue-1.0.2/
total 16
drwxr-xr-x. 3 root root 4096 Jun 26 13:33 .
drwxr-xr-x. 37 root root 4096 Jun 26 14:29 ..
-rw-r--r-
. 1 root root 656 Apr 24 23:18 internal.h
drwxr-xr-x. 2 root root 4096 Jun 26 13:33 libnetfilter_queue

Also tried the symlink option.

Actions #7

Updated by Jason Ish almost 10 years ago

I think the problem here is that libnetfilter_queue 1.0.2 expects a newer version of libnfnetlink (but doesn't require it with the package). A quick hack fix is to edit

/usr/include/libnetfilter_queue-1.0.2/libnetfilter_queue/linux_nfnetlink_queue.h

and replace:

#include <libnfnetlink/linux_nfnetlink.h>

with:

#include <libnfnetlink/libnfnetlink.h>

This should get you compiling, but I'm not sure if other issues lay ahead at run time.

Actions #8

Updated by Gabriel Paiu over 9 years ago

I've actually come across this today as I have installed a newer libnetfilter_queue version (1.0.2) from a RPM entitled libnetfilter_queue1 that I found. That indeed created /usr/include/libnetfilter-1.0.2 where it stored the files and you'd therefore needed to have passed the include directory in the configure command.

What I did instead was to build the RPM from scratch with the sources taken from their website:

http://netfilter.org/projects/libnetfilter_queue/index.html
http://netfilter.org/projects/libnfnetlink/index.html

Actions #9

Updated by Jason Ish about 8 years ago

  • Status changed from New to Closed

Closing. EPEL for EL6 now includes libnetfilter_queue that should be new enough for Suricata simplifying nfqueue enabled installs.

CentOS 5 is likely another story, and questionable whether it should still be supported or not?

Actions #10

Updated by Victor Julien about 8 years ago

  • Tracker changed from Bug to Support

For CentOS5 ppl will have to install the dependencies that are not in a repo from source.

Actions #11

Updated by Peter Manev about 8 years ago

In my view it's never a good idea to support unsupported/outdated OS - CentOS 5 has "maintenance updates" support until March 2017 on a 2.6.18 kernel (https://wiki.centos.org/About/Product) - there is high probability that a lot of things are not going to work.

Actions

Also available in: Atom PDF