RedHat and debian libpcap problems

Carter Bullard carter at qosient.com
Mon May 6 09:03:47 EDT 2002


Hey Russell,
   Yes, you should install libpcap from source.  The
seg faulting problem that Argus was having on RedHat 7.2,
was due to a libpcap version mismatch.  Both libpcap-0.6.x
and libpcap-0.7.x appear to have the same PCAP_VERSION_MAJOR
and PCAP_VERSION_MINOR numbers, 2.4,  but the definition
of "struct pcap" changed between these two versions.  
"struct pcap" is returned by the routine pcap_open_live(),
and contains important stuff like the interface's file
descriptor, and other very important stuff like the name of
the device that was opened, etc....

Unfortunately, neither RedHat nor debian are distributing
the include file, pcap-int.h, that defines "struct pcap".
I have no idea why they are not distributing this file.  I
can imagine that someone maybe trying to enforce some kind
of interface separation, but that just makes the job harder.

So, to avoid the seg fault, Argus needs to understand which
version of "struct pcap" is being used.

Sorry for the inconvenience.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: Russell Fulton [mailto:r.fulton at auckland.ac.nz] 
> Sent: Monday, May 06, 2002 1:02 AM
> To: carter at qosient.com
> Subject: Re: argus-2.0.5.tar.gz available
> 
> 
> On Sat, 2002-05-04 at 02:25, Carter Bullard wrote:
> > Gentle people,
> >    I've uploaded argus-2.0.5 to the dev directory.
> > This should be the release version of argus-2.0.5.
> > If you could please take a quick spin of this on your particular 
> > architecture, to make sure that there aren't any major 
> problems, that 
> > would very much appreciated. If it passes muster, I'll have the 
> > official release and rpms up on Monday.
> 
> 
> Hmmm... I've got this on debian...
> 
> checking for pcap-int.h... no
> configure: error: incomplete libpcap installation see INSTALL
> 
> 
> i remember other posts on this relative to RH7.2 but 
> theorygroup.com seems to be off the air at the moment so I 
> can't check out the details... [ an hour passes ] it's back 
> again and I've read the messages and am still a bit confused 
> as to what the recommended action is. 
> Should I install libpcap from source?
> 
> -- 
> Russell Fulton, Computer and Network Security Officer
> The University of Auckland,  New Zealand
> 
> 
> 



More information about the argus mailing list