Re: [pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4
Hello Karl, For what it's worth, I had the exact same problem as you under OpenBSD 4.4 and came up with a nearly identical work-around. When you do get pmacctd compiled and installed, it'll work properly. Juan Rivera Karl O. Pinc wrote: 0.11.4 compiled, but ./configure;make with 0.11.5 says: snip- gcc -DPACKAGE=\pmacctd\ -DVERSION=\0.11.5-cvs\ -DPROGNAME=1 -DIM_LITTLE_ENDIAN=1 -DHAVE_L2=1 -DHAVE_PCAP_H=1 -DHAVE_LIBPCAP=1 -DPCAP_7=1 -DPCAP_TYPE_bpf=1 -DHAVE_DLOPEN=1 -DSTDC_HEADERS=1 -DHAVE_SYS_WAIT_H=1 -DHAVE_GETOPT_H=1 -DHAVE_SYS_SELECT_H=1 -DHAVE_SYS_TIME_H=1 -DHAVE_U_INT64_T=1 -DHAVE_U_INT32_T=1 -DHAVE_U_INT16_T=1 -DHAVE_U_INT8_T=1 -DHAVE_UINT64_T=1 -DHAVE_UINT32_T=1 -DHAVE_UINT16_T=1 -DHAVE_UINT8_T=1 -DRETSIGTYPE=void -DHAVE_STRLCPY=1 -DHAVE_VSNPRINTF=1 -DHAVE_SETPROCTITLE=1 -I. -I. -O2 -c pmacctd.c pmacctd.c: In function `main': pmacctd.c:488: error: `DLT_LINUX_SLL' undeclared (first use in this function) pmacctd.c:488: error: (Each undeclared identifier is reported only once pmacctd.c:488: error: for each function it appears in.) *** Error code 1 Stop in /home/kop/projects/pmacct/pmacct-0.11.5/src (line 92 of /usr/share/mk/sys.mk). *** Error code 1 Stop in /home/kop/projects/pmacct/pmacct-0.11.5/src (line 278 of Makefile). *** Error code 1 Stop in /home/kop/projects/pmacct/pmacct-0.11.5 (line 128 of Makefile). snip- In 0.11.4 the DLT_* symbols are getting picked up from net/bpf.h (-DHAVE_PCAP_H=1) via: pmacct.h - pcap.h - net/bpf.h but the stock bpf.h does not have DLT_LINUX_SLL for obvious reasons. I am not thrilled with the attached patch, but it compiles. (I've no idea yet whether the compiled code works. I've not yet got pmacct going.) Karl k...@meme.com Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4
Hi Karl, Present! The developer has still brainwave and currently trying to refrain his daytime employer to kick him out. Indeed, thanks for flagging the compilation issue; as this is bound to a specific DLT definition, i was actually wondering whether the underlying problem is more a stale version of the pcap library (maybe shipped with the OS) rather than the OS per-se. Skimming quickly through the libpcap code, this seems to be the case. This might move the patch to the configuration for compilation - ie. a requirement for a minimum version of the pcap library. Unfortunately i don't have access to any OpenBSD at the moment; is that something you can give it a try? Cheers, Paolo On Fri, Feb 06, 2009 at 10:16:00AM -0600, Karl O. Pinc wrote: On 02/06/2009 09:50:49 AM, Juan Rivera wrote: Hello Karl, For what it's worth, I had the exact same problem as you under OpenBSD 4.4 and came up with a nearly identical work-around. When you do get pmacctd compiled and installed, it'll work properly. Thanks for the reply. Did you get any response from the pmacct developers acknowledging the bug? FWIW it does work. I now have socat extending the pmacctd socket across the network so I can run pmacctd and aggregate statistics in memory on a lightweight OpenBSD box and then run pmacct and rrdtool (and postgresql and apache and such) on a Linux box to periodically collect and display the data. I'm excited. I'll see about posting the socat stuff once I get it cleaned up. What's the feel here for where pmacct is going? Is there an active community and developers? Will pmacct continue to be used and grow or will it fade into obscurity? Thanks. Karl k...@meme.com Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4
On 02/06/2009 10:55:41 AM, Paolo Lucente wrote: Hi Karl, Present! The developer has still brainwave and currently trying to refrain his daytime employer to kick him out. Good. Indeed, thanks for flagging the compilation issue; as this is bound to a specific DLT definition, i was actually wondering whether the underlying problem is more a stale version of the pcap library (maybe shipped with the OS) rather than the OS per-se. Skimming quickly through the libpcap code, this seems to be the case. This might move the patch to the configuration for compilation - ie. a requirement for a minimum version of the pcap library. I don't think so, at least not so far as OpenBSD is concerned. Libpcap is part of OpenBSD, as far as I can tell. My belief is that OpenBSD sees no reason to ship Linux symbols that are unused in OpenBSD. I am not versed in OpenBSD development, but that's how it seems to me. OpenBSD prefers code clean and tidy and it's not clear to me how Linux symbols would fit into that approach. Unfortunately i don't have access to any OpenBSD at the moment; is that something you can give it a try? What would I look at? Karl k...@meme.com Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4
Hi Karl, On Fri, Feb 06, 2009 at 02:35:28PM -0600, Karl O. Pinc wrote: Unfortunately i don't have access to any OpenBSD at the moment; is that something you can give it a try? What would I look at? As i was suggesting, please download and compile a recent version of libpcap, say, 0.9.x - then compile pmacct against it (instead of the version of the library shipped with the OS). In order to do that, you can use the --with-pcap-includes and --with-pcap-libs switches of the configure script. Cheers, Paolo ___ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
Re: [pmacct-discussion] pmacct 0.11.5 not compiling on OpenBSD 4.4
On 02/06/2009 03:50:06 PM, Paolo Lucente wrote: Hi Karl, On Fri, Feb 06, 2009 at 02:35:28PM -0600, Karl O. Pinc wrote: Unfortunately i don't have access to any OpenBSD at the moment; is that something you can give it a try? What would I look at? As i was suggesting, please download and compile a recent version of libpcap, say, 0.9.x - then compile pmacct against it (instead of the version of the library shipped with the OS). In order to do that, you can use the --with-pcap-includes and --with-pcap-libs switches of the configure script. Ok, but I don't believe that using the upstream libpcap is an appropriate solution for OpenBSD users. I won't be using it.. Libpcap is something that OpenBSD users expect to get from their OS. OpenBSD has tweaked it so that it's got millisecond timestamps and has been audited for security. There's no libpcap port or package, the reason being that the libpcap that's part of OpenBSD is not guaranteed to be compatible with the rest of the world's libpcap where the goals of OpenBSD conflict with using the upstream libpcap. I'm not familiar enough with anybody's internals to make definitive statements, and can't speak for OpenBSD in any way, but that's my take. Even if pmacct works today when linked against the upstream libpcap I don't feel comfortable that it will work tomorrow or there won't be subtle problems. Attached is a new patch I like much better than the one I first posted. I don't know if it qualifies as acceptable, but it's no longer stinky. Results of the test you request follow. libpcap seems to be statically linked. ---snip--- tar -xzf libpcap-1.0.0.tar.gz cd libpcap-1.0.0 ./configure make ---snip--- tar -xzf ../pmacct-0.11.5.tar.gz cd pmacct-0.11.5/ ./configure --with-pcap-includes=../libpcap-1.0.0/ --with-pcap-libs=../libpcap-1.0.0/ make ---snip--- $ ldd src/pmacctd src/pmacctd: StartEnd Type Open Ref GrpRef Name 1c00 3c044000 exe 10 0 src/pmacctd 009d7000 20a0d000 rlib 01 0 /usr/lib/libc.so.48.0 0c607000 0c607000 rtld 01 0 /usr/libexec/ld.so $ I-search: $ ldd src/pmacct src/pmacct: StartEnd Type Open Ref GrpRef Name 1c00 3c005000 exe 10 0 src/pmacct 05868000 2589e000 rlib 01 0 /usr/lib/libc.so.48.0 018ae000 018ae000 rtld 01 0 /usr/libexec/ld.so ---snip--- Appears to work at first glance. Here's my test: ---snip--- # ./src/pmacctd -i fxp0 -c src_host -P memory src host 192.168.1.4 OK ( default/core ): link type is: 1 OK ( default/memory ): waiting for data on: '/tmp/collect.pipe' ---snip--- $ ./src/pmacct -s SRC_IP PACKETS BYTES 192.168.1.4 127 16790 For a total of: 1 entries $ ./src/pmacct -s -e SRC_IP PACKETS BYTES 192.168.1.4 144 18586 For a total of: 1 entries $ ./src/pmacct -s -e SRC_IP PACKETS BYTES 192.168.1.4 7 796 For a total of: 1 entries ---snip--- Here's some references regarding OpenBSD and it's policies: 15.4.2 - The latest version of my Top-Favorite-Software is not available! http://www.openbsd.org/faq/faq15.html#Latest Some individual ports may lag behind the mainstream versions because of this. The ports collection may have a version back of a program from January while a new version of the program has been released by its developers in May three months ago. Often this is a conscious decision; the new version may have problems in it on OpenBSD that the maintainer is trying to solve, or that have simply made the application worse than the old version: OpenBSD may have different goals than the mainstream developers in other projects, which sometimes results in features and design or implementation choices that are undesirable from OpenBSD developers' point of view. The update may also be postponed because the new version is not considered a crucial update. See also: OpenBSD Porting Policy http://www.openbsd.org/porting.html#Policy and Security Recommendations http://www.openbsd.org/porting.html#Security In particular: Any software to be installed as a server should be scanned for buffer overflows, especially unsafe use of strcat/strcpy/strcmp/sprintf. In general, sprintf should be replaced with snprintf. I don't see using an upstream libpcap as meeting this requirement. If upstream did undergo such screening it the new version would be incorporated directly into OpenBSD. FWIW, I've attached a script of a compilation of pmacct 0.11.5 on OpenBSD 4.4 so you can see the complaints the compiler has about security. Regards, Karl k...@meme.com Free Software: You don't pay back, you pay forward. -- Robert A. Heinlein --- src/pmacctd.c.orig Wed Jul 16 17:38:43