Bug 964612

Summary: Suricata building problem from src (libnetfilter_queue)
Product: [openSUSE] openSUSE Distribution Reporter: Mikhail Kasimov <mikhail.kasimov>
Component: BasesystemAssignee: E-mail List <bnc-team-screening>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: bwiedemann, Greg.Freemyer, jengelh
Version: 13.2   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 13.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Mikhail Kasimov 2016-02-02 07:20:13 UTC 
Hello!

Got a problem with building Suricata 3.0 (suricata-ids.org) on 13.2. Because, there was no installation guide how-to-install on openSUSE, I tried instructions for Fedora/CentOS, because they are also RPM-based distros. The result was unsuccessful, so I filed the request - https://redmine.openinfosecfoundation.org/issues/1687 , after which the guide for 42.1 was released - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/OpenSuse_Installation and later was updated for 13.2.

But I use 13.2, so, as you can see, there is a difference between buildings for 13.2 and 42.1:

42.1: -I/usr/include/libnetfilter_queue
13.2: -I/usr/include/libnetfilter_queue-1.0.2

So, the 1st question -- what was the _real_ _technical_ _reason_ to change 'libnetfilter_queue-1.0.2' --> 'libnetfilter_queue' and why not to use persistent variant for all versions? I suppose, the answer is on openSUSE side, right?

The 2d question: as you can see, building preocess under openSUSE 13.2/42.1 is much more complicated than under, for example, CentOS (https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation) and Ubuntu (https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation) by using non-obivious constructions like CPPFLAGS="-I/usr/include/libnetfilter_queue -I/usr/include/libnfnetlink-1.0.1" . How to make this process more easier to user? Is it possible?

Thank you!
Comment 1 Bernhard Wiedemann 2016-02-02 09:56:14 UTC 
I think the typical solution to abstract away these differences is

export CPPFLAGS=`pkg-config --cflags libnetfilter_queue`

and
pkg-config --libs libnetfilter_queue

which uses
/usr/lib64/pkgconfig/libnetfilter_queue.pc
which is included in the libnetfilter_queue-devel package
Comment 2 Jan Engelhardt 2016-02-02 10:17:48 UTC 
Shortcoming of upstream package. You should report to them that they are missing a PKG_CHECK_MODULES call for libnetfilter_queue.

*** This bug has been marked as a duplicate of bug 795968 ***
Comment 3 Mikhail Kasimov 2016-02-02 10:32:07 UTC 
(In reply to Bernhard Wiedemann from comment #1)
> I think the typical solution to abstract away these differences is
> 
> export CPPFLAGS=`pkg-config --cflags libnetfilter_queue`
> 
> and
> pkg-config --libs libnetfilter_queue
> 
> which uses
> /usr/lib64/pkgconfig/libnetfilter_queue.pc
> which is included in the libnetfilter_queue-devel package

You're right, but this is redundant way a little bit, as for me, instead of using persistent naming schema.

> You should report to them that they are missing a PKG_CHECK_MODULES call for libnetfilter_queue.

I will.
Comment 4 Mikhail Kasimov 2016-06-08 22:56:25 UTC 
Hello!

Guys, please give some help here: https://redmine.openinfosecfoundation.org/issues/1525#note-9

=====
First of all I'm a little bit confused why OpenSuse puts the include files in "/usr/include/libnetfilter_queue/libnetfilter_queue" instead of just "/usr/include/libnetfilter_queue" but I couldn't find a way to make this line work: {{{
AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)])
}}}
I see that in other projects as well and even playing with the path didn't change anything. Does anyone have an idea why this AC_CHECK_HEADER won't work on OpenSuse but on other distris, while most of the others work well with OpenSuse?
=====

Thanks!
Comment 5 Greg Freemyer 2016-10-08 15:31:01 UTC 
I know this is closed, but Suricata 3.1.2 is now in server:monitoring.

The "fix" was to use the correct configure statement:

%configure --enable-nfqueue \
           --with-libnetfilter_queue-includes=`pkg-config libnetfilter_queue --variable=includedir` \
           --with-libnetfilter_log-includes=`pkg-config libnetfilter_log --variable=includedir` \
           --with-libnfnetlink-includes=`pkg-config libnfnetlink --variable=includedir` \
           --enable-prelude \
           --enable-gccprotect \
           --enable-old-barnyard2 \
           --enable-non-bundled-htp \
           --enable-geoip \
           --enable-lua \
           --enable-hiredis