[Zeek] Errors installing af_packet-plugin

James Lay jlay at slave-tothe-box.net
Wed Oct 23 09:28:18 PDT 2019 

Oh I see where this might be the issue...looks like common needs 
installed:

/usr/src/linux-headers-4.9.0-3-common/include/linux/user.h

ii  linux-headers-4.9.0-3-amd64            4.9.30-2+deb9u5               
     amd64        Header files for Linux 4.9.0-3-amd64
ii  linux-headers-4.9.0-3-common           4.9.30-2+deb9u5               
     all          Common header files for Linux 4.9.0-3

Debian is funky ;)

James

On 2019-10-23 10:12, Jan Grashöfer wrote:
> Where are the headers located? Especially where can you find
> "include/linux/user.h"? This is what cmake is looking for...
> 
> Jan
> 
> On 23/10/2019 17:55, James Lay wrote:
>> Ah....so yea you're looking at my point of contention with bro-pkg, so
>> per:
>> 
>> https://github.com/J-Gras/bro-af_packet-plugin
>> 
>> it looks like you might have to try and manually install after all.
>> 
>> James
>> 
>> On 2019-10-23 09:51, Mark Gardner wrote:
>>> On Wed, Oct 23, 2019 at 11:39 AM James Lay <jlay at slave-tothe-box.net>
>>> wrote:
>>> 
>>>> You need to install deb kernel header package...do:
>>>> 
>>>> apt-cache search linux-headers
>>>> 
>>>> and find the package that matches your running kernel.
>>> 
>>> I have the kernel headers installed:
>>> 
>>> $ uname -aLinux zeekmgr 4.19.0-6-amd64 #1 SMP Debian 
>>> 4.19.67-2+deb10u1
>>> (2019-09-20) x86_64 GNU/Linux
>>> 
>>> $ dpkg -l
>>> linux-headers-4.19.0-6-amd64Desired=Unknown/Install/Remove/Purge/Hold
>>> |
>>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>>> ||/ Name                         Version           Architecture
>>> Description
>>> +++-============================-=================-============-=====================================
>>> ii  linux-headers-4.19.0-6-amd64 4.19.67-2+deb10u1 amd64        
>>> Header
>>> files for Linux 4.19.0-6-amd64
>>> 
>>> # bro-pkg install bro-af_packet-plugin
>>> The following packages will be INSTALLED:
>>>    bro/j-gras/bro-af_packet-plugin (1.4.0)
>>> 
>>> Proceed? [Y/n]
>>> Running unit tests for "bro/j-gras/bro-af_packet-plugin"
>>> error: failed to run tests for bro/j-gras/bro-af_packet-plugin:
>>> package build_command failed, see log in
>>> /root/.bro-pkg/logs/bro-af_packet-plugin-build.log
>>> Proceed to install anyway? [N/y]
>>> 
>>> The error message (sent in the original post and below) suggests that
>>> there are two problems: 1) can't find BroPlugin and 2) can't find the
>>> kernel headers. As I demonstrated above, the headers are indeed
>>> installed. I suspect there is a problem with the Debian package in
>>> that it does not contain FindKernelHeaders.cmake or
>>> kernelheaders-config.cmake but then again I don't know anything about
>>> using Cmake.
>>> 
>>> # cat /root/.bro-pkg/logs/bro-af_packet-plugin-build.log
>>> 
>>> === STDERR ===
>>> CMake Error at CMakeLists.txt:6 (include):
>>>    include could not find load file:
>>> 
>>>      BroPlugin
>>> 
>>> CMake Warning at CMakeLists.txt:8 (find_package):
>>>    By not providing "FindKernelHeaders.cmake" in CMAKE_MODULE_PATH 
>>> this
>>>    project has asked CMake to find a package configuration file
>>> provided by
>>>    "KernelHeaders", but CMake did not find one.
>>> 
>>>    Could not find a package configuration file provided by
>>> "KernelHeaders"
>>>    with any of the following names:
>>> 
>>>      KernelHeadersConfig.cmake
>>>      kernelheaders-config.cmake
>>> 
>>>    Add the installation prefix of "KernelHeaders" to 
>>> CMAKE_PREFIX_PATH
>>> or set
>>>    "KernelHeaders_DIR" to a directory containing one of the above
>>> files.  If
>>>    "KernelHeaders" provides a separate development package or SDK, be
>>> sure it
>>>    has been installed.
>>> 
>>> CMake Error at CMakeLists.txt:22 (message):
>>>    Kernel headers not found.
>>> 
>>> === STDOUT ===
>>> Build Directory        : build
>>> Bro Source Directory   :
>>> -- The C compiler identification is GNU 8.3.0
>>> -- The CXX compiler identification is GNU 8.3.0
>>> -- Check for working C compiler: /usr/bin/cc
>>> -- Check for working C compiler: /usr/bin/cc -- works
>>> -- Detecting C compiler ABI info
>>> -- Detecting C compiler ABI info - done
>>> -- Detecting C compile features
>>> -- Detecting C compile features - done
>>> -- Check for working CXX compiler: /usr/bin/c++
>>> -- Check for working CXX compiler: /usr/bin/c++ -- works
>>> -- Detecting CXX compiler ABI info
>>> -- Detecting CXX compiler ABI info - done
>>> -- Detecting CXX compile features
>>> -- Detecting CXX compile features - done
>>> -- Configuring incomplete, errors occurred!
>>> See also
>>> "/root/.bro-pkg/testing/bro-af_packet-plugin/clones/bro-af_packet-plugin/build/CMakeFiles/CMakeOutput.log".
>>> 
>>> Mark
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>> 
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek

More information about the Zeek mailing list