PF_RING-daq-module snort3 compatibility

[scmcelt]

Hi, I'm currently experiencing an issue when attempting to compile the pfring-daq-module. I'm getting the following error when running ./configure.

configure: error: Could not find daq_api.h!

Currently I'm trying to compile the daq-module to get snort3 working with it. I have followed the installation guide via the following link, but the instructions appear to be specific to snort 2.9 https://www.ntop.org/guides/pf_ring/thirdparty/snort-daq.html

I have the following software installed on the Debian 10 test system at the moment.

• snort-3.1.9.0
• libdaq-3.0.4
• PF_RING-7.8.0

The libdaq-3.0.4 module was a requirement for the snort3 installation, as it would not compile with the earlier DAQ 2.0.6 version installed with the previous Snort 2.9 installation. From looking into the source code of libdaq, it doesn't appear to have the daq_api.h file anymore which was a requirement for the pf_ring module to compile.

[cpungasc]

I have ran into the same issue. My observation is that daq API has changed, there's no daq_api.h anymore, now it's daq.h.
You can solve this (specific) issue by changing the PF_RING source_ code to include daq.h. Nonetheless, that is a high level approach, as I have no idea if the API remained the same and if compilation will succeed.
Not to mention that sfbpf was removed and that will be the next issue... see snort3/libdaq@ff72be6

Would be great if someone from PF_RING dev team would give more insight into this issue and possible resolution.

Hope that it makes you feel a bit better knowing that you're not alone in this 'battle' ;)

[ntallfellow]

I ran into this same issue. Unfortunately DAQ3+ doesnt include a pf_ring specific daq to run at all. I would reccomend you switch to using AF_Packet as its built into DAQ3+.