libpcap 1.7.4: netfilter compile check will not succeed; PCAP_SUPPORT_NETFILTER will never set
Username: InkblotAdmirer
Origin: https://bugs.openwrt.org/index.php?do=details&task_id=276
libpcap 1.7.4 configure script includes a netfilter test compile script which always fails – libpcap will then be built without netfilter logging support even if configured correctly. Build output always shows “ac_cv_netfilter_can_compile=no”.
The following patch (package/libs/libpcap/patches) ignores the ac_cv_netfilter_can_compile test and sets the PCAP_SUPPORT_NETFILTER to 1 always. tcpdump will then accept the “-i nflog” capture interface. I’m not recommending this patch as a fix necessarily but I have been unsuccessful in getting the test compile to work (which would likely be the correct approach).
Dropped packets appear to be captured correctly now using:
iptables -w -I zone_wan_src_DROP -m limit --limit 100/second -j NFLOG --nflog-prefix "WAN DRP" --nflog-group 30 tcpdump -i nflog:30 -U -s0
Tested on WRT1900ACS (Shelby), LEDE trunk as of 11/6.
— a/configure
+++ b/configure
@@ -8026,12 +8026,12 @@
{ as_echo “
as_me:{as_lineno-
LINENO}: result: $ac_cv_netfilter_can_compile” >&5
as_echo “
ac_cv_netfilter_can_compile” >&6; }
- if test $ac_cv_netfilter_can_compile = yes ; then
+# if test $ac_cv_netfilter_can_compile = yes ; then
$as_echo “#define PCAP_SUPPORT_NETFILTER 1” »confdefs.h
NETFILTER_SRC=pcap-netfilter-linux.c
- fi
+# fi
;;
*)
{ as_echo “
as_me:{as_lineno-
LINENO}: result: no” >&5