Snort-package v3.2.9.10_2: 'Shared object "libibverbs.so.1" not found, required by "libpcap.so.1"'



  • PFSense-Version: 2.4.4-RELEASE-p3
    Snort-package version: 3.2.9.10_2

    Today I tried to upgrade to the latest snort-package (3.2.9.10_2). After upgrading there is the following message in the system-log when trying to start snort. Completely uninstalling and re-installing leads to the same message:

    /tmp/snort_em058505_startcmd.php: The command '/usr/local/bin/snort -R 58505 -D -q --suppress-config-log -l /var/log/snort/snort_em058505 --pid-path /var/run --nolock-pidfile -G 58505 -c /usr/local/etc/snort/snort_58505_em0/snort.conf -i em0' returned exit code '1', the output was 'Shared object "libibverbs.so.1" not found, required by "libpcap.so.1"'
    

    Checking the dependencies in a shell shows the following result:

    ldd /usr/local/bin/snort
    /usr/local/bin/snort:
            libdnet.so.1 => /usr/local/lib/libdnet.so.1 (0x800995000)
            libpcre.so.1 => /usr/local/lib/libpcre.so.1 (0x800ba5000)
            libm.so.5 => /lib/libm.so.5 (0x800e43000)
            libcrypto.so.8 => /lib/libcrypto.so.8 (0x801200000)
            libdl.so.1 => /usr/lib/libdl.so.1 (0x801672000)
            libpcap.so.1 => /usr/local/lib/libpcap.so.1 (0x801873000)
            libsfbpf.so.0 => /usr/local/lib/libsfbpf.so.0 (0x801acf000)
            libz.so.6 => /lib/libz.so.6 (0x801d0c000)
            liblzma.so.5 => /usr/lib/liblzma.so.5 (0x801f24000)
            libthr.so.3 => /lib/libthr.so.3 (0x80214d000)
            libc.so.7 => /lib/libc.so.7 (0x802375000)
            libibverbs.so.1 => not found (0)
    

    It seems to me like there is a dependency to libibverbs.so.1 which was not installed.
    Please, could anybody take a look into this issue and correct it?
    Thanks a lot in advance!



  • With the upgrade to pfSense 2.4.5 the issue is resolved.



  • Also applies to the package nmap 1.4.4_1 on pfSense 2.4.4



  • This post is deleted!


  • Great to know this is fixed in the new release. 👍
    Is there any way to fix this issue on version 2.4.4p3, without having to upgrade?



  • @matthewfearnley said in Snort-package v3.2.9.10_2: 'Shared object "libibverbs.so.1" not found, required by "libpcap.so.1"':

    Great to know this is fixed in the new release. 👍
    Is there any way to fix this issue on version 2.4.4p3, without having to upgrade?

    I would be interested in that as well. I chose to revert back to 2.4.4 p3 until the problems with 2.4.5 get resolved, if ever. The only other add-on package that I can't install that I was using is Snort because the latest update removed the capability with the older 2.4.4 p3.



  • @matthewfearnley said in Snort-package v3.2.9.10_2: 'Shared object "libibverbs.so.1" not found, required by "libpcap.so.1"':

    Great to know this is fixed in the new release. 👍
    Is there any way to fix this issue on version 2.4.4p3, without having to upgrade?

    No, the packages repository has been recompiled using the new FreeBSD 11.3 STABLE libraries. So the packages expect to find a certain version and configuration of shared libraries on the machine they are installed on.

    You could create your own Poudriere package builder server on a virtual machine, clone the pfSense packages repository from Github, pull down the correct branch (RELENG_2_4_4) and build your own set of packages in a private repository. You would then point your firewall to that private repo and install packages from there. That is all doable, but a lot of work. You would be on your own to work all that out.



  • @jdeloach said in Snort-package v3.2.9.10_2: 'Shared object "libibverbs.so.1" not found, required by "libpcap.so.1"':

    @matthewfearnley said in Snort-package v3.2.9.10_2: 'Shared object "libibverbs.so.1" not found, required by "libpcap.so.1"':

    Great to know this is fixed in the new release. 👍
    Is there any way to fix this issue on version 2.4.4p3, without having to upgrade?

    I would be interested in that as well. I chose to revert back to 2.4.4 p3 until the problems with 2.4.5 get resolved, if ever. The only other add-on package that I can't install that I was using is Snort because the latest update removed the capability with the older 2.4.4 p3.

    Same reply as given to user @matthewfearnley above. Not possible to revert Snort so far as I am aware unless you follow the custom private packages repo route.



  • @bmeeks I tried the upgrade yesterday on two different virtualization servers and it's unusable, there are random lockups all the time and it's not fit for production. I really can't do anything with 2.4.4-p3 without Snort and I can't get 2.4.5 to work reliably.

    Is access to the previous software repository versions included with the netgate subscription?

    If I switch to a subscription will I get a different software version that works reliably with all the packages?



  • @eSht said in Snort-package v3.2.9.10_2: 'Shared object "libibverbs.so.1" not found, required by "libpcap.so.1"':

    @bmeeks I tried the upgrade yesterday on two different virtualization servers and it's unusable, there are random lockups all the time and it's not fit for production. I really can't do anything with 2.4.4-p3 without Snort and I can't get 2.4.5 to work reliably.

    Is access to the previous software repository versions included with the netgate subscription?

    If I switch to a subscription will I get a different software version that works reliably with all the packages?

    No, the subscription so far as I know does not grant you access to older versions of stuff. However, I am not affiliated with Netgate or pfSense other than being the volunteer package maintainer for Snort and Suricata.

    The issue with Snort is that FreeBSD 11.3-STABLE updated libpcap from version 1.8.x to version 1.9.x. That new version has different dependent libraries that do not exist in the older FreeBSD 11.2 branch that pfSense-2.4.4 used.

    The older pfSense packages are still accessible here: https://files00.netgate.com/pfSense_v2_4_4_amd64-pfSense_v2_4_4/All/. These are for the Community Edition (in other words, for non-Netgate hardware). You would need to download each individually required package (the two Snort packages along with all the supporting libraries) and save them locally on the disk. Then use the pkg utility to install those local packages and instruct pkg to NOT go searching on the configured repository for missing dependencies. You can use Google to figure out how to do all of that. This is not something the Netgate/pfSense team will support, and I suspect they will offer no assistance in doing this. And you can badly break your firewall.

    I have to ask you this since you mention virtualized firewalls. Why don't you have snapshots you could revert back to? Standard practice for commercial environments would be to always snapshot a VM before applying any upgrade. That way, if the upgrade does not pan out, you can almost instantly rollback to the pre-upgrade state. That's the beauty of a virtualized system. If you did not take snapshots before upgrading, then let this be a valuable "lesson learned" for you and make absolutely sure you follow that practice in the future. This should apply whether you are upgrading the base OS or just an individual package.



  • @eSht:

    User @stephenw10 (a Netgate employee) has posted a potential method for enabling the 2.4.4 pfSense package repo here: https://forum.netgate.com/topic/151709/2-4-5-update-caution.

    You can give this a try. Just this time, snapshot your virtualized firewalls before proceeding so if things go way South you can quickly recover.



  • This post is deleted!


  • This post is deleted!

Log in to reply