<div dir="ltr">Thanks. Can i use suricata 1.0.5? which version of PF_RING is compatible with suricata 1.0.4 or 1.0.5? <br>Is suricata git version stable for large Bandwidth?<br>Thanks in advance<br><br><div class="gmail_quote">

On Sat, Sep 17, 2011 at 11:18 PM, Will Metcalf <span dir="ltr"><<a href="mailto:william.metcalf@gmail.com">william.metcalf@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

PF_RING 4.7 added the requirement to call pfring_enable_ring(), which<br>
was not previously required nor in the 1.0.4 code base.  So you have<br>
two options, either use an older version of PF_RING a newer version of<br>
suricata.  You can get the latest version of the code by issuing the<br>
following command.<br>
<br>
git clone git://<a href="http://phalanx.openinfosecfoundation.org/oisf.git" target="_blank">phalanx.openinfosecfoundation.org/oisf.git</a><br>
<br>
Regards,<br>
<br>
Will<br>
<div><div></div><div class="h5"><br>
On Sat, Sep 17, 2011 at 11:50 AM, Mohsen Saeedi <<a href="mailto:mohsen.saeedi@gmail.com">mohsen.saeedi@gmail.com</a>> wrote:<br>
> Hi<br>
> I make suricata 1.0.4 rpm and pfring 4.7 rpm and installed them with<br>
> new pcap lib on the centos 6.0.but when i started suricata with below<br>
> command it report some error about pfring receive! please help me.<br>
> suricata -c /etc/suricata/suricata.yaml --pfring-int=eth1<br>
><br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info><br>
> (ReceivePfringThreadInit) -- Going to use cluster-id 99<br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info><br>
> (ReceivePfringThreadInit) -- going to use interface eth1<br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info><br>
> (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1<br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info><br>
> (ReceivePfringThreadInit) -- pfring cluster type cluster_flow<br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info><br>
> (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully<br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error><br>
> (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv<br>
> error  -1<br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0<br>
> [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0<br>
> Recv:0 Drop:0 (-nan%).<br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info><br>
> (ReceivePfringThreadInit) -- Going to use cluster-id 99<br>
> [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info><br>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted<br>
><br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info><br>
> (ReceivePfringThreadInit) -- going to use interface eth1<br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info><br>
> (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1<br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info><br>
> (ReceivePfringThreadInit) -- pfring cluster type cluster_flow<br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info><br>
> (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully<br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error><br>
> (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv<br>
> error  -1<br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0<br>
> [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0<br>
> Recv:0 Drop:0 (-nan%).<br>
> [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info><br>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted<br>
><br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info><br>
> (ReceivePfringThreadInit) -- Going to use cluster-id 99<br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info><br>
> (ReceivePfringThreadInit) -- going to use interface eth1<br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info><br>
> (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1<br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info><br>
> (ReceivePfringThreadInit) -- pfring cluster type cluster_flow<br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info><br>
> (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully<br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error><br>
> (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv<br>
> error  -1<br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0<br>
> [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0<br>
> Recv:0 Drop:0 (-nan%).<br>
> [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info><br>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted<br>
><br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info><br>
> (ReceivePfringThreadInit) -- Going to use cluster-id 99<br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info><br>
> (ReceivePfringThreadInit) -- going to use interface eth1<br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info><br>
> (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1<br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info><br>
> (ReceivePfringThreadInit) -- pfring cluster type cluster_flow<br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info><br>
> (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully<br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error><br>
> (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv<br>
> error  -1<br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0<br>
> [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0<br>
> Recv:0 Drop:0 (-nan%).<br>
> [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info><br>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted<br>
><br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info><br>
> (ReceivePfringThreadInit) -- Going to use cluster-id 99<br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info><br>
> (ReceivePfringThreadInit) -- going to use interface eth1<br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info><br>
> (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1<br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info><br>
> (ReceivePfringThreadInit) -- pfring cluster type cluster_flow<br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info><br>
> (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully<br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error><br>
> (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv<br>
> error  -1<br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0<br>
> [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info><br>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0<br>
> Recv:0 Drop:0 (-nan%).<br>
> [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info><br>
> (TmThreadRestartThread) -- thread "ReceivePfring" restarted<br>
><br>
> [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info><br>
> (ReceivePfringThreadInit) -- Going to use cluster-id 99<br>
> [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info><br>
> (ReceivePfringThreadInit) -- going to use interface eth1<br>
> [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info><br>
> (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1<br>
> [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info><br>
> (ReceivePfringThreadInit) -- pfring cluster type cluster_flow<br>
> [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:289) <Error><br>
> (ReceivePfringThreadInit) -- [ERRCODE:<br>
> SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returned<br>
> -1 for cluster-id: 99<br>
> [11829] 17/9/2011 -- 21:17:48 - (suricata.c:1165) <Info> (main) --<br>
> signal received<br>
> [11829] 17/9/2011 -- 21:17:48 - (suricata.c:1195) <Info> (main) --<br>
> time elapsed 0s<br>
> [11841] 17/9/2011 -- 21:17:48 - (flow.c:1107) <Info><br>
> (FlowManagerThread) -- 0 new flows, 0 established flows were timed<br>
> out, 0 flows in closed state<br>
> [11829] 17/9/2011 -- 21:17:48 - (stream-tcp-reassemble.c:291) <Info><br>
> (StreamTcpReassembleFree) -- Max memuse of the stream reassembly<br>
> engine 11292544 (in use 0)<br>
> [11829] 17/9/2011 -- 21:17:49 - (stream-tcp.c:487) <Info><br>
> (StreamTcpFreeConfig) -- Max memuse of stream engine 5505024 (in use<br>
> 0)<br>
> [11829] 17/9/2011 -- 21:17:49 - (detect.c:2820) <Info><br>
> (SigAddressCleanupStage1) -- cleaning up signature grouping<br>
> structure...<br>
> [11829] 17/9/2011 -- 21:17:49 - (detect.c:2835) <Info><br>
> (SigAddressCleanupStage1) -- cleaning up signature grouping<br>
> structure... done<br>
><br>
> --<br>
> Seyyed Mohsen Saeedi<br>
> سید محسن سعیدی<br>
</div></div>> _______________________________________________<br>
> Discussion mailing list<br>
> <a href="mailto:Discussion@openinfosecfoundation.org">Discussion@openinfosecfoundation.org</a><br>
> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/discussion" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>
><br>
</blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr"><div dir="rtl">Seyyed Mohsen Saeedi<br></div><div dir="rtl">سید محسن سعیدی<br></div></div><br>
</div>