[Oisf-devel] Suricata and PF_RING

[Peter Bates]

Hello all...

Just trying out suricata - this is on Debian Lenny.
A standard compile (without specifying PF_RING)
is fine, using the version from git.

If I try:

./configure --enable-pfring --with-libpfring-includes=/usr/local/include 
--with-libpfring-libraries=/usr/local/lib

and then make, I get:

Making all in src
make[2]: Entering directory `/home/peter/oisf/src'
gcc -DHAVE_CONFIG_H -I. -I..  -I../libhtp  -I/usr/local/include  -g -O2 
-Wextra -Wall -fno-strict-aliasing -Wno-unused-parameter -D_BSD_SOURCE 
-D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_PFRING  -I 
/usr/local/include -DLIBPCAP_VERSION_MAJOR=1 -MT source-pfring.o -MD -MP 
-MF .deps/source-pfring.Tpo -c -o source-pfring.o source-pfring.c
source-pfring.c: In function âReceivePfringThreadInitâ:
source-pfring.c:245: error: too few arguments to function 
âpfring_set_clusterâ
make[2]: *** [source-pfring.o] Error 1
make[2]: Leaving directory `/home/peter/oisf/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/peter/oisf'
make: *** [all] Error 2

In src/source-pfring.c there is:
rc = pfring_set_cluster(ptv->pd, ptv->cluster_id);

In a relatively recent copy of pfring.h, the function is:
int pfring_set_cluster(pfring *ring, u_int clusterId, cluster_type 
the_type);

Changing src/source-pfring.c to:
rc = pfring_set_cluster(ptv->pd, ptv->cluster_id, cluster_round_robin);
works - but I'm not sure it's the correct usage!

-- 
Peter Bates, Network Support & Development Officer
Goldsmiths, University of London
New Cross, London SE14 6NW. Telephone: 020 7919 7082