[Oisf-devel] Suricata and PF_RING
Will Metcalf
william.metcalf at gmail.com
Thu Mar 11 15:35:35 UTC 2010
Right... So this is one of those cases where PF_RING is moving at a
crazy fast rate and it's hard to keep up. Either check out a version
of PF_RING prior to v 4.1.2 of the API or use the attached patch.
Victor has been super busy reworking the pattern matcher to improve
the worst case scenario so is patch queue is probably quite long at
this point. The patch will allow you to chose the way the cluster load
balancing works either round_robin or per flow, or if you using an
older version of the API will work using the old default of per flow.
Regards,
Will
On Thu, Mar 11, 2010 at 9:12 AM, Peter Bates <p.bates at gold.ac.uk> wrote:
>
> Hello all...
>
> Just trying out suricata - this is on Debian Lenny.
> A standard compile (without specifying PF_RING)
> is fine, using the version from git.
>
> If I try:
>
> ./configure --enable-pfring --with-libpfring-includes=/usr/local/include
> --with-libpfring-libraries=/usr/local/lib
>
> and then make, I get:
>
> Making all in src
> make[2]: Entering directory `/home/peter/oisf/src'
> gcc -DHAVE_CONFIG_H -I. -I.. -I../libhtp -I/usr/local/include -g -O2
> -Wextra -Wall -fno-strict-aliasing -Wno-unused-parameter -D_BSD_SOURCE
> -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H -DHAVE_PFRING -I
> /usr/local/include -DLIBPCAP_VERSION_MAJOR=1 -MT source-pfring.o -MD -MP
> -MF .deps/source-pfring.Tpo -c -o source-pfring.o source-pfring.c
> source-pfring.c: In function âReceivePfringThreadInitâ:
> source-pfring.c:245: error: too few arguments to function
> âpfring_set_clusterâ
> make[2]: *** [source-pfring.o] Error 1
> make[2]: Leaving directory `/home/peter/oisf/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/home/peter/oisf'
> make: *** [all] Error 2
>
> In src/source-pfring.c there is:
> rc = pfring_set_cluster(ptv->pd, ptv->cluster_id);
>
> In a relatively recent copy of pfring.h, the function is:
> int pfring_set_cluster(pfring *ring, u_int clusterId, cluster_type
> the_type);
>
> Changing src/source-pfring.c to:
> rc = pfring_set_cluster(ptv->pd, ptv->cluster_id, cluster_round_robin);
> works - but I'm not sure it's the correct usage!
>
> --
> Peter Bates, Network Support & Development Officer
> Goldsmiths, University of London
> New Cross, London SE14 6NW. Telephone: 020 7919 7082
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-pfring-support-lb-type-and-now-uses-logging-subsys.patch
Type: text/x-patch
Size: 11322 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100311/98222256/attachment.bin>
More information about the Oisf-devel
mailing list