[Discussion] Suricata with PF_RING 4.7
Will Metcalf
william.metcalf at gmail.com
Sat Sep 17 19:14:38 UTC 2011
>which version of PF_RING is compatible with suricata 1.0.4 or 1.0.5?
To be honest I'm not sure :D, something older than 4.7.1 should work
afaik... Given how rapidly PF_RING is developed, this is something we
should probably track in the future... I will put this on the "TODO".
I'm testing suricata git on a fairly high speed network, and so far so
good :D.
Regards,
Will
On Sat, Sep 17, 2011 at 1:52 PM, Mohsen Saeedi <mohsen.saeedi at gmail.com> wrote:
> Thanks. Can i use suricata 1.0.5? which version of PF_RING is compatible
> with suricata 1.0.4 or 1.0.5?
> Is suricata git version stable for large Bandwidth?
> Thanks in advance
>
> On Sat, Sep 17, 2011 at 11:18 PM, Will Metcalf <william.metcalf at gmail.com>
> wrote:
>>
>> PF_RING 4.7 added the requirement to call pfring_enable_ring(), which
>> was not previously required nor in the 1.0.4 code base. So you have
>> two options, either use an older version of PF_RING a newer version of
>> suricata. You can get the latest version of the code by issuing the
>> following command.
>>
>> git clone git://phalanx.openinfosecfoundation.org/oisf.git
>>
>> Regards,
>>
>> Will
>>
>> On Sat, Sep 17, 2011 at 11:50 AM, Mohsen Saeedi <mohsen.saeedi at gmail.com>
>> wrote:
>> > Hi
>> > I make suricata 1.0.4 rpm and pfring 4.7 rpm and installed them with
>> > new pcap lib on the centos 6.0.but when i started suricata with below
>> > command it report some error about pfring receive! please help me.
>> > suricata -c /etc/suricata/suricata.yaml --pfring-int=eth1
>> >
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
>> > (ReceivePfringThreadInit) -- Going to use cluster-id 99
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
>> > (ReceivePfringThreadInit) -- going to use interface eth1
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
>> > (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
>> > (ReceivePfringThreadInit) -- pfring cluster type cluster_flow
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
>> > (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
>> > (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
>> > error -1
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
>> > [11847] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
>> > Recv:0 Drop:0 (-nan%).
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
>> > (ReceivePfringThreadInit) -- Going to use cluster-id 99
>> > [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
>> > (TmThreadRestartThread) -- thread "ReceivePfring" restarted
>> >
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
>> > (ReceivePfringThreadInit) -- going to use interface eth1
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
>> > (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
>> > (ReceivePfringThreadInit) -- pfring cluster type cluster_flow
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
>> > (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
>> > (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
>> > error -1
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
>> > [11848] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
>> > Recv:0 Drop:0 (-nan%).
>> > [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
>> > (TmThreadRestartThread) -- thread "ReceivePfring" restarted
>> >
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
>> > (ReceivePfringThreadInit) -- Going to use cluster-id 99
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
>> > (ReceivePfringThreadInit) -- going to use interface eth1
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
>> > (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
>> > (ReceivePfringThreadInit) -- pfring cluster type cluster_flow
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
>> > (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
>> > (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
>> > error -1
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
>> > [11849] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
>> > Recv:0 Drop:0 (-nan%).
>> > [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
>> > (TmThreadRestartThread) -- thread "ReceivePfring" restarted
>> >
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
>> > (ReceivePfringThreadInit) -- Going to use cluster-id 99
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
>> > (ReceivePfringThreadInit) -- going to use interface eth1
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
>> > (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
>> > (ReceivePfringThreadInit) -- pfring cluster type cluster_flow
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
>> > (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
>> > (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
>> > error -1
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
>> > [11850] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
>> > Recv:0 Drop:0 (-nan%).
>> > [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
>> > (TmThreadRestartThread) -- thread "ReceivePfring" restarted
>> >
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
>> > (ReceivePfringThreadInit) -- Going to use cluster-id 99
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
>> > (ReceivePfringThreadInit) -- going to use interface eth1
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
>> > (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
>> > (ReceivePfringThreadInit) -- pfring cluster type cluster_flow
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:292) <Info>
>> > (ReceivePfringThreadInit) -- pfring_set_cluster-id 99 set successfully
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:210) <Error>
>> > (ReceivePfring) -- [ERRCODE: SC_ERR_PF_RING_RECV(31)] - pfring_recv
>> > error -1
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:313) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 0, bytes 0
>> > [11851] 17/9/2011 -- 21:17:48 - (source-pfring.c:317) <Info>
>> > (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring Total:0
>> > Recv:0 Drop:0 (-nan%).
>> > [11829] 17/9/2011 -- 21:17:48 - (tm-threads.c:1349) <Info>
>> > (TmThreadRestartThread) -- thread "ReceivePfring" restarted
>> >
>> > [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:248) <Info>
>> > (ReceivePfringThreadInit) -- Going to use cluster-id 99
>> > [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:255) <Info>
>> > (ReceivePfringThreadInit) -- going to use interface eth1
>> > [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:269) <Info>
>> > (ReceivePfringThreadInit) -- Using PF_RING v.4.7.1
>> > [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:277) <Info>
>> > (ReceivePfringThreadInit) -- pfring cluster type cluster_flow
>> > [11852] 17/9/2011 -- 21:17:48 - (source-pfring.c:289) <Error>
>> > (ReceivePfringThreadInit) -- [ERRCODE:
>> > SC_ERR_PF_RING_SET_CLUSTER_FAILED(37)] - pfring_set_cluster returned
>> > -1 for cluster-id: 99
>> > [11829] 17/9/2011 -- 21:17:48 - (suricata.c:1165) <Info> (main) --
>> > signal received
>> > [11829] 17/9/2011 -- 21:17:48 - (suricata.c:1195) <Info> (main) --
>> > time elapsed 0s
>> > [11841] 17/9/2011 -- 21:17:48 - (flow.c:1107) <Info>
>> > (FlowManagerThread) -- 0 new flows, 0 established flows were timed
>> > out, 0 flows in closed state
>> > [11829] 17/9/2011 -- 21:17:48 - (stream-tcp-reassemble.c:291) <Info>
>> > (StreamTcpReassembleFree) -- Max memuse of the stream reassembly
>> > engine 11292544 (in use 0)
>> > [11829] 17/9/2011 -- 21:17:49 - (stream-tcp.c:487) <Info>
>> > (StreamTcpFreeConfig) -- Max memuse of stream engine 5505024 (in use
>> > 0)
>> > [11829] 17/9/2011 -- 21:17:49 - (detect.c:2820) <Info>
>> > (SigAddressCleanupStage1) -- cleaning up signature grouping
>> > structure...
>> > [11829] 17/9/2011 -- 21:17:49 - (detect.c:2835) <Info>
>> > (SigAddressCleanupStage1) -- cleaning up signature grouping
>> > structure... done
>> >
>> > --
>> > Seyyed Mohsen Saeedi
>> > سید محسن سعیدی
>> > _______________________________________________
>> > Discussion mailing list
>> > Discussion at openinfosecfoundation.org
>> > http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>> >
>
>
>
> --
> Seyyed Mohsen Saeedi
> سید محسن سعیدی
>
>
More information about the Discussion
mailing list