[Oisf-users] Difficulty finding compatible PF_RING revision/version
hachirota at gmail.com
hachirota at gmail.com
Tue Jun 7 17:47:07 UTC 2011
Many thanks to all for the fast suggestions, and to Victor for the
equally speedy patch.
With r4613 (4.6.5), e1000e-pf_ring 1.3.10a fails to
dkms build on Debian 5.0 + 2.6.26-2-openvz-amd64 kernel.
With PF_RING r4381 (4.5.0) everything clicked into place and suricata
built. Kudos.
A few tests suggest to me that it's installed properly. The eth0
driver version hasn't changed but I don't think that's a problem...
someone correct me if I'm wrong :)
# ethtool -i eth0
driver: e1000e
version: 0.3.3.3-k2
firmware-version: 3.1-2
bus-info: 0000:03:00.0
# modinfo pf_ring
filename: /lib/modules/2.6.26-2-openvz-amd64/updates/dkms/pf_ring.ko
alias: net-pf-27
description: Packet capture acceleration and analysis
author: Luca Deri <deri at ntop.org>
license: GPL
depends:
vermagic: 2.6.26-2-openvz-amd64 SMP mod_unload modversions
parm: min_num_slots:Number of ring slots (uint)
parm: transparent_mode:0=standard Linux, 1=direct2pfring+transparent, 2=direct2pfring+non transparentFor 1 and 2 you need to use a PF_RING aware driver (uint)
parm: enable_tx_capture:Set to 1 to capture outgoing packets (uint)
parm: enable_ip_defrag:Set to 1 to enable IP defragmentation(only rx traffic is defragmentead) (uint)
# cat /proc/net/pf_ring/info
PF_RING Version : 4.5.0 ($Revision: exported$)
Ring slots : 4096
Slot version : 12
Capture TX : Yes [RX+TX]
IP Defragment : No
Transparent mode : Yes
Total rings : 0
Total plugins : 0
# ./pcount
Capturing from eth0
=========================
Absolute Stats: [3 pkts rcvd][0 pkts dropped]
Total Pkts=3/Dropped=0.0 %
3 pkts [9.2 pkt/sec] - 226 bytes [0.01 Mbit/sec]
=========================
--
David
Tuesday, June 07, 2011, 12:44:57 PM Eastern Standard Time
More information about the Oisf-users
mailing list