[Oisf-users] Error in compiling the pf_ring support

Phillip Bailey phillip at bailey.st
Sun Mar 20 07:55:49 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi Eric,

thanks very much for the pf_ring.h hint, it worked like a charm, but  i
stumbled on a new problem running suricata with pf ring support.

suricata --pfring-int=eth1 --pfring-cluster-id=99
- --pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml
[1462] 20/3/2011 -- 08:44:16 - (suricata.c:440) <Info> (main) -- This is
Suricata version 1.1beta1
[1462] 20/3/2011 -- 08:44:16 - (suricata.c:486) <Error> (main) --
[ERRCODE: SC_ERR_NO_PF_RING(30)] - PF_RING not enabled. Make sure to
pass --enable-pfring to configure when building.


Is this is  happening because I'm working on Vmware server ?

According with the ethtool command, I'm not using a pfring capable
card.

ethtool -i eth1
driver: pcnet32
version: 1.35
firmware-version:
bus-info: 0000:00:11.0

Anyway running modinfo pf_ring seems that pf_ring is installed and fine,
at least for me.


modinfo pf_ring
filename:       /lib/modules/2.6.32-30-generic/updates/dkms/pf_ring.ko
alias:          net-pf-27
description:    Packet capture acceleration and analysis
author:         Luca Deri <deri at ntop.org>
license:        GPL
srcversion:     2168F12B13A0EC201A08D65
depends:
vermagic:       2.6.32-30-generic SMP mod_unload modversions 586
parm:           min_num_slots:Min number of ring slots (uint)
parm:           transparent_mode:0=standard Linux,
1=direct2pfring+transparent, 2=direct2pfring+non transparentFor 1 and 2
you need to use a PF_RING aware driver (uint)
parm:           enable_debug:Set to 1 to enable PF_RING debug tracing
into the syslog (uint)
parm:           enable_tx_capture:Set to 1 to capture outgoing packets
(uint)
parm:           enable_ip_defrag:Set to 1 to enable IP
defragmentation(only rx traffic is defragmentead) (uint)


At the moment I don't have a spare server with such card, how can I test
the pf_ring support ? Can I upload a copy of the Smooth-Sec iso image
and someone can test it ?


Best,

Phillip





On 03/20/2011 12:44 AM, Eric Leblond wrote:
> Hello,
> 
> Le samedi 19 mars 2011 à 21:43 +0100, phillip at bailey.st a écrit :
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Dear All,
>>
>> I'm trying to implement the pf_ring support on the Smooth-Sec
>> distribution, I've followed step by step your how to
>> http://bit.ly/hItajV and at the very end I'm getting one error
>> on compiling suricata, please see the error below. There's any
>> patch to fix this ?
>>
>> source-pfring.c: In function 'ReceivePfringThreadInit':
>> source-pfring.c:285: error: too few arguments to function
>> 'pfring_set_cluster'
>> source-pfring.c:235: warning: unused variable 'tmpctype'
>> make[2]: *** [source-pfring.o] Error 1
>> make[2]: Leaving directory `/root/suricata-1.1beta1/src'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory `/root/suricata-1.1beta1'
>> make: *** [all] Error 2
>>
>>
>> Thanks in advance for your help.
> 
> I manage to get exactly the same issue. The compilation fails because
> HAVE_PFRING_CLUSTER_TYPE is not set as it should be (pfring_set_cluster
> test fails due to some problem). You can check this in config.log, it
> should be indicated some lines below:
>     checking for pfring_set_cluster in -lpfring
> In my case, this was due to the fact I did not install correctly
> linux/pf_ring.h. After doing from pf_ring root directory:
>   sudo cp kernel/linux/pf_ring.h /usr/local/include/linux/
> I then rerun configure and compilation went fine.
> 
> BR,

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJNhbL/AAoJENNBJKHbaDgTn7MH/RAqS3jdsbJhxYgWLKhfGgh2
GEVnop0Qj1MyZ3pvB2i66yiJiPEEB53y1qjEtVq4WdMErcKL5Z61C5tuje6vTmOJ
c5zN8Hvkt+pDbCDMgePrKc4T91R7IXUEPjDS7Jpd5Z8OFzPWV8sqXKTPD5xnIIKU
bAwkukok3dopMKRv5MXb22EzeIP3I23uBFo50Rc3XZFM1xuijy56kXJWz0W/yyic
UuwKSZ4nmMxSZzeW85SQG53kbMDkZxywmjsp1XTMsgX26r6CiZQlXe4rci7Gu3n8
JsoQ1a+uOs31F7k0bRuLhq+7yg5nHcFL8pOttDfAozsYBLqvHPBDhX4JWEFc2HI=
=o3LU
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDB683813.asc
Type: application/pgp-keys
Size: 1719 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110320/dc193c62/attachment.key>

More information about the Oisf-users mailing list