[Oisf-users] Error in compiling the pf_ring support

Phillip Bailey phillip at bailey.st
Sun Mar 20 07:55:49 UTC 2011

Hash: SHA1

Hi Eric,

thanks very much for the pf_ring.h hint, it worked like a charm, but  i
stumbled on a new problem running suricata with pf ring support.

suricata --pfring-int=eth1 --pfring-cluster-id=99
- --pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml
[1462] 20/3/2011 -- 08:44:16 - (suricata.c:440) <Info> (main) -- This is
Suricata version 1.1beta1
[1462] 20/3/2011 -- 08:44:16 - (suricata.c:486) <Error> (main) --
[ERRCODE: SC_ERR_NO_PF_RING(30)] - PF_RING not enabled. Make sure to
pass --enable-pfring to configure when building.

Is this is  happening because I'm working on Vmware server ?

According with the ethtool command, I'm not using a pfring capable

ethtool -i eth1
driver: pcnet32
version: 1.35
bus-info: 0000:00:11.0

Anyway running modinfo pf_ring seems that pf_ring is installed and fine,
at least for me.

modinfo pf_ring
filename:       /lib/modules/2.6.32-30-generic/updates/dkms/pf_ring.ko
alias:          net-pf-27
description:    Packet capture acceleration and analysis
author:         Luca Deri <deri at ntop.org>
license:        GPL
srcversion:     2168F12B13A0EC201A08D65
vermagic:       2.6.32-30-generic SMP mod_unload modversions 586
parm:           min_num_slots:Min number of ring slots (uint)
parm:           transparent_mode:0=standard Linux,
1=direct2pfring+transparent, 2=direct2pfring+non transparentFor 1 and 2
you need to use a PF_RING aware driver (uint)
parm:           enable_debug:Set to 1 to enable PF_RING debug tracing
into the syslog (uint)
parm:           enable_tx_capture:Set to 1 to capture outgoing packets
parm:           enable_ip_defrag:Set to 1 to enable IP
defragmentation(only rx traffic is defragmentead) (uint)

At the moment I don't have a spare server with such card, how can I test
the pf_ring support ? Can I upload a copy of the Smooth-Sec iso image
and someone can test it ?



On 03/20/2011 12:44 AM, Eric Leblond wrote:
> Hello,
> Le samedi 19 mars 2011 à 21:43 +0100, phillip at bailey.st a écrit :
>> Hash: SHA1
>> Dear All,
>> I'm trying to implement the pf_ring support on the Smooth-Sec
>> distribution, I've followed step by step your how to
>> http://bit.ly/hItajV and at the very end I'm getting one error
>> on compiling suricata, please see the error below. There's any
>> patch to fix this ?
>> source-pfring.c: In function 'ReceivePfringThreadInit':
>> source-pfring.c:285: error: too few arguments to function
>> 'pfring_set_cluster'
>> source-pfring.c:235: warning: unused variable 'tmpctype'
>> make[2]: *** [source-pfring.o] Error 1
>> make[2]: Leaving directory `/root/suricata-1.1beta1/src'
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory `/root/suricata-1.1beta1'
>> make: *** [all] Error 2
>> Thanks in advance for your help.
> I manage to get exactly the same issue. The compilation fails because
> HAVE_PFRING_CLUSTER_TYPE is not set as it should be (pfring_set_cluster
> test fails due to some problem). You can check this in config.log, it
> should be indicated some lines below:
>     checking for pfring_set_cluster in -lpfring
> In my case, this was due to the fact I did not install correctly
> linux/pf_ring.h. After doing from pf_ring root directory:
>   sudo cp kernel/linux/pf_ring.h /usr/local/include/linux/
> I then rerun configure and compilation went fine.
> BR,

Version: GnuPG v1.4.10 (GNU/Linux)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDB683813.asc
Type: application/pgp-keys
Size: 1719 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110320/dc193c62/attachment.key>

More information about the Oisf-users mailing list