[Oisf-users] Error in compiling the pf_ring support

Victor Julien victor at inliniac.net
Sun Mar 20 09:05:45 UTC 2011 

Phillip,

Did you try following the INSTALL.PF_RING document in the doc/ folder of
the source? It contains all steps to get to a working pfring. You can
skip the parts related to the e1000e driver if you don't have that.

https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/doc/INSTALL.PF_RING

In this do the configure options needed for PF_RING are also listed.

Cheers,
Victor

On 03/20/2011 08:55 AM, Phillip Bailey wrote:
> 
> Hi Eric,
> 
> thanks very much for the pf_ring.h hint, it worked like a charm, but  i
> stumbled on a new problem running suricata with pf ring support.
> 
> suricata --pfring-int=eth1 --pfring-cluster-id=99
> --pfring-cluster-type=cluster_flow -c /etc/suricata/suricata.yaml
> [1462] 20/3/2011 -- 08:44:16 - (suricata.c:440) <Info> (main) -- This is
> Suricata version 1.1beta1
> [1462] 20/3/2011 -- 08:44:16 - (suricata.c:486) <Error> (main) --
> [ERRCODE: SC_ERR_NO_PF_RING(30)] - PF_RING not enabled. Make sure to
> pass --enable-pfring to configure when building.
> 
> 
> Is this is  happening because I'm working on Vmware server ?
> 
> According with the ethtool command, I'm not using a pfring capable
> card.
> 
> ethtool -i eth1
> driver: pcnet32
> version: 1.35
> firmware-version:
> bus-info: 0000:00:11.0
> 
> Anyway running modinfo pf_ring seems that pf_ring is installed and fine,
> at least for me.
> 
> 
> modinfo pf_ring
> filename:       /lib/modules/2.6.32-30-generic/updates/dkms/pf_ring.ko
> alias:          net-pf-27
> description:    Packet capture acceleration and analysis
> author:         Luca Deri <deri at ntop.org>
> license:        GPL
> srcversion:     2168F12B13A0EC201A08D65
> depends:
> vermagic:       2.6.32-30-generic SMP mod_unload modversions 586
> parm:           min_num_slots:Min number of ring slots (uint)
> parm:           transparent_mode:0=standard Linux,
> 1=direct2pfring+transparent, 2=direct2pfring+non transparentFor 1 and 2
> you need to use a PF_RING aware driver (uint)
> parm:           enable_debug:Set to 1 to enable PF_RING debug tracing
> into the syslog (uint)
> parm:           enable_tx_capture:Set to 1 to capture outgoing packets
> (uint)
> parm:           enable_ip_defrag:Set to 1 to enable IP
> defragmentation(only rx traffic is defragmentead) (uint)
> 
> 
> At the moment I don't have a spare server with such card, how can I test
> the pf_ring support ? Can I upload a copy of the Smooth-Sec iso image
> and someone can test it ?
> 
> 
> Best,
> 
> Phillip
> 
> 
> 
> 
> 
> On 03/20/2011 12:44 AM, Eric Leblond wrote:
>> Hello,
> 
>> Le samedi 19 mars 2011 à 21:43 +0100, phillip at bailey.st a écrit :
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>>
>>> Dear All,
>>>
>>> I'm trying to implement the pf_ring support on the Smooth-Sec
>>> distribution, I've followed step by step your how to
>>> http://bit.ly/hItajV and at the very end I'm getting one error
>>> on compiling suricata, please see the error below. There's any
>>> patch to fix this ?
>>>
>>> source-pfring.c: In function 'ReceivePfringThreadInit':
>>> source-pfring.c:285: error: too few arguments to function
>>> 'pfring_set_cluster'
>>> source-pfring.c:235: warning: unused variable 'tmpctype'
>>> make[2]: *** [source-pfring.o] Error 1
>>> make[2]: Leaving directory `/root/suricata-1.1beta1/src'
>>> make[1]: *** [all-recursive] Error 1
>>> make[1]: Leaving directory `/root/suricata-1.1beta1'
>>> make: *** [all] Error 2
>>>
>>>
>>> Thanks in advance for your help.
> 
>> I manage to get exactly the same issue. The compilation fails because
>> HAVE_PFRING_CLUSTER_TYPE is not set as it should be (pfring_set_cluster
>> test fails due to some problem). You can check this in config.log, it
>> should be indicated some lines below:
>>     checking for pfring_set_cluster in -lpfring
>> In my case, this was due to the fact I did not install correctly
>> linux/pf_ring.h. After doing from pf_ring root directory:
>>   sudo cp kernel/linux/pf_ring.h /usr/local/include/linux/
>> I then rerun configure and compilation went fine.
> 
>> BR,
> 

_______________________________________________
Oisf-users mailing list
Oisf-users at openinfosecfoundation.org
http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list