[Oisf-users] Suricata with PF_RING on latest git
Edward Fjellskål
edwardfjellskaal at gmail.com
Thu Jul 5 20:04:13 UTC 2012
On 07/05/2012 03:02 PM, Victor Julien wrote:
> On 07/04/2012 10:56 PM, Edward Fjellskål wrote:
>> >From the testing Im doing now, about 50% of the times I stop
>> suricata, it wont... One time it spit out some info about
>> it taking too long to shut down, and after a little while
>> killed itself!
>
> This should be fixed in the current master.
>
So,
Just now:
$ git clone git://phalanx.openinfosecfoundation.org/oisf.git oisf-pfring
$ cd oisf-pfring
$ bash autogen.sh
$ ./configure --enable-pfring --prefix
/usr/local/suricata-1.3rc1-pfring/
--with-libpfring-libraries=/usr/local/pfring/lib
--with-libpfring-includes=/usr/local/pfring/include
--with-libpcap-includes=/usr/local/pfring/include
--with-libpcap-libraries=/usr/local/pfring/lib
LD_RUN_PATH="/usr/local/pfring/lib:/usr/lib:/usr/local/lib"
$ make && make install && make install-full
default in suricata.yaml for pfring:
pfring:
- interface: eth1
threads: 2
cluster-id: 99
cluster-type: cluster_flow
starting suricata like:
$ LD_LIBRARY_PATH=/usr/local/pfring/lib/
/usr/local/suricata-1.3rc1-pfring/bin/suricata -c
/usr/local/suricata-1.3rc1-pfring/etc/suricata//suricata.yaml
--pfring-int=eth1 --pfring-cluster-id=99
--pfring-cluster-type=cluster_flow --runmode=workers
Suricata starts, but dont capture any packets :(
And it wont shut down - kill -9 to the rescue....
Ubuntu 12.04 with PF_RING v.5.4.4 from git yesterday.
Things where working better with yesterdays suricata from git :)
E
More information about the Oisf-users
mailing list