Funnily enough, I'd just done something similar for libpcap:
--- pcap-linux.c.orig 2012-07-11 22:26:50.140614153 +0100
+++ pcap-linux.c 2012-07-24 11:32:29.546820579 +0100
@@ -1165,6 +1165,7 @@
/* Code courtesy of Chris Wakelin <[email protected]> */
char *clusterId;
int flags = 0;
+ char *appname;
if(handle->opt.promisc) flags |= PF_RING_PROMISC;
if(getenv("PCAP_PF_RING_DNA_RSS")) flags |=
PF_RING_DNA_SYMMETRIC_RSS;
@@ -1179,6 +1180,10 @@
else
pfring_set_cluster(handle->ring, atoi(clusterId),
cluster_round_robin);
+ if(appname = getenv("PCAP_PF_RING_APPNAME"))
+ if(strlen(appname) > 0 && strlen(appname) <= 32)
+ pfring_set_application_name(handle->ring, appname);
+
pfring_set_poll_watermark(handle->ring, 1 /* watermark */);
handle->ring->dna.dna_rx_sync_watermark = 0; /* trick
(otherwise tshark wouldn't work with DNA) */
} else
though it might make sense to try and get the appname from the
commandline or thread name if none is specified otherwise.
I then found it doesn't seem to work with DNA clusters (at least in
PF_RING 5.4.4). I spent a while scratching my head and then realised
that Suricata wasn't managing to set the name either and it was calling
pfring_set_application_name() directly.
On a related note, with DNA clusters, I can't make sense of the device
names in /proc/net/pfring/<pid>-<interface>.nnn; For my DNA cluster
dnacluster:1 (using dna0 as the source) I've got some appearing as
<pid>-dna0.nnn and others as <pid>-dna1.nnn with pfdnacluster_master
itself appearing as expected as <pid>-dna0.nnn
Is this expected behaviour?
Best Wishes,
Chris
On 24/07/12 16:42, Alfredo Cardigliano wrote:
> available in svn, thank you
>
> Alfredo
>
> On Jul 24, 2012, at 5:16 PM, [email protected] wrote:
>
>> Hi,
>>
>> pls consider the following little patch that sets the application name
>> in the daq_pfring module:
>>
>>
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, [email protected]
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
