* we are not setting any BPF filter in snort config
* consider my previous post without that snort output error.
our problem shows up doing the following steps:
1. compile the tcpdump included in the pf_ring tar with
libpcap-1.1.1-pf_ring support
2. start sniffing with that tcpdump on an interface_not _pf_ring aware
after loading pf_ring module in trasparent mode = 1
3. _results: you do not see any packets_
is it normal? can you try it?
you can reproduce the same problem (no packets received) using a pf_ring
aware snort with daq PCAP (not daq pfring) on a non pf_ring nic.
in both those cases libpfring should not be used as i am not sniffing on
a pfring nic but on a standard nic and i should see packets since i am
simply using tcpdump on a standard nic.
for now i have solved in the following way:
* use snort daq pfring for all snort instances (even on the NICs not
pfring aware) -- is it correct? why it works ???
* use a tcpdump version compiled using libpcap-pfring library but
without -lpf_ring flag -- why it works ???
a further question:
can i put pf_ring in transparent mode=2 and use pf_ring aware
applications also for standard NICS?
for example, in the same enviroment described in the previous post, it
would mean using snort with daq pfring on the intel NIC and the same
snort binary with daq pcap on the Chelsio T4.
accordingly to what happens now in my system i would not see the packets
flowing in the Chelsio......
about DNA igb driver:
i have to say that we have done simply a test and we do not intend to
use dna features.
you can reproduce the problem doing:
1. compile pf_ring kernel mod, compile libpfing with dna support,
compile libpcap-pfiring, compile tcpdump with libpcap-pfring support
2. load pfring module in trasparent_mode = 2 , no tx mode, quickmode=1
3. compile and load igb 3.x DNA driver
4. start sniffing with tcpdump like this #tcpdump -i dna0
5. SYSTEM HANGS.....(i do not have trace file)
the system spec are the same of the prev. post.
On 09/26/2011 12:33 PM, Enrico Papi wrote:
Enrico
the libpfring library is not able to set BPF filters as they fall into
the libpcap domain, not PF_RING. MY colleague Alfredo is working at a
fix for it that will be out later this week, so you won't have to wait
too long.
Can you please let us know how to reproduce the DNA issues?
Regards Luca
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
