Enrico as follow up to your email can you please confirm if the DNA problem you reported is still present in PF_RING 5.1? If so, what hardware platform do you use?
Luca On Sep 27, 2011, at 9:56 AM, Alfredo Cardigliano wrote: > Enrico > see inline > > On Sep 26, 2011, at 8:48 PM, Enrico Papi wrote: > >> we are not setting any BPF filter in snort config >> consider my previous post without that snort output error. >> our problem shows up doing the following steps: >> compile the tcpdump included in the pf_ring tar with libpcap-1.1.1-pf_ring >> support >> start sniffing with that tcpdump on an interface not pf_ring aware after >> loading pf_ring module in trasparent mode = 1 >> results: you do not see any packets >> is it normal? can you try it? > > Yes, it is normal. > When PF_RING is in transparent_mode=1,2, it expects to receive packets > directly from the NIC, and does *not* listen for packets coming from the > linux stack. > >> >> you can reproduce the same problem (no packets received) using a pf_ring >> aware snort with daq PCAP (not daq pfring) on a non pf_ring nic. >> in both those cases libpfring should not be used as i am not sniffing on a >> pfring nic but on a standard nic and i should see packets since i am simply >> using tcpdump on a standard nic. >> for now i have solved in the following way: >> use snort daq pfring for all snort instances (even on the NICs not pfring >> aware) -- is it correct? why it works ??? >> use a tcpdump version compiled using libpcap-pfring library but without >> -lpf_ring flag -- why it works ??? >> >> a further question: >> can i put pf_ring in transparent mode=2 and use pf_ring aware applications >> also for standard NICS? > > No, with vanilla drivers you have to use transparent_mode=0 > > Best regards > Alfredo > >> for example, in the same enviroment described in the previous post, it would >> mean using snort with daq pfring on the intel NIC and the same snort binary >> with daq pcap on the Chelsio T4. >> accordingly to what happens now in my system i would not see the packets >> flowing in the Chelsio...... >> >> about DNA igb driver: >> i have to say that we have done simply a test and we do not intend to use >> dna features. >> >> you can reproduce the problem doing: >> compile pf_ring kernel mod, compile libpfing with dna support, compile >> libpcap-pfiring, compile tcpdump with libpcap-pfring support >> load pfring module in trasparent_mode = 2 , no tx mode, quickmode=1 >> compile and load igb 3.x DNA driver >> start sniffing with tcpdump like this #tcpdump -i dna0 >> SYSTEM HANGS.....(i do not have trace file) >> the system spec are the same of the prev. post. >> >> >> On 09/26/2011 12:33 PM, Enrico Papi wrote: >>> >>> Enrico >>> the libpfring library is not able to set BPF filters as they fall into the >>> libpcap domain, not PF_RING. MY colleague Alfredo is working at a fix for >>> it that will be out later this week, so you won't have to wait too long. >>> >>> Can you please let us know how to reproduce the DNA issues? >>> >>> Regards Luca >>> >>> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
