Nelo transparent_mode 1 and 2 work only with PF_RING-aware drivers (you can find them under <PF_RING>/drivers/PF_RING_aware/ )
Best regards Alfredo On Oct 4, 2011, at 2:06 PM, Nelo Belda wrote: > I'm trying to install PF_RING on Debian 6 to use it with Snort. I've followed > many guides and posts but I wasn't able to load it properly. Installation was > fine (no errors at compilation or loading modules) or it seems so, and > pf_ring in transparent mode 0 seems to work fine because snort received > packets, but problems happen in transparent mode 1 and 2. > > When I load pf_ring with mode 0, tcpdump and pfcount read traffic so I can > see statistics but when pf_ring is loaded in the other modes, none of these > apps show anything. > > I paste some information about my device and other stuffs that could help. > > root@escila:~# cat /proc/net/pf_ring/info > PF_RING Version : 5.1.0 ($Revision: $) > Ring slots : 4096 > Slot version : 13 > Capture TX : No [RX only] > IP Defragment : No > Socket Mode : Standard > Transparent mode : Yes (mode 1) > Total rings : 0 > Total plugins : 0 > > When I run pfcount Total rings shows "1". (it says to me it's working > properly) > > root@escila:~# cat /proc/net/pf_ring/dev/eth2/ > info > Name: eth2 > Index: 28 > Address: 98:4B:E1:67:4E:D0 > Polling Mode: NAPI/TNAPI > Type: Ethernet > Family: Standard NIC > # Bound Sockets: 0 > Max # TX Queues: 8 > # Used RX Queues: 8 > > When I run pfcount Bound sockets shows "1". (it says to me it's working > properly) > > root@escila:~# cat /proc/net/pf_ring/dev/eth2/info > Name: eth2 > Index: 28 > Address: 98:4B:E1:67:4E:D0 > Polling Mode: NAPI/TNAPI > Type: Ethernet > Family: Standard NIC > # Bound Sockets: 1 > Max # TX Queues: 8 > # Used RX Queues: 8 > > > root@escila:~# ethtool -i eth2 > driver: bnx2 > version: 2.0.23b > firmware-version: bc 5.2.3 NCSI 2.0.6 > bus-info: 0000:04:00.0 > > (Latest driver from Broadcom, later than PF_RING's, wich neither works) > > > root@escila:~# /opt/PF_RING/userland/examples/pfcount -i eth2 -v > Using PF_RING v.5.1.0 > Capturing from eth2 [98:4B:E1:67:4E:D0] > # Device RX channels: 8 > # Polling threads: 1 > ^C > ^CLeaving... > ========================= > Absolute Stats: [0 pkts rcvd][0 pkts dropped] > Total Pkts=0/Dropped=0.0 % > 0 pkts - 0 bytes > ========================= > > root@escila:~# lsmod > Module Size Used by > pf_ring 324435 0 > bnx2 177366 0 > > less /var/log/messages > ct 4 13:26:55 escila kernel: [93985.260867] ADDRCONF(NETDEV_UP): eth2: link > is not ready > Oct 4 13:26:58 escila kernel: [93987.751879] bnx2: eth2 NIC Copper Link is > Up, 1000 Mbps full duplex, receive & transmit flow control ON > Oct 4 13:26:58 escila kernel: [93987.753990] ADDRCONF(NETDEV_CHANGE): eth2: > link becomes ready > Oct 4 13:27:32 escila kernel: [94021.973810] NET: Unregistered protocol > family 27 > Oct 4 13:27:32 escila kernel: [94021.973817] [PF_RING] unloaded > Oct 4 13:28:03 escila kernel: [94052.406725] [PF_RING] Welcome to PF_RING > 5.1.0 ($Revision: $) > Oct 4 13:28:03 escila kernel: [94052.406727] (C) 2004-11 L.Deri > <[email protected]> > Oct 4 13:28:03 escila kernel: [94052.406736] [PF_RING] registered > /proc/net/pf_ring/ > Oct 4 13:28:03 escila kernel: [94052.406738] NET: Registered protocol family > 27 > Oct 4 13:28:03 escila kernel: [94052.406749] [PF_RING] Min # ring slots 4096 > Oct 4 13:28:03 escila kernel: [94052.406750] [PF_RING] Slot version 13 > Oct 4 13:28:03 escila kernel: [94052.406752] [PF_RING] Capture TX No > [RX only] > Oct 4 13:28:03 escila kernel: [94052.406754] [PF_RING] Transparent Mode 1 > Oct 4 13:28:03 escila kernel: [94052.406755] [PF_RING] IP Defragment No > Oct 4 13:28:03 escila kernel: [94052.406757] [PF_RING] Initialized correctly > > > > Some tips or clues I could check? > > Thanks in advance > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
