Hi Frwa (if this is your name)
Did you change something in pfcount? Can I see your code?
If this is not the case, please give us more info: drivers you are using,
traffic you are capturing, etc.
Please note that you should use the -m option in order to print all the info
with -v.
Please also note that there is a new version of pfcount in svn with some fixes.
Regards
Alfredo
On Jun 12, 2012, at 7:30 PM, frwa onto wrote:
> Hi Simms,
> Ok managed to compile it but we are having problem here in the
> dummyProcessPacket function it shows like this.
>
>
> [eth_type=0x0000][l3_proto=0][0.0.0.0:0 -> 0.0.0.0:0] [00:00:00:00:00:00 ->
> 00:00:00:00:00:00] [TX][if_index=0][00:1E:0B:85:B0:B1 ->
> 00:60:E0:44:E4:B2][eth_type=0x0800]
>
> The problem here is that first it shows as [eth_type=0x0800] then when I do a
> check before the if if(h->extended_hdr.parsed_pkt.eth_type == 0x0800) {I
> always get this values
>
> cHeck for 0x8000[ethType
> IS=0x0000][eth_type=0x0000][caplen=54][len=54][parsed_header_len=0][eth_offset=0][l3_offset=0][l4_offset=0][payload_offset=0]
>
>
> On Wed, Jun 13, 2012 at 12:39 AM, frwa onto <[email protected]> wrote:
> Hi Simms,
> Your method works for my first solution. How about this
> problem gcc -o pfExeV1.c $(mysql_config --cflags) pfV1.c $(mysql_config
> --libs) -lpfring where the problem could be for this ya. Thank you.
>
>
> On Tue, Jun 12, 2012 at 1:38 PM, Michael Simms <[email protected]>
> wrote:
> When you compiled the userland/libs directory that produced libpfring.so, you
> need to do:
>
> cd userland/lib
> ./configure --disable-bpf
> make
> make install
>
>
> Note the --disable-bpf
>
> That removes the need to include pcap-style filtering.
>
>
> If you wish to use pcap style filtering, simply also link your program
> against libpcap instead, such as:
>
> gcc -o pfCount1 pfcount.c -lpfring -lpcap
>
> Hope that helps.
>
>
> > gcc -o pfCount1 pfcount.c -lpfring
> /usr/local/lib/libpfring.so: undefined reference to `pcap_compile_nopcap'
> collect2: ld returned 1 exit status We get this error.
>
> > Then we have edited the pfring with some mysql additional and when we
> > compile
>
> > gcc -o pfExeV1.c $(mysql_config --cflags) pfV1.c $(mysql_config --libs)
> > -lpfring
> pfV1.c:24:1: warning: "_GNU_SOURCE" redefined
> > <command-line>: warning: this is the location of the previous definition
> > pfV1.c: In function âmainâ:
> > pfV1.c:745: error: too many arguments to function âpfring_openâ
>
>
> > What are we missing in our installation process?
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
