Hi Yuri,
Just wondering what difference does the source have from the
packages? Because end of the the pf_ring is running on both and just got
build our apps to utilize it right? Please correct if I am wrong here? I
would like to weight the difference and its effects?
On Sun, May 26, 2013 at 3:02 AM, Francalacci Yuri <[email protected]> wrote:
> In this case you need to start from the sources, forgetting the packages.
> With the development toolkit you shoul be able to compile either pfring as
> module and the example apps (pfcount) and the userland library.
> Yuri
>
> Sent from my iPhone
>
> Il giorno 24/mag/2013, alle ore 17:10, frwa onto <[email protected]> ha
> scritto:
>
> Hi Yuri,
> Ok we aware of other packet capture engines like libpcap and
> winpcap(windows) etc. So what we read about pf_ring is its capability to
> capture at wire speed. Thus we thought of using it to minimize packet
> dropping for analysis. So now we need a simple sample with out any other
> library just pf_ring to capture packets and the rest we can do our self
> like pay load analysis etc.
>
>
> On Fri, May 24, 2013 at 10:16 AM, Yuri Francalacci <[email protected]> wrote:
>
>> a clean machine is a machine where you did not install anything except
>> the base os.
>> After this, the question is what is your goal?
>> the pfring package gives all the stuff needed to create "pfring"ed
>> binaries. So, if you want to compile a program with pfring you got all the
>> tools, but if it is not your goal, the package is useless.
>>
>>
>>
>> On 2013-05-24 14:52, frwa onto wrote:
>>
>>> Dear Yuri,
>>> My machine is Centos 6.4 a clean machine
>>> and just installed via the .rpm package which is the right way to
>>> install on Centos. So what is your idea being a clean machine what
>>> could go wrong there? Thank you.
>>>
>>> On Fri, May 24, 2013 at 2:06 AM, Yuri Francalacci <[email protected] [21]>
>>> wrote:
>>>
>>> It is pretty explicit whats wrong in your command.
>>>>
>>>>
>>>> pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>> pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>>
>>>> Ive read a lot of mail with several error but PF_RING is used by a
>>>> lot of people without all these troubles.
>>>> Probably the environment you are using (your system configuration,
>>>> the user you are using or something else) is not so clean, so what I
>>>> suggest you is to start from scratch on a clean env, if you need to
>>>> compile yourself PF_RING, download its sources and nothing else and
>>>> follow the README files.
>>>> Cheers, Yuri
>>>>
>>>> On 24/mag/2013, at 04:52, frwa onto <[email protected] [1]> wrote:
>>>>
>>>> > Hi Vito,
>>>> > This round I have checked every - and still below
>>>> is the results. Thank you for your help man.
>>>> > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>> -I../../kernel/plugins -I../lib -I../libpcap-1.1.1-ring -D
>>>> HAVE_ZERO -D ENABLE_BPF -O2 -c pfcount.c -o pfcount1.o
>>>> > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>> > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>> > In file included from pfcount.c:53:
>>>> > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No such
>>>> file or directory
>>>> > pfcount.c: In function ‘parse_bpf_filter’:
>>>> > pfcount.c:370: warning: implicit declaration of function
>>>> ‘pcap_compile_nopcap’
>>>> > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>>> this function)
>>>> > pfcount.c:371: error: (Each undeclared identifier is reported
>>>> only once
>>>> > pfcount.c:371: error: for each function it appears in.)
>>>> > pfcount.c:380: error: invalid use of undefined type ‘struct
>>>> bpf_program’
>>>> > pfcount.c: In function ‘dummyProcesssPacket’:
>>>> > pfcount.c:398: warning: implicit declaration of function
>>>> ‘bpf_filter’
>>>> > pfcount.c:398: error: invalid use of undefined type ‘struct
>>>> bpf_program’
>>>> >
>>>> >
>>>> >
>>>> > On Thu, May 23, 2013 at 3:31 AM, [email protected] [2]
>>>> <[email protected] [3]> wrote:
>>>> > On 05/23/2013 03:57 AM, frwa onto wrote:
>>>> > > Hi Vito,
>>>> > > I end up this problem now
>>>> > >
>>>> > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>> -I../../kernel/plugins
>>>> > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D ENABLE_BPF
>>>> -O2 -c
>>>> > > pfcount.c -o pfcount11.o
>>>> > > gcc: I../libpcap-1.1.1-ring: No such file or directory
>>>> >
>>>> > again you missed the minus in front of this option:
>>>> > "I../libpcap-1.1.1-ring" should be "-I../libpcap-1.1.1-ring"
>>>> >
>>>> >
>>>> > regards
>>>> > vito
>>>> >
>>>> > > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>> > > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>> > > In file included from pfcount.c:53:
>>>> > > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No
>>>> such file
>>>> > > or directory
>>>> > > pfcount.c: In function ‘parse_bpf_filter’:
>>>> > > pfcount.c:370: warning: implicit declaration of function
>>>> > > ‘pcap_compile_nopcap’
>>>> > > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>>> this function)
>>>> > > pfcount.c:371: error: (Each undeclared identifier is reported
>>>> only once
>>>> > > pfcount.c:371: error: for each function it appears in.)
>>>> > > pfcount.c:380: error: invalid use of undefined type ‘struct
>>>> bpf_program’
>>>> > > pfcount.c: In function ‘dummyProcesssPacket’:
>>>> > > pfcount.c:398: warning: implicit declaration of function
>>>> ‘bpf_filter’
>>>> > > pfcount.c:398: error: invalid use of undefined type ‘struct
>>>> bpf_program’
>>>> > >
>>>> > >
>>>> > > On Wed, May 22, 2013 at 9:34 AM, [email protected] [4]
>>>> > > <mailto:[email protected] [5]> <[email protected] [6]
>>>>
>>>> > > <mailto:[email protected] [7]>> wrote:
>>>> > >
>>>> > > Hello
>>>> > > On 05/22/2013 09:50 AM, frwa onto wrote:
>>>> > > > Hi Vito,
>>>> > > > Let me first thank you a lot you have
>>>> been helping me a lot
>>>> > > > since these few days and appreciate it.
>>>> > >
>>>> > > np, youre welcome
>>>>
>>>> > >
>>>> > > > 1.
>>>> > > > Ok I was then compiling it the wrong way. Why it need
>>>> to be so
>>>> > > > complicated ? Isnt the libraries should be linked
>>>> automatically.
>>>> > >
>>>> > > yes but you have to setup the write include/lib path
>>>> because the pfring
>>>> > > aware ones overlap the one that came with the OS...
>>>> > >
>>>> > > >So
>>>> > > > what I did I tried the first command as below and I
>>>> just chance the
>>>> > > > output to pfcount11. Since this already giving error I
>>>> could not
>>>> > > run the
>>>> > > > second command and still confuse why need these 2
>>>> command. Ok let me
>>>> > > > tell you what I plan is to purely use pf_ring to
>>>> capture packets
>>>> > > at wire
>>>> > > > speed as it suppose to do. So for that how should I
>>>> work around
>>>> > > with out
>>>> > > > the legacy pcap ?
>>>> > > >
>>>> > > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>> -I../../kernel/plugins
>>>> > > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D
>>>> ENABLE_BPF -O2 -c
>>>> > > > pfcount.c -o pfcount11.o
>>>> > >
>>>> > >
>>>> > > missing the minus?
>>>> > >
>>>> > > I../libpcap-1.1.1-ring --> -I../libpcap-1.1.1-ring
>>>> > >
>>>> > > let me know if it helps
>>>> > >
>>>> > > ciao
>>>> > > -v
>>>> > > ______________________________**_________________
>>>> > > Ntop-misc mailing list
>>>> > > [email protected] [8]
>>>> <mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>[9]>
>>>> > >
>>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>> [10]
>>>> > >
>>>> > >
>>>> > >
>>>> > >
>>>> > > ______________________________**_________________
>>>> > > Ntop-misc mailing list
>>>> > > [email protected] [11]
>>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[12]
>>>> > >
>>>> >
>>>> > ______________________________**_________________
>>>> > Ntop-misc mailing list
>>>> > [email protected] [13]
>>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[14]
>>>> >
>>>> > ______________________________**_________________
>>>> > Ntop-misc mailing list
>>>> > [email protected] [15]
>>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[16]
>>>>
>>>> ##############################**#################
>>>> Yuri Francalacci - [email protected] [17] -
>>>> http://www.ntop.org [18]
>>>>
>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
>>>> ##############################**#################
>>>>
>>>> ______________________________**_________________
>>>> Ntop-misc mailing list
>>>> [email protected] [19]
>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[20]
>>>>
>>>
>>>
>>>
>>> Links:
>>> ------
>>> [1] mailto:[email protected]
>>> [2] mailto:[email protected]
>>> [3] mailto:[email protected]
>>> [4] mailto:[email protected]
>>> [5] mailto:[email protected]
>>> [6] mailto:[email protected]
>>> [7] mailto:[email protected]
>>> [8] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>> [9] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>> [10]
>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> [11] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>> [12]
>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> [13] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>> [14]
>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> [15] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>> [16]
>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> [17] mailto:[email protected]
>>> [18] http://www.ntop.org
>>> [19] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>> [20]
>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>> [21] mailto:[email protected]
>>>
>>
>> --
>> Yuri Francalacci
>> [email protected]
>> "It seems that perfection is reached not when there is nothing left to
>> add,
>> but when there is nothing left to take away"
>> Antoine de Saint Exupéry
>>
>> ______________________________**_________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
