Hi Yuri,
Before this I was using source and building it up according to
the instruction. That is where I learn about pfcount and expand it further.
The issue now is that I want to use pure pf_ring with no libpcap. That is
the issue where pfcount consist of libpcap together. Is there any pure
pf_ring example for us to follow?
On Sun, May 26, 2013 at 3:48 AM, Francalacci Yuri <[email protected]> wrote:
> Package contains compiled program and library. With the source you have to
> build everything by yourself.
> If you need to create you own app, start from a sample application. I
> suggest you to start from the example app sources (that you do not have in
> the package).
>
> Sent from my iPhone
>
> Il giorno 25/mag/2013, alle ore 21:39, frwa onto <[email protected]> ha
> scritto:
>
> Hi Yuri,
> Just wondering what difference does the source have from the
> packages? Because end of the the pf_ring is running on both and just got
> build our apps to utilize it right? Please correct if I am wrong here? I
> would like to weight the difference and its effects?
>
>
> On Sun, May 26, 2013 at 3:02 AM, Francalacci Yuri <[email protected]> wrote:
>
>> In this case you need to start from the sources, forgetting the packages.
>> With the development toolkit you shoul be able to compile either pfring
>> as module and the example apps (pfcount) and the userland library.
>> Yuri
>>
>> Sent from my iPhone
>>
>> Il giorno 24/mag/2013, alle ore 17:10, frwa onto <[email protected]> ha
>> scritto:
>>
>> Hi Yuri,
>> Ok we aware of other packet capture engines like libpcap and
>> winpcap(windows) etc. So what we read about pf_ring is its capability to
>> capture at wire speed. Thus we thought of using it to minimize packet
>> dropping for analysis. So now we need a simple sample with out any other
>> library just pf_ring to capture packets and the rest we can do our self
>> like pay load analysis etc.
>>
>>
>> On Fri, May 24, 2013 at 10:16 AM, Yuri Francalacci <[email protected]> wrote:
>>
>>> a clean machine is a machine where you did not install anything except
>>> the base os.
>>> After this, the question is what is your goal?
>>> the pfring package gives all the stuff needed to create "pfring"ed
>>> binaries. So, if you want to compile a program with pfring you got all the
>>> tools, but if it is not your goal, the package is useless.
>>>
>>>
>>>
>>> On 2013-05-24 14:52, frwa onto wrote:
>>>
>>>> Dear Yuri,
>>>> My machine is Centos 6.4 a clean machine
>>>> and just installed via the .rpm package which is the right way to
>>>> install on Centos. So what is your idea being a clean machine what
>>>> could go wrong there? Thank you.
>>>>
>>>> On Fri, May 24, 2013 at 2:06 AM, Yuri Francalacci <[email protected] [21]>
>>>> wrote:
>>>>
>>>> It is pretty explicit whats wrong in your command.
>>>>>
>>>>>
>>>>> pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>>> pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>>>
>>>>> Ive read a lot of mail with several error but PF_RING is used by a
>>>>> lot of people without all these troubles.
>>>>> Probably the environment you are using (your system configuration,
>>>>> the user you are using or something else) is not so clean, so what I
>>>>> suggest you is to start from scratch on a clean env, if you need to
>>>>> compile yourself PF_RING, download its sources and nothing else and
>>>>> follow the README files.
>>>>> Cheers, Yuri
>>>>>
>>>>> On 24/mag/2013, at 04:52, frwa onto <[email protected] [1]> wrote:
>>>>>
>>>>> > Hi Vito,
>>>>> > This round I have checked every - and still below
>>>>> is the results. Thank you for your help man.
>>>>> > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>>> -I../../kernel/plugins -I../lib -I../libpcap-1.1.1-ring -D
>>>>> HAVE_ZERO -D ENABLE_BPF -O2 -c pfcount.c -o pfcount1.o
>>>>> > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>>> > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>>> > In file included from pfcount.c:53:
>>>>> > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No such
>>>>> file or directory
>>>>> > pfcount.c: In function ‘parse_bpf_filter’:
>>>>> > pfcount.c:370: warning: implicit declaration of function
>>>>> ‘pcap_compile_nopcap’
>>>>> > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>>>> this function)
>>>>> > pfcount.c:371: error: (Each undeclared identifier is reported
>>>>> only once
>>>>> > pfcount.c:371: error: for each function it appears in.)
>>>>> > pfcount.c:380: error: invalid use of undefined type ‘struct
>>>>> bpf_program’
>>>>> > pfcount.c: In function ‘dummyProcesssPacket’:
>>>>> > pfcount.c:398: warning: implicit declaration of function
>>>>> ‘bpf_filter’
>>>>> > pfcount.c:398: error: invalid use of undefined type ‘struct
>>>>> bpf_program’
>>>>> >
>>>>> >
>>>>> >
>>>>> > On Thu, May 23, 2013 at 3:31 AM, [email protected] [2]
>>>>> <[email protected] [3]> wrote:
>>>>> > On 05/23/2013 03:57 AM, frwa onto wrote:
>>>>> > > Hi Vito,
>>>>> > > I end up this problem now
>>>>> > >
>>>>> > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>>> -I../../kernel/plugins
>>>>> > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D ENABLE_BPF
>>>>> -O2 -c
>>>>> > > pfcount.c -o pfcount11.o
>>>>> > > gcc: I../libpcap-1.1.1-ring: No such file or directory
>>>>> >
>>>>> > again you missed the minus in front of this option:
>>>>> > "I../libpcap-1.1.1-ring" should be "-I../libpcap-1.1.1-ring"
>>>>> >
>>>>> >
>>>>> > regards
>>>>> > vito
>>>>> >
>>>>> > > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>>> > > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>>> > > In file included from pfcount.c:53:
>>>>> > > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No
>>>>> such file
>>>>> > > or directory
>>>>> > > pfcount.c: In function ‘parse_bpf_filter’:
>>>>> > > pfcount.c:370: warning: implicit declaration of function
>>>>> > > ‘pcap_compile_nopcap’
>>>>> > > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>>>> this function)
>>>>> > > pfcount.c:371: error: (Each undeclared identifier is reported
>>>>> only once
>>>>> > > pfcount.c:371: error: for each function it appears in.)
>>>>> > > pfcount.c:380: error: invalid use of undefined type ‘struct
>>>>> bpf_program’
>>>>> > > pfcount.c: In function ‘dummyProcesssPacket’:
>>>>> > > pfcount.c:398: warning: implicit declaration of function
>>>>> ‘bpf_filter’
>>>>> > > pfcount.c:398: error: invalid use of undefined type ‘struct
>>>>> bpf_program’
>>>>> > >
>>>>> > >
>>>>> > > On Wed, May 22, 2013 at 9:34 AM, [email protected] [4]
>>>>> > > <mailto:[email protected] [5]> <[email protected] [6]
>>>>>
>>>>> > > <mailto:[email protected] [7]>> wrote:
>>>>> > >
>>>>> > > Hello
>>>>> > > On 05/22/2013 09:50 AM, frwa onto wrote:
>>>>> > > > Hi Vito,
>>>>> > > > Let me first thank you a lot you have
>>>>> been helping me a lot
>>>>> > > > since these few days and appreciate it.
>>>>> > >
>>>>> > > np, youre welcome
>>>>>
>>>>> > >
>>>>> > > > 1.
>>>>> > > > Ok I was then compiling it the wrong way. Why it need
>>>>> to be so
>>>>> > > > complicated ? Isnt the libraries should be linked
>>>>> automatically.
>>>>> > >
>>>>> > > yes but you have to setup the write include/lib path
>>>>> because the pfring
>>>>> > > aware ones overlap the one that came with the OS...
>>>>> > >
>>>>> > > >So
>>>>> > > > what I did I tried the first command as below and I
>>>>> just chance the
>>>>> > > > output to pfcount11. Since this already giving error I
>>>>> could not
>>>>> > > run the
>>>>> > > > second command and still confuse why need these 2
>>>>> command. Ok let me
>>>>> > > > tell you what I plan is to purely use pf_ring to
>>>>> capture packets
>>>>> > > at wire
>>>>> > > > speed as it suppose to do. So for that how should I
>>>>> work around
>>>>> > > with out
>>>>> > > > the legacy pcap ?
>>>>> > > >
>>>>> > > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>>> -I../../kernel/plugins
>>>>> > > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D
>>>>> ENABLE_BPF -O2 -c
>>>>> > > > pfcount.c -o pfcount11.o
>>>>> > >
>>>>> > >
>>>>> > > missing the minus?
>>>>> > >
>>>>> > > I../libpcap-1.1.1-ring --> -I../libpcap-1.1.1-ring
>>>>> > >
>>>>> > > let me know if it helps
>>>>> > >
>>>>> > > ciao
>>>>> > > -v
>>>>> > > ______________________________**_________________
>>>>> > > Ntop-misc mailing list
>>>>> > > [email protected] [8]
>>>>> <mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>[9]>
>>>>> > >
>>>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>> [10]
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > > ______________________________**_________________
>>>>> > > Ntop-misc mailing list
>>>>> > > [email protected] [11]
>>>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[12]
>>>>> > >
>>>>> >
>>>>> > ______________________________**_________________
>>>>> > Ntop-misc mailing list
>>>>> > [email protected] [13]
>>>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[14]
>>>>> >
>>>>> > ______________________________**_________________
>>>>> > Ntop-misc mailing list
>>>>> > [email protected] [15]
>>>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[16]
>>>>>
>>>>> ##############################**#################
>>>>> Yuri Francalacci - [email protected] [17] -
>>>>> http://www.ntop.org [18]
>>>>>
>>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
>>>>> ##############################**#################
>>>>>
>>>>> ______________________________**_________________
>>>>> Ntop-misc mailing list
>>>>> [email protected] [19]
>>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[20]
>>>>>
>>>>
>>>>
>>>>
>>>> Links:
>>>> ------
>>>> [1] mailto:[email protected]
>>>> [2] mailto:[email protected]
>>>> [3] mailto:[email protected]
>>>> [4] mailto:[email protected]
>>>> [5] mailto:[email protected]
>>>> [6] mailto:[email protected]
>>>> [7] mailto:[email protected]
>>>> [8] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>> [9] mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>> [10]
>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>> [11]
>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>> [12]
>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>> [13]
>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>> [14]
>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>> [15]
>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>> [16]
>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>> [17] mailto:[email protected]
>>>> [18] http://www.ntop.org
>>>> [19]
>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>> [20]
>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>> [21] mailto:[email protected]
>>>>
>>>
>>> --
>>> Yuri Francalacci
>>> [email protected]
>>> "It seems that perfection is reached not when there is nothing left to
>>> add,
>>> but when there is nothing left to take away"
>>> Antoine de Saint Exupéry
>>>
>>> ______________________________**_________________
>>> Ntop-misc mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
