Hi,
Any input on how to avoid the libpcap and just purely using pf_ring
via the pfcount?
On Sun, May 26, 2013 at 7:51 PM, frwa onto <[email protected]> wrote:
> Hi Yuri,
> Before this I was using source and building it up according to
> the instruction. That is where I learn about pfcount and expand it further.
> The issue now is that I want to use pure pf_ring with no libpcap. That is
> the issue where pfcount consist of libpcap together. Is there any pure
> pf_ring example for us to follow?
>
>
> On Sun, May 26, 2013 at 3:48 AM, Francalacci Yuri <[email protected]> wrote:
>
>> Package contains compiled program and library. With the source you have
>> to build everything by yourself.
>> If you need to create you own app, start from a sample application. I
>> suggest you to start from the example app sources (that you do not have in
>> the package).
>>
>> Sent from my iPhone
>>
>> Il giorno 25/mag/2013, alle ore 21:39, frwa onto <[email protected]> ha
>> scritto:
>>
>> Hi Yuri,
>> Just wondering what difference does the source have from the
>> packages? Because end of the the pf_ring is running on both and just got
>> build our apps to utilize it right? Please correct if I am wrong here? I
>> would like to weight the difference and its effects?
>>
>>
>> On Sun, May 26, 2013 at 3:02 AM, Francalacci Yuri <[email protected]> wrote:
>>
>>> In this case you need to start from the sources, forgetting the
>>> packages.
>>> With the development toolkit you shoul be able to compile either pfring
>>> as module and the example apps (pfcount) and the userland library.
>>> Yuri
>>>
>>> Sent from my iPhone
>>>
>>> Il giorno 24/mag/2013, alle ore 17:10, frwa onto <[email protected]>
>>> ha scritto:
>>>
>>> Hi Yuri,
>>> Ok we aware of other packet capture engines like libpcap and
>>> winpcap(windows) etc. So what we read about pf_ring is its capability to
>>> capture at wire speed. Thus we thought of using it to minimize packet
>>> dropping for analysis. So now we need a simple sample with out any other
>>> library just pf_ring to capture packets and the rest we can do our self
>>> like pay load analysis etc.
>>>
>>>
>>> On Fri, May 24, 2013 at 10:16 AM, Yuri Francalacci <[email protected]>wrote:
>>>
>>>> a clean machine is a machine where you did not install anything except
>>>> the base os.
>>>> After this, the question is what is your goal?
>>>> the pfring package gives all the stuff needed to create "pfring"ed
>>>> binaries. So, if you want to compile a program with pfring you got all the
>>>> tools, but if it is not your goal, the package is useless.
>>>>
>>>>
>>>>
>>>> On 2013-05-24 14:52, frwa onto wrote:
>>>>
>>>>> Dear Yuri,
>>>>> My machine is Centos 6.4 a clean machine
>>>>> and just installed via the .rpm package which is the right way to
>>>>> install on Centos. So what is your idea being a clean machine what
>>>>> could go wrong there? Thank you.
>>>>>
>>>>> On Fri, May 24, 2013 at 2:06 AM, Yuri Francalacci <[email protected] [21]>
>>>>> wrote:
>>>>>
>>>>> It is pretty explicit whats wrong in your command.
>>>>>>
>>>>>>
>>>>>> pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>>>> pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>>>>
>>>>>> Ive read a lot of mail with several error but PF_RING is used by a
>>>>>> lot of people without all these troubles.
>>>>>> Probably the environment you are using (your system configuration,
>>>>>> the user you are using or something else) is not so clean, so what I
>>>>>> suggest you is to start from scratch on a clean env, if you need to
>>>>>> compile yourself PF_RING, download its sources and nothing else and
>>>>>> follow the README files.
>>>>>> Cheers, Yuri
>>>>>>
>>>>>> On 24/mag/2013, at 04:52, frwa onto <[email protected] [1]> wrote:
>>>>>>
>>>>>> > Hi Vito,
>>>>>> > This round I have checked every - and still below
>>>>>> is the results. Thank you for your help man.
>>>>>> > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>>>> -I../../kernel/plugins -I../lib -I../libpcap-1.1.1-ring -D
>>>>>> HAVE_ZERO -D ENABLE_BPF -O2 -c pfcount.c -o pfcount1.o
>>>>>> > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>>>> > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>>>> > In file included from pfcount.c:53:
>>>>>> > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No such
>>>>>> file or directory
>>>>>> > pfcount.c: In function ‘parse_bpf_filter’:
>>>>>> > pfcount.c:370: warning: implicit declaration of function
>>>>>> ‘pcap_compile_nopcap’
>>>>>> > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>>>>> this function)
>>>>>> > pfcount.c:371: error: (Each undeclared identifier is reported
>>>>>> only once
>>>>>> > pfcount.c:371: error: for each function it appears in.)
>>>>>> > pfcount.c:380: error: invalid use of undefined type ‘struct
>>>>>> bpf_program’
>>>>>> > pfcount.c: In function ‘dummyProcesssPacket’:
>>>>>> > pfcount.c:398: warning: implicit declaration of function
>>>>>> ‘bpf_filter’
>>>>>> > pfcount.c:398: error: invalid use of undefined type ‘struct
>>>>>> bpf_program’
>>>>>> >
>>>>>> >
>>>>>> >
>>>>>> > On Thu, May 23, 2013 at 3:31 AM, [email protected] [2]
>>>>>> <[email protected] [3]> wrote:
>>>>>> > On 05/23/2013 03:57 AM, frwa onto wrote:
>>>>>> > > Hi Vito,
>>>>>> > > I end up this problem now
>>>>>> > >
>>>>>> > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>>>> -I../../kernel/plugins
>>>>>> > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D ENABLE_BPF
>>>>>> -O2 -c
>>>>>> > > pfcount.c -o pfcount11.o
>>>>>> > > gcc: I../libpcap-1.1.1-ring: No such file or directory
>>>>>> >
>>>>>> > again you missed the minus in front of this option:
>>>>>> > "I../libpcap-1.1.1-ring" should be "-I../libpcap-1.1.1-ring"
>>>>>> >
>>>>>> >
>>>>>> > regards
>>>>>> > vito
>>>>>> >
>>>>>> > > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory
>>>>>> > > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory
>>>>>> > > In file included from pfcount.c:53:
>>>>>> > > /usr/local/include/pfring.h:**438:25: error: pfring_zero.h: No
>>>>>> such file
>>>>>> > > or directory
>>>>>> > > pfcount.c: In function ‘parse_bpf_filter’:
>>>>>> > > pfcount.c:370: warning: implicit declaration of function
>>>>>> > > ‘pcap_compile_nopcap’
>>>>>> > > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in
>>>>>> this function)
>>>>>> > > pfcount.c:371: error: (Each undeclared identifier is reported
>>>>>> only once
>>>>>> > > pfcount.c:371: error: for each function it appears in.)
>>>>>> > > pfcount.c:380: error: invalid use of undefined type ‘struct
>>>>>> bpf_program’
>>>>>> > > pfcount.c: In function ‘dummyProcesssPacket’:
>>>>>> > > pfcount.c:398: warning: implicit declaration of function
>>>>>> ‘bpf_filter’
>>>>>> > > pfcount.c:398: error: invalid use of undefined type ‘struct
>>>>>> bpf_program’
>>>>>> > >
>>>>>> > >
>>>>>> > > On Wed, May 22, 2013 at 9:34 AM, [email protected] [4]
>>>>>> > > <mailto:[email protected] [5]> <[email protected] [6]
>>>>>>
>>>>>> > > <mailto:[email protected] [7]>> wrote:
>>>>>> > >
>>>>>> > > Hello
>>>>>> > > On 05/22/2013 09:50 AM, frwa onto wrote:
>>>>>> > > > Hi Vito,
>>>>>> > > > Let me first thank you a lot you have
>>>>>> been helping me a lot
>>>>>> > > > since these few days and appreciate it.
>>>>>> > >
>>>>>> > > np, youre welcome
>>>>>>
>>>>>> > >
>>>>>> > > > 1.
>>>>>> > > > Ok I was then compiling it the wrong way. Why it need
>>>>>> to be so
>>>>>> > > > complicated ? Isnt the libraries should be linked
>>>>>> automatically.
>>>>>> > >
>>>>>> > > yes but you have to setup the write include/lib path
>>>>>> because the pfring
>>>>>> > > aware ones overlap the one that came with the OS...
>>>>>> > >
>>>>>> > > >So
>>>>>> > > > what I did I tried the first command as below and I
>>>>>> just chance the
>>>>>> > > > output to pfcount11. Since this already giving error I
>>>>>> could not
>>>>>> > > run the
>>>>>> > > > second command and still confuse why need these 2
>>>>>> command. Ok let me
>>>>>> > > > tell you what I plan is to purely use pf_ring to
>>>>>> capture packets
>>>>>> > > at wire
>>>>>> > > > speed as it suppose to do. So for that how should I
>>>>>> work around
>>>>>> > > with out
>>>>>> > > > the legacy pcap ?
>>>>>> > > >
>>>>>> > > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel
>>>>>> -I../../kernel/plugins
>>>>>> > > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D
>>>>>> ENABLE_BPF -O2 -c
>>>>>> > > > pfcount.c -o pfcount11.o
>>>>>> > >
>>>>>> > >
>>>>>> > > missing the minus?
>>>>>> > >
>>>>>> > > I../libpcap-1.1.1-ring --> -I../libpcap-1.1.1-ring
>>>>>> > >
>>>>>> > > let me know if it helps
>>>>>> > >
>>>>>> > > ciao
>>>>>> > > -v
>>>>>> > > ______________________________**_________________
>>>>>> > > Ntop-misc mailing list
>>>>>> > > [email protected] [8]
>>>>>> <mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>[9]>
>>>>>> > >
>>>>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>>> [10]
>>>>>> > >
>>>>>> > >
>>>>>> > >
>>>>>> > >
>>>>>> > > ______________________________**_________________
>>>>>> > > Ntop-misc mailing list
>>>>>> > > [email protected] [11]
>>>>>> > > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[12]
>>>>>> > >
>>>>>> >
>>>>>> > ______________________________**_________________
>>>>>> > Ntop-misc mailing list
>>>>>> > [email protected] [13]
>>>>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[14]
>>>>>> >
>>>>>> > ______________________________**_________________
>>>>>> > Ntop-misc mailing list
>>>>>> > [email protected] [15]
>>>>>> > http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[16]
>>>>>>
>>>>>> ##############################**#################
>>>>>> Yuri Francalacci - [email protected] [17] -
>>>>>> http://www.ntop.org [18]
>>>>>>
>>>>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci
>>>>>> ##############################**#################
>>>>>>
>>>>>> ______________________________**_________________
>>>>>> Ntop-misc mailing list
>>>>>> [email protected] [19]
>>>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>[20]
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Links:
>>>>> ------
>>>>> [1] mailto:[email protected]
>>>>> [2] mailto:[email protected]
>>>>> [3] mailto:[email protected]
>>>>> [4] mailto:[email protected]
>>>>> [5] mailto:[email protected]
>>>>> [6] mailto:[email protected]
>>>>> [7] mailto:[email protected]
>>>>> [8]
>>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>>> [9]
>>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>>> [10]
>>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>> [11]
>>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>>> [12]
>>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>> [13]
>>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>>> [14]
>>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>> [15]
>>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>>> [16]
>>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>> [17] mailto:[email protected]
>>>>> [18] http://www.ntop.org
>>>>> [19]
>>>>> mailto:Ntop-misc@listgateway.**unipi.it<[email protected]>
>>>>> [20]
>>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>> [21] mailto:[email protected]
>>>>>
>>>>
>>>> --
>>>> Yuri Francalacci
>>>> [email protected]
>>>> "It seems that perfection is reached not when there is nothing left to
>>>> add,
>>>> but when there is nothing left to take away"
>>>> Antoine de Saint Exupéry
>>>>
>>>> ______________________________**_________________
>>>> Ntop-misc mailing list
>>>> [email protected]
>>>> http://listgateway.unipi.it/**mailman/listinfo/ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
>>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> [email protected]
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>>
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>
>>
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
