Hi Luca and Alfredo, I haven't heard back from you. Any particular reason why I shouldn't go ahead and push the current SVN to my users?
Thanks, Doug On Fri, Aug 30, 2013 at 7:05 AM, Doug Burks <[email protected]> wrote: > Is the current SVN considered stable enough that I can deploy it to my > users? Thoughts? > > Thanks! > > Doug > > On Thu, Aug 29, 2013 at 10:01 AM, Doug Burks <[email protected]> wrote: >> Hi Luca, >> >> Thanks for your quick reply! >> >> Yes, the code in SVN seems to fix the issue for me. Here's some further >> detail: >> >> Our current stable packages work fine: >> - Snort 2.9.4.6 >> - PF_RING 5.5.3 + patch for negative index causing fragments to be >> dropped. Should be roughly equivalent to PF_RING 5.6.0 release. For >> background info, reference this thread: >> http://listgateway.unipi.it/mailman/private/ntop-misc/2013-June/003782.html >> >> Using this version of PF_RING 5.5.3/5.6.0, if I upgrade to Snort >> 2.9.5.3, snort goes to 100% CPU usage and drops all packets: >> Snort processed 0 packets. >> Snort ran for 0 days 0 hours 1 minutes 31 seconds >> Pkts/min: 0 >> Pkts/sec: 0 >> =============================================================================== >> Packet I/O Totals: >> Received: 0 >> Analyzed: 0 ( 0.000%) >> Dropped: 11246 (100.000%) >> >> Seems similar to what's described in this thread: >> http://listgateway.unipi.it/mailman/private/ntop-misc/2013-July/003855.html >> >> Looking at the date of Alfredo's conclusion to that thread, looks like >> the Snort issue may have been fixed in r6616 - >> trunk/PF_RING/userland/snort/pfring-daq-module? >> http://listgateway.unipi.it/mailman/private/ntop-dev/2013-July/011004.html >> >> If I then upgrade to PF_RING 5.6.1 SVN, snort seems to work fine (CPU >> usage is normal, packets are analyzed and alerts flowing). >> >> Is the current SVN considered stable enough that I can deploy it to my users? >> >> Thanks, >> Doug >> >> On Wed, Aug 28, 2013 at 5:18 PM, Luca Deri <[email protected]> wrote: >>> Doug, >>> we're making big changes to DNA/libzero so the next release will be a major >>> release. Hence for us it's ok to release 5.6.1 before such release. >>> >>> Did you check that the code in SVN has really fixed the issue? >>> >>> Regards Luca >>> >>> >>> On Aug 28, 2013, at 4:18 PM, Doug Burks <[email protected]> wrote: >>> >>>> Hello all, >>>> >>>> I'm getting ready to build and deploy packages for Snort 2.9.5.3, but >>>> it appears there is a bug when using Snort 2.9.5 and higher with the >>>> current PF_RING 5.6.0 release. Looking at ntop-dev and ntop-misc, it >>>> appears this bug was fixed on 7/20 in the 5.6.1 development version. >>>> >>>> When do you expect to release 5.6.1? >>>> >>>> Thanks! >>>> >>>> -- >>>> Doug Burks >>>> http://securityonion.blogspot.com >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> -- >> Doug Burks >> http://securityonion.blogspot.com > > > > -- > Doug Burks > http://securityonion.blogspot.com -- Doug Burks http://securityonion.blogspot.com _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
