Thanks, Alfredo. I had already packaged 5.6.1 from SVN on 8/28. Looks like that should be equivalent to the final 5.6.1 release. Can you confirm?
Thanks, Doug On Mon, Sep 2, 2013 at 7:53 AM, Alfredo Cardigliano <[email protected]> wrote: > Hi Doug > sorry we forgot to inform you, pf_ring 5.6.1 is out > > Alfredo > > On Sep 2, 2013, at 1:36 PM, Doug Burks <[email protected]> wrote: > >> Hi Luca and Alfredo, >> >> I haven't heard back from you. Any particular reason why I shouldn't >> go ahead and push the current SVN to my users? >> >> Thanks, >> Doug >> >> On Fri, Aug 30, 2013 at 7:05 AM, Doug Burks <[email protected]> wrote: >>> Is the current SVN considered stable enough that I can deploy it to my >>> users? Thoughts? >>> >>> Thanks! >>> >>> Doug >>> >>> On Thu, Aug 29, 2013 at 10:01 AM, Doug Burks <[email protected]> wrote: >>>> Hi Luca, >>>> >>>> Thanks for your quick reply! >>>> >>>> Yes, the code in SVN seems to fix the issue for me. Here's some further >>>> detail: >>>> >>>> Our current stable packages work fine: >>>> - Snort 2.9.4.6 >>>> - PF_RING 5.5.3 + patch for negative index causing fragments to be >>>> dropped. Should be roughly equivalent to PF_RING 5.6.0 release. For >>>> background info, reference this thread: >>>> http://listgateway.unipi.it/mailman/private/ntop-misc/2013-June/003782.html >>>> >>>> Using this version of PF_RING 5.5.3/5.6.0, if I upgrade to Snort >>>> 2.9.5.3, snort goes to 100% CPU usage and drops all packets: >>>> Snort processed 0 packets. >>>> Snort ran for 0 days 0 hours 1 minutes 31 seconds >>>> Pkts/min: 0 >>>> Pkts/sec: 0 >>>> =============================================================================== >>>> Packet I/O Totals: >>>> Received: 0 >>>> Analyzed: 0 ( 0.000%) >>>> Dropped: 11246 (100.000%) >>>> >>>> Seems similar to what's described in this thread: >>>> http://listgateway.unipi.it/mailman/private/ntop-misc/2013-July/003855.html >>>> >>>> Looking at the date of Alfredo's conclusion to that thread, looks like >>>> the Snort issue may have been fixed in r6616 - >>>> trunk/PF_RING/userland/snort/pfring-daq-module? >>>> http://listgateway.unipi.it/mailman/private/ntop-dev/2013-July/011004.html >>>> >>>> If I then upgrade to PF_RING 5.6.1 SVN, snort seems to work fine (CPU >>>> usage is normal, packets are analyzed and alerts flowing). >>>> >>>> Is the current SVN considered stable enough that I can deploy it to my >>>> users? >>>> >>>> Thanks, >>>> Doug >>>> >>>> On Wed, Aug 28, 2013 at 5:18 PM, Luca Deri <[email protected]> wrote: >>>>> Doug, >>>>> we're making big changes to DNA/libzero so the next release will be a >>>>> major release. Hence for us it's ok to release 5.6.1 before such release. >>>>> >>>>> Did you check that the code in SVN has really fixed the issue? >>>>> >>>>> Regards Luca >>>>> >>>>> >>>>> On Aug 28, 2013, at 4:18 PM, Doug Burks <[email protected]> wrote: >>>>> >>>>>> Hello all, >>>>>> >>>>>> I'm getting ready to build and deploy packages for Snort 2.9.5.3, but >>>>>> it appears there is a bug when using Snort 2.9.5 and higher with the >>>>>> current PF_RING 5.6.0 release. Looking at ntop-dev and ntop-misc, it >>>>>> appears this bug was fixed on 7/20 in the 5.6.1 development version. >>>>>> >>>>>> When do you expect to release 5.6.1? >>>>>> >>>>>> Thanks! >>>>>> >>>>>> -- >>>>>> Doug Burks >>>>>> http://securityonion.blogspot.com >>>>>> _______________________________________________ >>>>>> Ntop-misc mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> >>>> >>>> >>>> -- >>>> Doug Burks >>>> http://securityonion.blogspot.com >>> >>> >>> >>> -- >>> Doug Burks >>> http://securityonion.blogspot.com >> >> >> >> -- >> Doug Burks >> http://securityonion.blogspot.com >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Doug Burks http://securityonion.blogspot.com _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
