Yes Alfredo
On Sep 2, 2013, at 2:18 PM, Doug Burks <[email protected]> wrote: > Thanks, Alfredo. I had already packaged 5.6.1 from SVN on 8/28. > Looks like that should be equivalent to the final 5.6.1 release. Can > you confirm? > > Thanks, > Doug > > On Mon, Sep 2, 2013 at 7:53 AM, Alfredo Cardigliano > <[email protected]> wrote: >> Hi Doug >> sorry we forgot to inform you, pf_ring 5.6.1 is out >> >> Alfredo >> >> On Sep 2, 2013, at 1:36 PM, Doug Burks <[email protected]> wrote: >> >>> Hi Luca and Alfredo, >>> >>> I haven't heard back from you. Any particular reason why I shouldn't >>> go ahead and push the current SVN to my users? >>> >>> Thanks, >>> Doug >>> >>> On Fri, Aug 30, 2013 at 7:05 AM, Doug Burks <[email protected]> wrote: >>>> Is the current SVN considered stable enough that I can deploy it to my >>>> users? Thoughts? >>>> >>>> Thanks! >>>> >>>> Doug >>>> >>>> On Thu, Aug 29, 2013 at 10:01 AM, Doug Burks <[email protected]> wrote: >>>>> Hi Luca, >>>>> >>>>> Thanks for your quick reply! >>>>> >>>>> Yes, the code in SVN seems to fix the issue for me. Here's some further >>>>> detail: >>>>> >>>>> Our current stable packages work fine: >>>>> - Snort 2.9.4.6 >>>>> - PF_RING 5.5.3 + patch for negative index causing fragments to be >>>>> dropped. Should be roughly equivalent to PF_RING 5.6.0 release. For >>>>> background info, reference this thread: >>>>> http://listgateway.unipi.it/mailman/private/ntop-misc/2013-June/003782.html >>>>> >>>>> Using this version of PF_RING 5.5.3/5.6.0, if I upgrade to Snort >>>>> 2.9.5.3, snort goes to 100% CPU usage and drops all packets: >>>>> Snort processed 0 packets. >>>>> Snort ran for 0 days 0 hours 1 minutes 31 seconds >>>>> Pkts/min: 0 >>>>> Pkts/sec: 0 >>>>> =============================================================================== >>>>> Packet I/O Totals: >>>>> Received: 0 >>>>> Analyzed: 0 ( 0.000%) >>>>> Dropped: 11246 (100.000%) >>>>> >>>>> Seems similar to what's described in this thread: >>>>> http://listgateway.unipi.it/mailman/private/ntop-misc/2013-July/003855.html >>>>> >>>>> Looking at the date of Alfredo's conclusion to that thread, looks like >>>>> the Snort issue may have been fixed in r6616 - >>>>> trunk/PF_RING/userland/snort/pfring-daq-module? >>>>> http://listgateway.unipi.it/mailman/private/ntop-dev/2013-July/011004.html >>>>> >>>>> If I then upgrade to PF_RING 5.6.1 SVN, snort seems to work fine (CPU >>>>> usage is normal, packets are analyzed and alerts flowing). >>>>> >>>>> Is the current SVN considered stable enough that I can deploy it to my >>>>> users? >>>>> >>>>> Thanks, >>>>> Doug >>>>> >>>>> On Wed, Aug 28, 2013 at 5:18 PM, Luca Deri <[email protected]> wrote: >>>>>> Doug, >>>>>> we're making big changes to DNA/libzero so the next release will be a >>>>>> major release. Hence for us it's ok to release 5.6.1 before such release. >>>>>> >>>>>> Did you check that the code in SVN has really fixed the issue? >>>>>> >>>>>> Regards Luca >>>>>> >>>>>> >>>>>> On Aug 28, 2013, at 4:18 PM, Doug Burks <[email protected]> wrote: >>>>>> >>>>>>> Hello all, >>>>>>> >>>>>>> I'm getting ready to build and deploy packages for Snort 2.9.5.3, but >>>>>>> it appears there is a bug when using Snort 2.9.5 and higher with the >>>>>>> current PF_RING 5.6.0 release. Looking at ntop-dev and ntop-misc, it >>>>>>> appears this bug was fixed on 7/20 in the 5.6.1 development version. >>>>>>> >>>>>>> When do you expect to release 5.6.1? >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>>> -- >>>>>>> Doug Burks >>>>>>> http://securityonion.blogspot.com >>>>>>> _______________________________________________ >>>>>>> Ntop-misc mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>> >>>>>> _______________________________________________ >>>>>> Ntop-misc mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> >>>>> >>>>> >>>>> -- >>>>> Doug Burks >>>>> http://securityonion.blogspot.com >>>> >>>> >>>> >>>> -- >>>> Doug Burks >>>> http://securityonion.blogspot.com >>> >>> >>> >>> -- >>> Doug Burks >>> http://securityonion.blogspot.com >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > -- > Doug Burks > http://securityonion.blogspot.com > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
