Should i add -lnuma when instlaling daq or pfring-daq-module?
Ivan
On Thursday, August 21, 2014 12:14 AM, Luca Deri <[email protected]> wrote:
You need to add -lnuma to fix the problem
Luca
Sent from my iPhone (sorry for typos)
On 20/ago/2014, at 15:37, Ivan Petrov <[email protected]> wrote:
I've verified and it is indeed in promisc mode.
>
>
>dna0 Link encap:Ethernet HWaddr 00:1E:4F:48:03:2A
> inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0
> inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link
> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> Interrupt:21 Memory:fe9e0000-fea00000
>
>
>So i think the problem is with the configuration of Snort/Daq. Have you seen
>this error:
>
>
>sudo /usr/sbin/snort --daq-dir=/usr/local/lib/daq --daq-list
>
>
>/usr/local/lib/daq/daq_pfring.so: dlopen: /usr/local/lib/libpfring.so:
>undefined symbol: numa_parse_nodestring
>Available DAQ modules:
>pcap(v3): readback live multi unpriv
>afpacket(v5): live inline multi unpriv
>ipfw(v3): live inline multi unpriv
>dump(v2): readback live inline multi unpriv
>
>
>For some reason libpfring is not in the daq list.
>
>
>
>On Wednesday, August 20, 2014 10:17 AM, Luca Deri <[email protected]> wrote:
>
>
>
>Ivan
>can you please check if during capture the interface is in promiscuous mode
>(you can check it with ifconfig). All the rest looks good to me.
>
>
>Cheers Luca
>
>
>On 19 Aug 2014, at 13:13, Ivan Petrov <[email protected]> wrote:
>
>I've just noticed that there has been a change in rx's :
>>
>>
>>sudo ethtool -S dna0
>>NIC statistics:
>> rx_packets: 1120
>> tx_packets: 0
>> rx_bytes: 91790
>> tx_bytes: 0
>> rx_broadcast: 635
>> tx_broadcast: 0
>> rx_multicast: 485
>> tx_multicast: 0
>> rx_errors: 0
>> tx_errors: 0
>> tx_dropped: 0
>> multicast: 485
>> collisions: 0
>> rx_length_errors: 0
>> rx_over_errors: 0
>> rx_crc_errors: 0
>> rx_frame_errors: 0
>> rx_no_buffer_count: 0
>> rx_missed_errors: 0
>> tx_aborted_errors: 0
>> tx_carrier_errors: 0
>> tx_fifo_errors: 0
>> tx_heartbeat_errors: 0
>> tx_window_errors: 0
>> tx_abort_late_coll: 0
>> tx_deferred_ok: 0
>> tx_single_coll_ok: 0
>> tx_multi_coll_ok: 0
>> tx_timeout_count: 0
>> tx_restart_queue: 0
>> rx_long_length_errors: 0
>> rx_short_length_errors: 0
>> rx_align_errors: 0
>> tx_tcp_seg_good: 0
>> tx_tcp_seg_failed: 0
>> rx_flow_control_xon: 0
>> rx_flow_control_xoff: 0
>> tx_flow_control_xon: 0
>> tx_flow_control_xoff: 0
>> rx_csum_offload_good: 0
>> rx_csum_offload_errors: 0
>> rx_header_split: 0
>> alloc_rx_buff_failed: 0
>> tx_smbus: 0
>> rx_smbus: 0
>> dropped_smbus: 0
>> rx_dma_failed: 0
>> tx_dma_failed: 0
>> rx_hwtstamp_cleared: 0
>> uncorr_ecc_errors: 0
>> corr_ecc_errors: 0
>>
>>
>>
>>On Tuesday, August 19, 2014 12:47 PM, Ivan Petrov <[email protected]> wrote:
>>
>>
>>
>>Is the last line okay?
>>
>>
>>ifconfig dna0
>>dna0 Link encap:Ethernet HWaddr 00:1E:4F:48:03:2A
>> inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0
>> inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>> collisions:0 txqueuelen:1000
>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>> Interrupt:21 Memory:fe9e0000-fea00000
>>
>>
>>
>>On Tuesday, August 19, 2014 7:58 AM, Luca Deri <[email protected]> wrote:
>>
>>
>>
>>Ivan
>>Can you please send the output of ethtool -S dnaX ?
>>
>>
>>Thanks Luca
>>
>>Sent from my iPhone (sorry for typos)
>>
>>On 19/ago/2014, at 07:11, Ivan Petrov <[email protected]> wrote:
>>
>>
>>Hi Luca,
>>>
>>>
>>>I've loaded indeed the driver via the script. Also don't get any errors.
>>>
>>>
>>>Regards,
>>>Hristo
>>>
>>>
>>>
>>>On Tuesday, August 19, 2014 6:50 AM, Luca Deri <[email protected]> wrote:
>>>
>>>
>>>
>>>Hi
>>>Did you load perhaps the driver with multiple queues? Please use the load
>>>script we provide in the src/ directory of each driver
>>>
>>>
>>>Regards Luca
>>>
>>>Sent from my iPhone (sorry for typos)
>>>
>>>On 18/ago/2014, at 13:44, Ivan Petrov <[email protected]> wrote:
>>>
>>>
>>>Hi,
>>>>
>>>>
>>>>I've a problem with my dna interface.
>>>>
>>>>
>>>>I've downloaded pf_ring from the svn and i've loaded the driver,
>>>>e1000e-2.5.4-DNA without any errors. But the only packets that tcpdump is
>>>>able to capture is arp request to my router...
>>>>
>>>>
>>>>Could you please advise?
>>>>
>>>>
>>>>Here is some info:
>>>>
>>>>
>>>>#uname -a
>>>>Linux 2.6.32-431.23.3.el6.i686 #1 SMP Thu Jul 31 14:37:53 UTC 2014 i686
>>>>i686 i386 GNU/Linux
>>>>Centos 6.5
>>>>
>>>>
>>>>#sudo ethtool --show-ntuple dna0
>>>>Cannot get RX rings: Operation not supported
>>>>rxclass: Cannot get RX class rule count: Operation not supported
>>>>RX classification rule retrieval failed
>>>>
>>>>
>>>>#ethtool -i dna0
>>>>driver: e1000e
>>>>version: 2.5.4-DNA
>>>>firmware-version: 1.1-1
>>>>bus-info: 0000:00:19.0
>>>>supports-statistics: yes
>>>>supports-test: yes
>>>>supports-eeprom-access: yes
>>>>supports-register-dump: yes
>>>>supports-priv-flags: no
>>>>
>>>>
>>>>#ethtool -g dna0
>>>>Ring parameters for dna0:
>>>>Pre-set maximums:
>>>>RX:4096
>>>>RX Mini:0
>>>>RX Jumbo:0
>>>>TX:4096
>>>>Current hardware settings:
>>>>RX:256
>>>>RX Mini:0
>>>>RX Jumbo:0
>>>>TX:256
>>>>
>>>>
>>>>Kind regards,
>>>>
>>>>
>>>>Ivan
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>_______________________________________________
>>>>Ntop-misc mailing list
>>>>[email protected]
>>>>http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>>
>>
>>
>>
>>
>
>
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
