when compiling the DAQ module Luca
On 21 Aug 2014, at 08:08, Ivan Petrov <[email protected]> wrote: > Should i add -lnuma when instlaling daq or pfring-daq-module? > > Ivan > > > On Thursday, August 21, 2014 12:14 AM, Luca Deri <[email protected]> wrote: > > > You need to add -lnuma to fix the problem > > Luca > > Sent from my iPhone (sorry for typos) > > On 20/ago/2014, at 15:37, Ivan Petrov <[email protected]> wrote: > >> I've verified and it is indeed in promisc mode. >> >> dna0 Link encap:Ethernet HWaddr 00:1E:4F:48:03:2A >> inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0 >> inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link >> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 >> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >> collisions:0 txqueuelen:1000 >> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >> Interrupt:21 Memory:fe9e0000-fea00000 >> >> So i think the problem is with the configuration of Snort/Daq. Have you seen >> this error: >> >> sudo /usr/sbin/snort --daq-dir=/usr/local/lib/daq --daq-list >> >> /usr/local/lib/daq/daq_pfring.so: dlopen: /usr/local/lib/libpfring.so: >> undefined symbol: numa_parse_nodestring >> Available DAQ modules: >> pcap(v3): readback live multi unpriv >> afpacket(v5): live inline multi unpriv >> ipfw(v3): live inline multi unpriv >> dump(v2): readback live inline multi unpriv >> >> For some reason libpfring is not in the daq list. >> >> >> On Wednesday, August 20, 2014 10:17 AM, Luca Deri <[email protected]> wrote: >> >> >> Ivan >> can you please check if during capture the interface is in promiscuous mode >> (you can check it with ifconfig). All the rest looks good to me. >> >> Cheers Luca >> >> On 19 Aug 2014, at 13:13, Ivan Petrov <[email protected]> wrote: >> >>> I've just noticed that there has been a change in rx's : >>> >>> sudo ethtool -S dna0 >>> NIC statistics: >>> rx_packets: 1120 >>> tx_packets: 0 >>> rx_bytes: 91790 >>> tx_bytes: 0 >>> rx_broadcast: 635 >>> tx_broadcast: 0 >>> rx_multicast: 485 >>> tx_multicast: 0 >>> rx_errors: 0 >>> tx_errors: 0 >>> tx_dropped: 0 >>> multicast: 485 >>> collisions: 0 >>> rx_length_errors: 0 >>> rx_over_errors: 0 >>> rx_crc_errors: 0 >>> rx_frame_errors: 0 >>> rx_no_buffer_count: 0 >>> rx_missed_errors: 0 >>> tx_aborted_errors: 0 >>> tx_carrier_errors: 0 >>> tx_fifo_errors: 0 >>> tx_heartbeat_errors: 0 >>> tx_window_errors: 0 >>> tx_abort_late_coll: 0 >>> tx_deferred_ok: 0 >>> tx_single_coll_ok: 0 >>> tx_multi_coll_ok: 0 >>> tx_timeout_count: 0 >>> tx_restart_queue: 0 >>> rx_long_length_errors: 0 >>> rx_short_length_errors: 0 >>> rx_align_errors: 0 >>> tx_tcp_seg_good: 0 >>> tx_tcp_seg_failed: 0 >>> rx_flow_control_xon: 0 >>> rx_flow_control_xoff: 0 >>> tx_flow_control_xon: 0 >>> tx_flow_control_xoff: 0 >>> rx_csum_offload_good: 0 >>> rx_csum_offload_errors: 0 >>> rx_header_split: 0 >>> alloc_rx_buff_failed: 0 >>> tx_smbus: 0 >>> rx_smbus: 0 >>> dropped_smbus: 0 >>> rx_dma_failed: 0 >>> tx_dma_failed: 0 >>> rx_hwtstamp_cleared: 0 >>> uncorr_ecc_errors: 0 >>> corr_ecc_errors: 0 >>> >>> >>> On Tuesday, August 19, 2014 12:47 PM, Ivan Petrov <[email protected]> >>> wrote: >>> >>> >>> Is the last line okay? >>> >>> ifconfig dna0 >>> dna0 Link encap:Ethernet HWaddr 00:1E:4F:48:03:2A >>> inet addr:192.168.0.106 Bcast:192.168.0.255 Mask:255.255.255.0 >>> inet6 addr: fe80::21e:4fff:fe48:32a/64 Scope:Link >>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 >>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0 >>> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 >>> collisions:0 txqueuelen:1000 >>> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) >>> Interrupt:21 Memory:fe9e0000-fea00000 >>> >>> >>> On Tuesday, August 19, 2014 7:58 AM, Luca Deri <[email protected]> wrote: >>> >>> >>> Ivan >>> Can you please send the output of ethtool -S dnaX ? >>> >>> Thanks Luca >>> >>> Sent from my iPhone (sorry for typos) >>> >>> On 19/ago/2014, at 07:11, Ivan Petrov <[email protected]> wrote: >>> >>>> Hi Luca, >>>> >>>> I've loaded indeed the driver via the script. Also don't get any errors. >>>> >>>> Regards, >>>> Hristo >>>> >>>> >>>> On Tuesday, August 19, 2014 6:50 AM, Luca Deri <[email protected]> wrote: >>>> >>>> >>>> Hi >>>> Did you load perhaps the driver with multiple queues? Please use the load >>>> script we provide in the src/ directory of each driver >>>> >>>> Regards Luca >>>> >>>> Sent from my iPhone (sorry for typos) >>>> >>>> On 18/ago/2014, at 13:44, Ivan Petrov <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> I've a problem with my dna interface. >>>>> >>>>> I've downloaded pf_ring from the svn and i've loaded the driver, >>>>> e1000e-2.5.4-DNA without any errors. But the only packets that tcpdump >>>>> is able to capture is arp request to my router... >>>>> >>>>> Could you please advise? >>>>> >>>>> Here is some info: >>>>> >>>>> #uname -a >>>>> Linux 2.6.32-431.23.3.el6.i686 #1 SMP Thu Jul 31 14:37:53 UTC 2014 i686 >>>>> i686 i386 GNU/Linux >>>>> Centos 6.5 >>>>> >>>>> #sudo ethtool --show-ntuple dna0 >>>>> Cannot get RX rings: Operation not supported >>>>> rxclass: Cannot get RX class rule count: Operation not supported >>>>> RX classification rule retrieval failed >>>>> >>>>> #ethtool -i dna0 >>>>> driver: e1000e >>>>> version: 2.5.4-DNA >>>>> firmware-version: 1.1-1 >>>>> bus-info: 0000:00:19.0 >>>>> supports-statistics: yes >>>>> supports-test: yes >>>>> supports-eeprom-access: yes >>>>> supports-register-dump: yes >>>>> supports-priv-flags: no >>>>> >>>>> #ethtool -g dna0 >>>>> Ring parameters for dna0: >>>>> Pre-set maximums: >>>>> RX: 4096 >>>>> RX Mini: 0 >>>>> RX Jumbo: 0 >>>>> TX: 4096 >>>>> Current hardware settings: >>>>> RX: 256 >>>>> RX Mini: 0 >>>>> RX Jumbo: 0 >>>>> TX: 256 >>>>> >>>>> Kind regards, >>>>> >>>>> Ivan >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> >>>> >>> >>> >>> >>> >> >> >> > >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
