Re: [Ntop-misc] PF_RING ZC and jnetpcap

[Katarina Valent]

Hi Alfredo

Thank you for your answer. This helped us to see traffice with tshark.
LD_PRELOAD didn't help us to see traffic with tshark, but after linking PF_RING 
libpcap with libpcap that tshark used (found with ldd command), tshark can see 
traffic using parameter -i eth1.
Same thing was then applied to jnetpcap and our application can now see traffic 
from interface.
After starting application we see this:
root@proxy:/proc/net/pf_ring# cat 4521-eth2.60
Bound Device(s)    : eth2
Active             : 1
Breed              : Non-DNA
Sampling Rate      : 1
Capture Direction  : RX+TX
Socket Mode        : RX+TX
Appl. Name         : <unknown>
IP Defragment      : No
BPF Filtering      : Enabled
# Sw Filt. Rules   : 0
# Hw Filt. Rules   : 0
Poll Pkt Watermark : 1
Num Poll Calls     : 1314
Channel Id Mask    : 0xFFFFFFFF
Cluster Id         : 0
Slot Version       : 16 [6.0.2]
Min Num Slots      : 4096
Bucket Len         : 7000
Slot Len           : 7040 [bucket+header]
Tot Memory         : 28848128
Tot Packets        : 7967545
Tot Pkt Lost       : 7526868
Tot Insert         : 440677
Tot Read           : 414206
Insert Offset      : 16289824
Remove Offset      : 16303784
TX: Send Ok        : 0
TX: Send Errors    : 0
Reflect: Fwd Ok    : 0
Reflect: Fwd Errors: 0
Num Free Slots     : 0

How can we be sure that PF_RING ZC is beeing used?

Best regards,
Katarina Valent

From: ntop-misc-boun...@listgateway.unipi.it 
[mailto:ntop-misc-boun...@listgateway.unipi.it] On Behalf Of Alfredo Cardigliano
Sent: Sunday, December 07, 2014 6:08 PM
To: ntop-misc@listgateway.unipi.it
Subject: Re: [Ntop-misc] PF_RING ZC and jnetpcap

Hi Katarina
if you have our libpcap installed under /usr/local for instance, you can force 
tshark to use it:

# export LD_PRELOAD="/usr/local/lib/libpcap.so"
# ldd /usr/bin/tshark | grep libpcap

In order to use ZC you have to prepend the prefic “zc:” to the interface name 
(tshark -i zc:eth1).

Alfredo

On 03 Dec 2014, at 16:02, Katarina Valent 
<katarina.val...@intendanet.hr<mailto:katarina.val...@intendanet.hr>> wrote:

Hi Alfredo

We are using PF_RING via jnetpcap that uses PF_RING aware libpcap. How to 
enable ZC when using PF_RING in this way?

Thank you,
Katarina

From: 
ntop-misc-boun...@listgateway.unipi.it<mailto:ntop-misc-boun...@listgateway.unipi.it>
 [mailto:ntop-misc-boun...@listgateway.unipi.it] On Behalf Of Katarina Valent
Sent: Tuesday, December 02, 2014 6:30 PM
To: ntop-misc@listgateway.unipi.it<mailto:ntop-misc@listgateway.unipi.it>
Subject: Re: [Ntop-misc] PF_RING ZC and jnetpcap

Hi Alfredo

thank you for your fast response.
Do you have any instructions how to link pf_ring aware libpcap? Seems that we 
are using it wrong.

Thank you,
Katarina

_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc