Sorry, I recompiled the drivers from SVN version before your mail arrived.
The actual contents of the file:
# cat /proc/net/pf_ring/dev/eth4/info
Name: eth4
Index: 8
Address: AA:BB:CC:DD:EE:FF
Polling Mode: NAPI/ZC
Type: Ethernet
Family: Intel ixgbe 82599
Max # TX Queues: 1
# Used RX Queues: 1
Num RX Slots: 32768
Num TX Slots: 32768
With this drivers snort seems to work:
*# /usr/local/snort/bin/snort --daq-dir /usr/local/lib/daq/ --daq pfring_zc
--daq-var clusterid=99 -i zc:eth4 -v -e *
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
pfring_zc DAQ configured to passive.
Acquiring network traffic from "zc:eth4".
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.7.2 GRE (Build 177)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/contact#team
Copyright (C) 2014 Cisco and/or its affiliates. All rights
reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.6.2
Using PCRE version: 7.8 2008-09-05
Using ZLIB version: 1.2.3
Commencing packet processing (pid=22573)
Decoding Ethernet
WARNING: No preprocessors configured for policy 0.
WARNING: No preprocessors configured for policy 0.
04/28-10:37:02.000000 00:09:0F:09:00:02 -> 00:00:5E:00:01:42 type:0x800
len:0x4A
AAA.BBB.CCC.DDD:80 -> AAA.BBB.CCC.DDD:55931 TCP TTL:251 TOS:0x0 ID:2031
IpLen:20 DgmLen:60 DF
***AP*** Seq: 0x91DDA77B Ack: 0xFAFD033C Win: 0x127C TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
04/28-10:37:02.000000 2C:B6:93:04:AB:12 -> 00:09:0F:09:00:02 type:0x8100
len:0x5B6
AAA.BBB.CCC.DDD:443 -> AAA.BBB.CCC.DDD:22669 TCP TTL:59 TOS:0x0 ID:29426
IpLen:20 DgmLen:1444 DF
***A**** Seq: 0xFBAFBE46 Ack: 0xD3ADB543 Win: 0x3BC TcpLen: 32
TCP Options (3) => NOP NOP WARNING: No preprocessors configured for policy
0.
TS: 884172922 93799845
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
[ ... ]
The odd thing now is that the expected version of the firmware (3.22.3) and
what modinfo shows doesn't match:
*# modinfo ixgbe*
filename:
/lib/modules/2.6.32-504.12.2.el6.x86_64/kernel/drivers/net/ixgbe/ixgbe.ko
version: 3.19.1-k
license: GPL
description: Intel(R) 10 Gigabit PCI Express Network Driver
author: Intel Corporation, <[email protected]>
srcversion: CA015BAD4BF95C73BC55B9E
[ ... ]
vermagic: 2.6.32-504.12.2.el6.x86_64 SMP mod_unload modversions
parm: IntMode:Change Interrupt Mode (0=Legacy, 1=MSI, 2=MSI-X),
default 2 (array of int)
parm: FdirMode:Flow Director filtering modes (0=Off, 1=On)
default 1 (array of int)
parm: max_vfs:Maximum number of virtual functions to allocate per
physical function - default is zero and maximum value is 63. (Deprecated)
(uint)
parm: allow_unsupported_sfp:Allow unsupported and untested SFP+
modules on 82599-based adapters (uint)
parm: debug:Debug level (0=none,...,16=all) (int)
Also, a noob question: Now that I have the compiled from source drivers
instead of the rpm version, when a kernel update occurs, I'm going to need
to recompile the drivers again?
Thank you very much.
Regards,
On Tue, Apr 28, 2015 at 9:30 AM, Alfredo Cardigliano <[email protected]>
wrote:
> Can I see /proc/net/pf_ring/dev/eth4/info?
>
> Alfredo
>
> On 28 Apr 2015, at 08:43, Jose Vila <[email protected]> wrote:
>
> Yes Alfredo,
>
> The NIC drivers currently loaded are the ones downloaded from the NTOP
> repository.
>
> On Mon, Apr 27, 2015 at 5:48 PM, Alfredo Cardigliano <[email protected]
> > wrote:
>
>> Ho Jose
>> did you load our ZC drivers?
>>
>> Alfredo
>>
>>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
