Did you validate that Bro uses the correct lib (see step 5: ldd /usr/local/bro/bin/bro | grep pcap) and did you configure Bro to use PF_RING (lb_method, lb_procs)?
Regards, Jan ________________________________ From: [email protected] [[email protected]] on behalf of Neel Shah [[email protected]] Sent: Thursday, June 18, 2015 16:43 To: [email protected] Subject: Re: [Ntop] PF_RING causes kernel panic I'm not too familiar with what you're asking. The only configuration with Bro that I did was in the bro/etc/network.cfg and bro/etc/node.cfg. I made sure that Bro was working with the proper interface, in my case it is enp10s0f0, and made sure that the subnet that it worked with was proper too, 192.168.1.0/24<http://192.168.1.0/24>. I'm not using zero-copy or dna. And if I run multiple queues on the NIC with the example programs, there's no problem at all! Thank you, Neel On Thu, Jun 18, 2015 at 10:34 AM, Jan Grashofer <[email protected]<mailto:[email protected]>> wrote: How did you configure Bro and the NIC driver? I experienced a kernel oops with a driver config using multiple queues on the NIC together with zero copy. Regards, Jan ________________________________ From: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] on behalf of Neel Shah [[email protected]<mailto:[email protected]>] Sent: Thursday, June 18, 2015 16:24 To: [email protected]<mailto:[email protected]> Subject: [Ntop] PF_RING causes kernel panic Hey, I am having some issues getting PF_RING to work with Bro 2.4. PF_RING version: 6.1.1 OS: CentOS 7 Kernel: 3.10.0-229.4.2.el7.x86_64 Bro: 2.4 12Gb RAM 4 core Intel Xeon 5110 1.6Ghz Dell Poweredge 2950 Intel e1000e NIC To install, I got the dependencies via yum and then in the PF_RING directory, I ran these commands: 1. cd kernel 2. ./configure 3. sudo make -f Makefile.dkms rpm 4. cd ../userland 5. cd lib 6. ./configure --prefix=/opt/pfring 7. make && sudo make install 8. ../libpcap 9. ./configure --prefix=/opt/pfring 10. make && sudo make install 11. cd ../tcpdump-4.1.1 12. ./configure --prefix=/opt/pfring 13. make && sudo make install 14. sudo vim /etc/ld.so.conf.d/pfring.conf * add the line /opt/pfring/lib 15. sudo ldconfig 16. sudo modprobe pf_ring enable_tx_capture=0 min_num_slots=32768 After that, if I try to run tcpdump, I get a null pointer dereference in the kernel, then it kernel panics and crashes immediately. I even tried installing Bro with the steps on the Bro site (https://www.bro.org/documentation/load-balancing.html) After installing Bro, I get a kernel panic if I start it. If I run the example software included with PF_RING such as pfcount/pfsend/etc.. I get no errors. As soon as I run an application that depends on the libpcap (1.1.1 or 1.6.2), I immediately get a kernel panic. I also tried to install the e1000e driver provided in the PF_RING source as well with no luck. I don't really know what else to try! If someone has experience or wants to help me debug, I would really really appreciate that! Thanks in advance! -- Neel Shah _______________________________________________ Ntop mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop -- Neel Shah B.S. in Computer Science and Minor in Systems Engineering The George Washington University Class of 2017 [email protected]<mailto:[email protected]> _____________________________________________ Here is a link to my public key<http://www.shah7.com/pgp.txt>
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
