In this case you need to start from the sources, forgetting the packages. With the development toolkit you shoul be able to compile either pfring as module and the example apps (pfcount) and the userland library. Yuri
Sent from my iPhone Il giorno 24/mag/2013, alle ore 17:10, frwa onto <[email protected]> ha scritto: > Hi Yuri, > Ok we aware of other packet capture engines like libpcap and > winpcap(windows) etc. So what we read about pf_ring is its capability to > capture at wire speed. Thus we thought of using it to minimize packet > dropping for analysis. So now we need a simple sample with out any other > library just pf_ring to capture packets and the rest we can do our self like > pay load analysis etc. > > > On Fri, May 24, 2013 at 10:16 AM, Yuri Francalacci <[email protected]> wrote: >> a clean machine is a machine where you did not install anything except the >> base os. >> After this, the question is what is your goal? >> the pfring package gives all the stuff needed to create "pfring"ed binaries. >> So, if you want to compile a program with pfring you got all the tools, but >> if it is not your goal, the package is useless. >> >> >> >> On 2013-05-24 14:52, frwa onto wrote: >>> Dear Yuri, >>> My machine is Centos 6.4 a clean machine >>> and just installed via the .rpm package which is the right way to >>> install on Centos. So what is your idea being a clean machine what >>> could go wrong there? Thank you. >>> >>> On Fri, May 24, 2013 at 2:06 AM, Yuri Francalacci <[email protected] [21]> >>> wrote: >>> >>>> It is pretty explicit whats wrong in your command. >>>> >>>> >>>> pfcount.c:48:23: error: pcap/pcap.h: No such file or directory >>>> pfcount.c:49:22: error: pcap/bpf.h: No such file or directory >>>> >>>> Ive read a lot of mail with several error but PF_RING is used by a >>>> lot of people without all these troubles. >>>> Probably the environment you are using (your system configuration, >>>> the user you are using or something else) is not so clean, so what I >>>> suggest you is to start from scratch on a clean env, if you need to >>>> compile yourself PF_RING, download its sources and nothing else and >>>> follow the README files. >>>> Cheers, Yuri >>>> >>>> On 24/mag/2013, at 04:52, frwa onto <[email protected] [1]> wrote: >>>> >>>> > Hi Vito, >>>> > This round I have checked every - and still below >>>> is the results. Thank you for your help man. >>>> > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel >>>> -I../../kernel/plugins -I../lib -I../libpcap-1.1.1-ring -D >>>> HAVE_ZERO -D ENABLE_BPF -O2 -c pfcount.c -o pfcount1.o >>>> > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory >>>> > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory >>>> > In file included from pfcount.c:53: >>>> > /usr/local/include/pfring.h:438:25: error: pfring_zero.h: No such >>>> file or directory >>>> > pfcount.c: In function ‘parse_bpf_filter’: >>>> > pfcount.c:370: warning: implicit declaration of function >>>> ‘pcap_compile_nopcap’ >>>> > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in >>>> this function) >>>> > pfcount.c:371: error: (Each undeclared identifier is reported >>>> only once >>>> > pfcount.c:371: error: for each function it appears in.) >>>> > pfcount.c:380: error: invalid use of undefined type ‘struct >>>> bpf_program’ >>>> > pfcount.c: In function ‘dummyProcesssPacket’: >>>> > pfcount.c:398: warning: implicit declaration of function >>>> ‘bpf_filter’ >>>> > pfcount.c:398: error: invalid use of undefined type ‘struct >>>> bpf_program’ >>>> > >>>> > >>>> > >>>> > On Thu, May 23, 2013 at 3:31 AM, [email protected] [2] >>>> <[email protected] [3]> wrote: >>>> > On 05/23/2013 03:57 AM, frwa onto wrote: >>>> > > Hi Vito, >>>> > > I end up this problem now >>>> > > >>>> > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel >>>> -I../../kernel/plugins >>>> > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D ENABLE_BPF >>>> -O2 -c >>>> > > pfcount.c -o pfcount11.o >>>> > > gcc: I../libpcap-1.1.1-ring: No such file or directory >>>> > >>>> > again you missed the minus in front of this option: >>>> > "I../libpcap-1.1.1-ring" should be "-I../libpcap-1.1.1-ring" >>>> > >>>> > >>>> > regards >>>> > vito >>>> > >>>> > > pfcount.c:48:23: error: pcap/pcap.h: No such file or directory >>>> > > pfcount.c:49:22: error: pcap/bpf.h: No such file or directory >>>> > > In file included from pfcount.c:53: >>>> > > /usr/local/include/pfring.h:438:25: error: pfring_zero.h: No >>>> such file >>>> > > or directory >>>> > > pfcount.c: In function ‘parse_bpf_filter’: >>>> > > pfcount.c:370: warning: implicit declaration of function >>>> > > ‘pcap_compile_nopcap’ >>>> > > pfcount.c:371: error: ‘DLT_EN10MB’ undeclared (first use in >>>> this function) >>>> > > pfcount.c:371: error: (Each undeclared identifier is reported >>>> only once >>>> > > pfcount.c:371: error: for each function it appears in.) >>>> > > pfcount.c:380: error: invalid use of undefined type ‘struct >>>> bpf_program’ >>>> > > pfcount.c: In function ‘dummyProcesssPacket’: >>>> > > pfcount.c:398: warning: implicit declaration of function >>>> ‘bpf_filter’ >>>> > > pfcount.c:398: error: invalid use of undefined type ‘struct >>>> bpf_program’ >>>> > > >>>> > > >>>> > > On Wed, May 22, 2013 at 9:34 AM, [email protected] [4] >>>> > > <mailto:[email protected] [5]> <[email protected] [6] >>>> >>>> > > <mailto:[email protected] [7]>> wrote: >>>> > > >>>> > > Hello >>>> > > On 05/22/2013 09:50 AM, frwa onto wrote: >>>> > > > Hi Vito, >>>> > > > Let me first thank you a lot you have >>>> been helping me a lot >>>> > > > since these few days and appreciate it. >>>> > > >>>> > > np, youre welcome >>>> >>>> > > >>>> > > > 1. >>>> > > > Ok I was then compiling it the wrong way. Why it need >>>> to be so >>>> > > > complicated ? Isnt the libraries should be linked >>>> automatically. >>>> > > >>>> > > yes but you have to setup the write include/lib path >>>> because the pfring >>>> > > aware ones overlap the one that came with the OS... >>>> > > >>>> > > >So >>>> > > > what I did I tried the first command as below and I >>>> just chance the >>>> > > > output to pfcount11. Since this already giving error I >>>> could not >>>> > > run the >>>> > > > second command and still confuse why need these 2 >>>> command. Ok let me >>>> > > > tell you what I plan is to purely use pf_ring to >>>> capture packets >>>> > > at wire >>>> > > > speed as it suppose to do. So for that how should I >>>> work around >>>> > > with out >>>> > > > the legacy pcap ? >>>> > > > >>>> > > > gcc -O2 -DHAVE_PF_RING -Wall -I../../kernel >>>> -I../../kernel/plugins >>>> > > > -I../lib I../libpcap-1.1.1-ring -D HAVE_ZERO -D >>>> ENABLE_BPF -O2 -c >>>> > > > pfcount.c -o pfcount11.o >>>> > > >>>> > > >>>> > > missing the minus? >>>> > > >>>> > > I../libpcap-1.1.1-ring --> -I../libpcap-1.1.1-ring >>>> > > >>>> > > let me know if it helps >>>> > > >>>> > > ciao >>>> > > -v >>>> > > _______________________________________________ >>>> > > Ntop-misc mailing list >>>> > > [email protected] [8] >>>> <mailto:[email protected] [9]> >>>> > > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> [10] >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > _______________________________________________ >>>> > > Ntop-misc mailing list >>>> > > [email protected] [11] >>>> > > http://listgateway.unipi.it/mailman/listinfo/ntop-misc [12] >>>> > > >>>> > >>>> > _______________________________________________ >>>> > Ntop-misc mailing list >>>> > [email protected] [13] >>>> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc [14] >>>> > >>>> > _______________________________________________ >>>> > Ntop-misc mailing list >>>> > [email protected] [15] >>>> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc [16] >>>> >>>> ############################################### >>>> Yuri Francalacci - [email protected] [17] - >>>> http://www.ntop.org [18] >>>> >>>> "Simplicity is the ultimate sophistication" - Leonardo da Vinci >>>> ############################################### >>>> >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] [19] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc [20] >>> >>> >>> >>> Links: >>> ------ >>> [1] mailto:[email protected] >>> [2] mailto:[email protected] >>> [3] mailto:[email protected] >>> [4] mailto:[email protected] >>> [5] mailto:[email protected] >>> [6] mailto:[email protected] >>> [7] mailto:[email protected] >>> [8] mailto:[email protected] >>> [9] mailto:[email protected] >>> [10] http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> [11] mailto:[email protected] >>> [12] http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> [13] mailto:[email protected] >>> [14] http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> [15] mailto:[email protected] >>> [16] http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> [17] mailto:[email protected] >>> [18] http://www.ntop.org >>> [19] mailto:[email protected] >>> [20] http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> [21] mailto:[email protected] >> >> -- >> Yuri Francalacci >> [email protected] >> "It seems that perfection is reached not when there is nothing left to add, >> but when there is nothing left to take away" >> Antoine de Saint Exupéry >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
