Hi Mark, the problem you reported should have been fixed in the current PF_RING that is in git: please update.
We have sent to OISF people various patches some of which have been included in their repository and others are pending since months (e.g. we have implemented IPS mode over PF_RING, https://github.com/inliniac/suricata/pull/1587). Unfortunately like you have seen those guys are unresponsive sometime, so all we can do is on the PF_RING side Regards Luca > On 15 Jan 2016, at 08:54, Mark Stingley <mark.sting...@gmail.com> wrote: > > I posted this to the OISF list, but thought I would check here to see > if anyone has solved this already. > > To me, the below looks like Suricata is looking for old style DNA and > not the new PF_RING ZC way of doing things. > > Opinions? > > Thanks. > > --------------------------------- > > I just tried this on the latest git of pf_ring and Suricata 2.0.11, > but had the same problem with Suricata 2.0.8 and pf_ring 6.0.3. Error > output and configuration data below. > > Has anyone gotten Suricata to compile and work with pf_ring ZC? > > Please advise. > > Thanks. > > --------------------------------- > > gcc -DHAVE_CONFIG_H -I. -I.. -I./../libhtp/ > -I/usr/local/pfring/include -I/usr/include/nspr -I/usr/include/nss > -I/usr/include/nspr -I/usr/include/luajit-2.0 > -DLOCAL_STATE_DIR=\"/var\" -g -O2 -Wextra > -Werror-implicit-function-declaration -fno-tree-pre -Wall > -Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11 > -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H > -DHAVE_LIBNET_ICMPV6_UNREACH -DHAVE_PFRING -I/usr/local/include > -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT > runmode-erf-dag.o -MD -MP -MF .deps/runmode-erf-dag.Tpo -c -o > runmode-erf-dag.o runmode-erf-dag.c > In file included from source-pfring.h:31:0, > from runmode-erf-dag.c:25: > /usr/local/pfring/include/pfring.h:90:0: warning: "likely" redefined > #define likely(x) __builtin_expect((x),1) > ^ > In file included from flow.h:31:0, > from detect.h:29, > from detect-engine-alert.h:29, > from suricata-common.h:321, > from runmode-erf-dag.c:18: > util-optimize.h:32:0: note: this is the location of the previous definition > #define likely(expr) __builtin_expect(!!(expr), 1) > ^ > In file included from source-pfring.h:31:0, > from runmode-erf-dag.c:25: > /usr/local/pfring/include/pfring.h:91:0: warning: "unlikely" redefined > #define unlikely(x) __builtin_expect((x),0) > ^ > In file included from flow.h:31:0, > from detect.h:29, > from detect-engine-alert.h:29, > from suricata-common.h:321, > from runmode-erf-dag.c:18: > util-optimize.h:35:0: note: this is the location of the previous definition > #define unlikely(expr) __builtin_expect(!!(expr), 0) > ^ > In file included from source-pfring.h:31:0, > from runmode-erf-dag.c:25: > /usr/local/pfring/include/pfring.h:184:5: error: unknown type name > ‘dna_device’ > dna_device dna_dev; > ^ > /usr/local/pfring/include/pfring.h:185:5: error: unknown type name > ‘dna_indexes’ > dna_indexes *indexes_ptr; > ^ > /usr/local/pfring/include/pfring.h:188:5: error: unknown type name > ‘dna_device_operation’ > dna_device_operation last_dna_operation; > ^ > Makefile:1379: recipe for target 'runmode-erf-dag.o' failed > make[3]: *** [runmode-erf-dag.o] Error 1 > make[3]: Leaving directory '/usr/local/src/suricata-2.0.11/src' > Makefile:925: recipe for target 'all' failed > make[2]: *** [all] Error 2 > make[2]: Leaving directory '/usr/local/src/suricata-2.0.11/src' > Makefile:446: recipe for target 'all-recursive' failed > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory '/usr/local/src/suricata-2.0.11' > Makefile:375: recipe for target 'all' failed > make: *** [all] Error 2 > > > CONFIGURE OUTPUT--------------------------------------- > suricata-2.0.11# LIBS="-lrt -lnuma" ./configure --prefix=/usr > --sysconfdir=/etc --localstatedir=/var --enable-luajit --enable-pfring > --with-libpfring-includes=/usr/local/pfring/include > --with-libpfring-libraries=/usr/local/pfring/lib > > Suricata Configuration: > AF_PACKET support: yes > PF_RING support: yes > NFQueue support: no > NFLOG support: no > IPFW support: no > DAG enabled: no > Napatech enabled: no > Unix socket enabled: yes > Detection enabled: yes > > libnss support: yes > libnspr support: yes > libjansson support: yes > Prelude support: no > PCRE jit: yes > LUA support: yes > libluajit: yes > libgeoip: no > Non-bundled htp: no > Old barnyard2 support: no > CUDA enabled: no > > Suricatasc install: yes > > Unit tests enabled: no > Debug output enabled: no > Debug validation enabled: no > Profiling enabled: no > Profiling locks enabled: no > Coccinelle / spatch: yes > > Generic build parameters: > Installation prefix (--prefix): /usr > Configuration directory (--sysconfdir): /etc/suricata/ > Log directory (--localstatedir) : /var/log/suricata/ > > Host: x86_64-unknown-linux-gnu > GCC binary: gcc > GCC Protect enabled: no > GCC march native enabled: yes > GCC Profile enabled: no > _______________________________________________ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
