Will update.
Thank you for making up for the OISF lag.
Take care.
On Sat, Jan 16, 2016 at 8:24 AM, Luca Deri wrote:
> Hi Mark,
> the problem you reported should have been fixed in the current PF_RING that
> is in git: please update.
>
> We have sent to OISF people various patches some of which have been included
> in their repository and others are pending since months (e.g. we have
> implemented IPS mode over PF_RING,
> https://github.com/inliniac/suricata/pull/1587). Unfortunately like you have
> seen those guys are unresponsive sometime, so all we can do is on the PF_RING
> side
>
> Regards Luca
>
>> On 15 Jan 2016, at 08:54, Mark Stingley wrote:
>>
>> I posted this to the OISF list, but thought I would check here to see
>> if anyone has solved this already.
>>
>> To me, the below looks like Suricata is looking for old style DNA and
>> not the new PF_RING ZC way of doing things.
>>
>> Opinions?
>>
>> Thanks.
>>
>> -
>>
>> I just tried this on the latest git of pf_ring and Suricata 2.0.11,
>> but had the same problem with Suricata 2.0.8 and pf_ring 6.0.3. Error
>> output and configuration data below.
>>
>> Has anyone gotten Suricata to compile and work with pf_ring ZC?
>>
>> Please advise.
>>
>> Thanks.
>>
>> -
>>
>> gcc -DHAVE_CONFIG_H -I. -I.. -I./../libhtp/
>> -I/usr/local/pfring/include -I/usr/include/nspr -I/usr/include/nss
>> -I/usr/include/nspr -I/usr/include/luajit-2.0
>> -DLOCAL_STATE_DIR=\"/var\" -g -O2 -Wextra
>> -Werror-implicit-function-declaration -fno-tree-pre -Wall
>> -Wno-unused-parameter -std=gnu99 -march=native -DHAVE_LIBNET11
>> -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAVE_NET_ETHERNET_H
>> -DHAVE_LIBNET_ICMPV6_UNREACH -DHAVE_PFRING -I/usr/local/include
>> -DLIBPCAP_VERSION_MAJOR=1 -DHAVE_PCAP_SET_BUFF -DHAVE_LIBCAP_NG -MT
>> runmode-erf-dag.o -MD -MP -MF .deps/runmode-erf-dag.Tpo -c -o
>> runmode-erf-dag.o runmode-erf-dag.c
>> In file included from source-pfring.h:31:0,
>> from runmode-erf-dag.c:25:
>> /usr/local/pfring/include/pfring.h:90:0: warning: "likely" redefined
>> #define likely(x) __builtin_expect((x),1)
>> ^
>> In file included from flow.h:31:0,
>> from detect.h:29,
>> from detect-engine-alert.h:29,
>> from suricata-common.h:321,
>> from runmode-erf-dag.c:18:
>> util-optimize.h:32:0: note: this is the location of the previous definition
>> #define likely(expr) __builtin_expect(!!(expr), 1)
>> ^
>> In file included from source-pfring.h:31:0,
>> from runmode-erf-dag.c:25:
>> /usr/local/pfring/include/pfring.h:91:0: warning: "unlikely" redefined
>> #define unlikely(x) __builtin_expect((x),0)
>> ^
>> In file included from flow.h:31:0,
>> from detect.h:29,
>> from detect-engine-alert.h:29,
>> from suricata-common.h:321,
>> from runmode-erf-dag.c:18:
>> util-optimize.h:35:0: note: this is the location of the previous definition
>> #define unlikely(expr) __builtin_expect(!!(expr), 0)
>> ^
>> In file included from source-pfring.h:31:0,
>> from runmode-erf-dag.c:25:
>> /usr/local/pfring/include/pfring.h:184:5: error: unknown type name
>> ‘dna_device’
>> dna_device dna_dev;
>> ^
>> /usr/local/pfring/include/pfring.h:185:5: error: unknown type name
>> ‘dna_indexes’
>> dna_indexes *indexes_ptr;
>> ^
>> /usr/local/pfring/include/pfring.h:188:5: error: unknown type name
>> ‘dna_device_operation’
>> dna_device_operation last_dna_operation;
>> ^
>> Makefile:1379: recipe for target 'runmode-erf-dag.o' failed
>> make[3]: *** [runmode-erf-dag.o] Error 1
>> make[3]: Leaving directory '/usr/local/src/suricata-2.0.11/src'
>> Makefile:925: recipe for target 'all' failed
>> make[2]: *** [all] Error 2
>> make[2]: Leaving directory '/usr/local/src/suricata-2.0.11/src'
>> Makefile:446: recipe for target 'all-recursive' failed
>> make[1]: *** [all-recursive] Error 1
>> make[1]: Leaving directory '/usr/local/src/suricata-2.0.11'
>> Makefile:375: recipe for target 'all' failed
>> make: *** [all] Error 2
>>
>>
>> CONFIGURE OUTPUT---
>> suricata-2.0.11# LIBS="-lrt -lnuma" ./configure --prefix=/usr
>> --sysconfdir=/etc --localstatedir=/var --enable-luajit --enable-pfring
>> --with-libpfring-includes=/usr/local/pfring/include
>> --with-libpfring-libraries=/usr/local/pfring/lib
>>
>> Suricata Configuration:
>> AF_PACKET support: yes
>> PF_RING support: yes
>> NFQueue support: no
>> NFLOG support: no
>> IPFW support:no
>> DAG enabled: no
>> Napatech enabled:no
>> Unix socket enabled: yes
>> Detection enabled: yes
>>