vineyard at tuffmail
Jul 24, 2012, 6:18 AM
Post #5 of 8
(756 views)
Permalink
|
|
Re: PF_RING DAQ with Snort 2.9.3 compile errors
[In reply to]
|
|
Great! I was not aware of this sourceforge mirror of their older releases.
I didn't have any immediate need for anything in 2.9.3 specifically,
just a working Snort / PF_RING setup. I think this should give me enough
to work with in the time being.
Thank you very much, I will do my testing with this version until 2.9.3
is fully supported in PF_RING.
Kind regards,
Robert
On 07/24/2012 09:13 AM, Alfredo Cardigliano wrote:
> Robert
> have a look here: http://sourceforge.net/projects/snort.mirror/files/Snort%202.9.2.3/
>
> Alfredo
>
> On Jul 24, 2012, at 2:56 PM, Robert Vineyard wrote:
>
>> Excellent!
>>
>> Thank you very much for the quick response. In the meantime, do you know anywhere to download the most recent release of Snort that supported by the current version of PF_RING?
>>
>> It seems that Sourcefire only offers links to download the latest version (2.9.3)...
>>
>> Thanks,
>> Robert
>>
>>
>> On 07/24/2012 03:10 AM, Alfredo Cardigliano wrote:
>>> Hi Robert
>>> we will update the PF_RING-DAQ module for supporting latest DAQ as soon as possible.
>>>
>>> Best Regards
>>> Alfredo
>>>
>>> On Jul 23, 2012, at 6:28 AM, Robert Vineyard wrote:
>>>
>>>> Hello,
>>>>
>>>> I am trying to build the current PF_RING DAQ module from SVN trunk, and after fixing a typo in the configure.ac file (it was searching for libpcap.a and libpfring.a in hard-coded locations instead of honoring the paths passed in to ./configure), I am encountering errors when compiling against the DAQ 1.1.1 library that ships with Snort 2.9.3.
>>>>
>>>> The relevant messages from gcc are as follows:
>>>>
>>>> daq_pfring.c: In function 'pfring_daq_acquire':
>>>> daq_pfring.c:577:10: error: 'DAQ_PktHdr_t' has no member named 'device_index'
>>>> daq_pfring.c: In function 'pfring_daq_inject':
>>>> daq_pfring.c:669:39: error: 'DAQ_PktHdr_t' has no member named 'device_index'
>>>>
>>>> Looking at the daq_common.h header file from the DAQ 1.1.1 distribution, it appears that the "device_index" field has been split out into "ingress_index" and "egress_index":
>>>>
>>>> typedef struct _daq_pkthdr
>>>> {
>>>> struct timeval ts; /* Timestamp */
>>>> uint32_t caplen; /* Length of the portion present */
>>>> uint32_t pktlen; /* Length of this packet (off wire) */
>>>> int32_t ingress_index; /* Index of the inbound interface. */
>>>> int32_t egress_index; /* Index of the outbound interface. */
>>>> int32_t ingress_group; /* Index of the inbound group. */
>>>> int32_t egress_group; /* Index of the outbound group. */
>>>> uint32_t flags; /* Flags for the packet (DAQ_PKT_FLAG_*) */
>>>> uint32_t opaque; /* Opaque context value from the DAQ module or underlying hardware.
>>>> Directly related to the opaque value in FlowStats. */
>>>> void *priv_ptr; /* Private data pointer */
>>>> } DAQ_PktHdr_t;
>>>>
>>>>
>>>> Before I go too deep down this rabbit-hole, are there any planned fixes or workarounds for this issue?
>>>>
>>>> Thanks,
>>>> Robert Vineyard
>>>> _______________________________________________
>>>> Ntop-misc mailing list
>>>> Ntop-misc [at] listgateway
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>>> _______________________________________________
>>> Ntop-misc mailing list
>>> Ntop-misc [at] listgateway
>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>>>
>
_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
|
