Snort mailing list archives
Re: Seg fault with latest pf_ring git
From: Y M <snort () outlook com>
Date: Tue, 1 Nov 2016 19:35:52 +0000
Always happy to help, James. Odd that suricata works. Just a couple of notes which may not be related. I see that you did not compile the pf_ring driver (cd drivers/PF_RING_aware/intel/<igb|igbxe>/<version>/src && sudo make install). Since part of the error is "pfring_get_card_settings()", maybe this is related? A second note is that the "min_num_slots" while loading the pfring kernel module, "I believe", is no longer required, which is obviously not related to your issue. I guess Luca is already on top of it. YM ________________________________ From: James Lay <jlay () slave-tothe-box net> Sent: Tuesday, November 1, 2016 10:19:35 PM To: Y M Cc: Snort Subject: Re: [Snort-users] Seg fault with latest pf_ring git Thanks YM....you're willingness to help always impresses me :) As for pf_ring, this was just a git pull...which...is apparently like..uber fresh: commit aa5bf8f7d0662d411465895b8ee8fe8935084a6f Author: Luca Deri <deri () ntop org> Date: Tue Nov 1 10:53:58 2016 +0100 This is just a dev box, so I can wait until it's fixed...oddly, suricata tests fine: /opt/suricata/etc/suricata$] sudo suricata --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow -T -c /opt/suricata/etc/suricata/suricata.yaml 1/11/2016 -- 12:13:38 - <Info> - Running suricata under test mode 1/11/2016 -- 12:13:38 - <Notice> - This is Suricata version 3.1.3 RELEASE 1/11/2016 -- 12:13:47 - <Notice> - Configuration provided was successfully loaded. Exiting. pfring config steps: git clone https://github.com/ntop/PF_RING.git cd PF_RING/kernel make sudo make install cd ../userland/lib ./configure --prefix=/opt/pfring sudo make install cd ../libpcap ./configure --prefix=/opt/pfring sudo make install cd ../tcpdump ./configure --prefix=/opt/pfring sudo make install cd ../userland/snort/pfring-daq-module autoreconf -ivf ./configure --with-libpfring-includes=/opt/pfring/include --with-libpfring-libraries=/opt/pfring/lib make sudo cp .libs/daq_pfring.so /usr/local/lib/daq/ modprobe pf_ring enable_tx_capture=1 min_num_slots=32768 snort config line: ./configure --prefix=/opt/snort --enable-non-ether-decoders --enable-sourcefire --enable-shared-rep --enable-control-socket --enable-open-appid --with-libpcap-includes=/opt/pfring/include --with-libpcap-libraries=/opt/pfring/lib --with-libpfring-includes=/opt/pfring/include --with-libpfring-libraries=/opt/pfring/lib Thanks again. James On 2016-11-01 12:44, Y M wrote:
A long shot at this, but were all the pf_ring modules (driver, kernel, pfring libpcap, pfring daq) compiled and installed from the recent source? If you revert back to the stable version (apt/yum install), does it work? You can also try uninstalling then make clean and make distclean, and recompile again. YM ------------------------- FROM: James Lay <jlay () slave-tothe-box net> SENT: Tuesday, November 1, 2016 9:03:38 PM TO: Snort SUBJECT: [Snort-users] Seg fault with latest pf_ring git Topic says it. Config test run: sudo snort --daq-dir=/usr/local/lib/daq --daq pfring -T -c /opt/snort/etc/snort.conf backtrace: #0 0x00007ffff6b681a8 in pfring_get_card_settings () from /opt/pfring/lib/libpcap.so.1 #1 0x00007fffb626cf47 in pfring_daq_initialize (config=<optimized out>, ctxt_ptr=0xf109d0 <daq_hand>, errbuf=0x7fffffffe3c0 "", len=256) at daq_pfring.c:491 #2 0x0000000000464050 in DAQ_Config (cfg=0x7fffffffe4f0) at sfdaq.c:515 #3 0x0000000000464183 in DAQ_New (sc=0x16879f0, intf=0x557e05 "") at sfdaq.c:553 #4 0x000000000043ba5d in SnortMain (argc=7, argv=0x7fffffffe678) at snort.c:875 #5 0x000000000043b9b3 in main (argc=7, argv=0x7fffffffe678) at snort.c:836 sudo snort --daq-dir=/usr/local/lib/daq --daq-list Available DAQ modules: pfring(v1): live inline multi unpriv pcap(v3): readback live multi unpriv ipfw(v3): live inline multi unpriv dump(v3): readback live inline multi unpriv afpacket(v5): live inline multi unpriv Not sure of my next step. James ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git Y M (Nov 01)
- Re: Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git Y M (Nov 01)
- Re: Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git Y M (Nov 01)
- Re: Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git Michael Altizer (Nov 01)
- Re: Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git Michael Altizer (Nov 02)
- Re: Seg fault with latest pf_ring git James Lay (Nov 02)
- Re: Seg fault with latest pf_ring git James Lay (Nov 01)
- Re: Seg fault with latest pf_ring git Y M (Nov 01)