suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a

Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f

1 files changed, 149 insertions, 0 deletions

diff --git a/framework/src/suricata/doc/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt b/framework/src/suricata/doc/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt
new file mode 100644
index 00000000..18ea5d10
--- /dev/null
+++ b/framework/src/suricata/doc/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt
@@ -0,0 +1,149 @@
+Autogenerated on 2012-11-29
+from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6
+
+
+Installation with CUDA and PFRING on Scientific Linux 6
+
+For setup and install you need to be root:
+mkdir /root/src
+cd /root/src
+
+Pre installation requirements
+
+Install the following packages, to make sure you have everything needed for the
+installation:
+
+  yum install mpfr-2.4.1-6.el6.x86_64 cpp-4.4.4-13.el6.x86_64 ppl-0.10.2-
+  11.el6.x86_64 \
+  cloog-ppl-0.15.7-1.2.el6.x86_64 gcc-4.4.4-13.el6.x86_64 kernel-devel-2.6.32-
+  131.2.1.el6.x86_64 \
+  pcre-devel-7.8-3.1.el6.x86_64 libpcap-devel-1.0.0-
+  6.20091201git117cb5.el6.x86_64 \
+  yum-plugin-priorities-1.1.26-11.el6.noarch yum-conf-sl6x-1-1.noarch libyaml-
+  0.1.3-1.el6.rf.x86_64 \
+  libyaml-devel-0.1.3-1.el6.rf.x86_64 libnet-1.1.2.1-2.2.el6.rf.x86_64 flex-
+  2.5.35-8.el6.x86_64 \
+  bison-2.4.1-5.el6.x86_64 gcc-c++-4.4.4-13.el6.x86_64
+
+
+CUDA
+
+Download and install NVIDIA CUDA drivers:
+
+  wget http://us.download.nvidia.com/XFree86/Linux-x86_64/270.41.19/NVIDIA-
+  Linux-x86_64-270.41.19.run
+  chmod +x NVIDIA-Linux-x86_64-270.41.19.run
+  ./NVIDIA-Linux-x86_64-270.41.19.run
+
+You also need to download and install the CUDA toolkit for RHEL6 :
+
+  wget http://developer.download.nvidia.com/compute/cuda/4_0/toolkit/
+  cudatoolkit_4.0.17_linux_64_rhel6.0.run
+  chmod +x cudatoolkit_4.0.17_linux_64_rhel6.0.run
+  ./cudatoolkit_4.0.17_linux_64_rhel6.0.run
+
+Make sure the kernel modules are loaded:
+
+  /sbin/modprobe -r nouveau && /sbin/modprobe nvidia
+
+To ensure the proper NVIDIA CUDA modules get loaded on reboot, add the above
+line to your /etc/rc.local file.
+
+PF_RING
+
+Go to your download directory and get the latest PF_RING:
+
+     svn export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ pfring-svn-
+     latest
+
+Compile and install
+Next, enter the following commands for configuration and installation:
+
+     cd pfring-svn-latest/kernel
+     make && sudo make install
+     cd ../userland/lib
+     ./configure --prefix=/usr/local/pfring && make && sudo make install
+     cd ../libpcap-1.1.1-ring
+     ./configure --prefix=/usr/local/pfring && make && sudo make install
+     cd ../tcpdump-4.1.1
+     ./configure --prefix=/usr/local/pfring && make && sudo make install
+
+Load the pf_ring kernel module:
+
+  /sbin/modprobe pf_ring
+
+To ensure the pf_ring module gets loaded on reboot, add the above line to your
+/etc/rc.local file.
+
+Suricata
+
+Download and install Suricata:
+
+  wget http://www.openinfosecfoundation.org/download/suricata-1.1beta2.tar.gz
+
+And unpack it:
+
+  tar -xvzf suricata-1.1beta2.tar.gz
+
+Change to the unpacked directory:
+
+  cd suricata-1.1beta2
+
+Now compile and install Suricata with PF_RING and CUDA support:
+
+  ./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-
+  includes=/usr/local/cuda/include \
+  --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring --with-libpfring-
+  libraries=/usr/local/lib \
+  --with-libpfring-includes=/usr/local/include --with-libpcap-libraries=/usr/
+  local/lib --with-libpcap-includes=/usr/local/include
+  make
+  make install
+
+Continue with the Basic_Setup
+Next, you need to edit max-pending-packets in your /etc/suricata/suricata.yaml.
+If you don't have one, download a generic one to get started:
+
+  cd /etc/suricata
+  wget https://rules.emergingthreatspro.com/open-nogpl/suricata/suricata-
+  open.yaml
+
+Edit your suricata-open.yaml file accordingly.
+The number of packets allowed to be processed simultaneously can be whatever
+you want but it is recommended that it be 4000 or more.
+For example:
+
+  max-pending-packets: 12288
+
+Next make sure the following line is present in the multi pattern algorithm
+section:
+
+  mpm-algo: b2g_cuda
+
+
+Rules
+
+Read the information in Rule_Management_with_Oinkmaster
+Add rules to suricata:
+
+  cd /etc/suricata
+  wget https://rules.emergingthreatspro.com/open-nogpl/suricata/
+  emerging.rules.tar.gz
+  tar -xvzf emerging.rules.tar.gz
+
+Make sure your .yaml file includes the /etc/suricata/rules/emerging-*.rules
+files (they may need to be uncommented).
+Run Suricata as followed:
+
+  cd /etc/suricata
+  /usr/local/bin/suricata -c /etc/suricata/suricata.yaml\
+  --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow
+
+
+  touch /var/lock/subsys/local
+
+
+References
+
+PF_RING
+http://www.ntop.org/products/pf_ring/