suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a

Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f

1 files changed, 280 insertions, 0 deletions

diff --git a/framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt b/framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt
new file mode 100644
index 00000000..1d1cd220
--- /dev/null
+++ b/framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt
@@ -0,0 +1,280 @@
+Autogenerated on 2012-01-11
+from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104
+
+
+Installation with CUDA and PF RING on Ubuntu server 11.04
+
+THIS WOULD NOT WORK ON A VIRTUAL MACHINE!
+This guide is written using:
+Ubuntu Server 11.04
+Linux ubuntu 2.6.38-8-generic x86_64 GNU/Linux
+
+Pre installation requirements
+
+
+  apt-get update
+  apt-get upgrade
+
+To get the CUDA toolkit, enter:
+
+  http://developer.nvidia.com/cuda-toolkit-40
+
+Pick up the correct NVIDIA drivers for your card and system
+
+  http://www.nvidia.com/Download/index.aspx?lang=en-us
+
+Go to your download directory
+chmod the 2 *.run files that you just downloaded.
+For example:
+
+  chmod 655 cudatoolkit_4.0.17_linux_64_ubuntu10.10.run
+  chmod 655 NVIDIA-Linux-x86_64-280.13.run
+
+
+  sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
+  build-essential autoconf automake libtool libpcap-dev libnet1-dev \
+  libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
+  make flex bison git
+
+Run the cuda toolkit installation package:
+
+  sudo ./cudatoolkit_4.0.17_linux_64_ubuntu10.10.run
+
+Close all windows and as you are logged in press:
+
+  Ctr+Alt+F1
+
+Log in with your credentials
+
+  sudo -i
+
+And enter your password
+Stop the x server:
+
+  /etc/init.d/gdm stop
+
+Uninstall xserver video drivers:
+
+  apt-get remove --purge xserver-xorg-video-nouveau
+
+Go to the directory where you downloaded nvidia/cuda drivers.
+Run the NVIDIA*******.run:
+
+  ./NVIDIA********.run
+
+Ok and yes your way out.
+At some point it will ask you to make a special configuration file to disable a
+"nouveau"
+driver that the system is currently using - say yes!
+Reboot:
+
+  shutdown -r now
+
+After reboot log in as you would normally do through the GUI
+Log in as you would normally.
+Go to shell:
+
+  Ctrl+Alt+F1
+
+Type in your credentials and pass
+
+  sudo -i
+
+Stop the xserver again:
+
+  /etc/init.d/gdm stop
+
+Run the NVIDIA driver again.
+This time it would finish and be successful....
+Reboot:
+
+  shutdown -r now
+
+After start you would notice that the display has much better resolution - it
+is a good thing.
+Log in as you would normally.
+Because the 11.04 Ubuntu comes with gcc version 4.5 by default, you need to
+install gcc 4.4 since you must use 4.4 for the cuda compilation:
+
+  apt-get install gcc-4.4 gcc-4.4-base g++-4.4
+
+Then we switch and make ubuntu use the gcc 4.4 by default:
+
+  sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.5 40 --
+  slave /usr/bin/g++ g++ /usr/bin/g++-4.5
+  sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.4 60 --
+  slave /usr/bin/g++ g++ /usr/bin/g++-4.4
+
+Make sure that this is the case:
+
+  sudo update-alternatives --config gcc
+
+""
+
+  update-alternatives --config gcc (as root)
+
+There are 2 choices for the alternative gcc (providing /usr/bin/gcc).
+
+
+    Selection    Path              Priority   Status
+  ------------------------------------------------------------
+  * 0            /usr/bin/gcc-4.4   60        auto mode
+    1            /usr/bin/gcc-4.4   60        manual mode
+    2            /usr/bin/gcc-4.5   40        manual mode
+
+  Press enter to keep the current choice[*], or type selection number  (as
+  root)
+  ""
+
+
+PF_RING installation.
+
+Install pre-requisites:
+
+  cd /opt
+  apt-get install subversion gobjc++-4.4-multilib gobjc++-4.4
+
+Get the latest PF_RING:
+
+  svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING
+
+Install PF_RING:
+
+  cd /kernel
+  make && make install
+  sudo insmod ./pf_ring.ko
+  cd ../userland
+  make && make install
+  cd /lib
+  ./configure && make && make install
+  cd ../libpcap
+  ./configure && make && make install
+  cd ../examples
+  echo "options pf_ring transparent_mode=0 min_num_slots=32768
+  enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf
+
+Check info:
+
+  cat /proc/net/pf_ring/info
+  ""
+  cd ../kernel
+  cat /proc/net/pf_ring/info
+  PF_RING Version     : 4.7.3 ($Revision: exported$)
+  Ring slots          : 4096
+  Slot version        : 13
+  Capture TX          : Yes [RX+TX]
+  IP Defragment       : No
+  Socket Mode         : Standard
+  Transparent mode    : Yes (mode 0)
+  Total rings         : 0
+  Total plugins       : 0
+
+  ""
+
+Check functionality:
+
+  ./pfcount -i eth0
+
+You should see something even if you have no traffic at the moment:
+""
+cd /opt/PF_RING/userland/examples
+./pfcount -i eth0
+Using PF_RING v.4.7.3
+Capturing from eth0 [88:AE:1D:56:90:FA]
+
+  1. Device RX channels: 1
+  2. Polling threads: 1 =========================
+     Absolute Stats: [0 pkts rcvd][0 pkts dropped]
+     Total Pkts=0/Dropped=0.0 %
+     0 pkts - 0 bytes =========================
+
+=========================
+Absolute Stats: [0 pkts rcvd][0 pkts dropped]
+Total Pkts=0/Dropped=0.0 %
+0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] =========================
+Actual Stats: 0 pkts [1'000.32 ms][0.00 pkt/sec] =========================
+^CLeaving... =========================
+Absolute Stats: [0 pkts rcvd][0 pkts dropped]
+Total Pkts=0/Dropped=0.0 %
+0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] =========================
+Actual Stats: 0 pkts [629.37 ms][0.00 pkt/sec] =========================
+
+  cd /opt/PF_RING/userland/examples
+
+""
+
+Suricata
+
+Go to directory of your choice and get Suricata:
+
+  git clone git://phalanx.openinfosecfoundation.org/oisf.git
+  cd oisf/
+
+Configure:
+
+  ./autogen.sh
+  ./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-
+  includes=/usr/local/cuda/include \
+  --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring
+
+You should get at the end:
+""
+
+  Suricata Configuration:
+    NFQueue support:          no
+    IPFW support:             no
+    PF_RING support:          yes
+    Prelude support:          no
+    Unit tests enabled:       no
+    Debug output enabled:     no
+    Debug validation enabled: no
+    CUDA enabled:             yes
+    DAG enabled:              no
+    Profiling enabled:        yes
+    GCC Protect enabled:      yes
+    GCC march native enabled: yes
+    GCC Profile enabled:      no
+    Unified native time:      no
+    Non-bundled htp:          no
+    PCRE sljit:               no
+
+
+""
+Install:
+
+  make && make install
+  ldconfig
+
+Verify:
+
+  suricata --build-info
+
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:622) <Info> (main) -- This is
+  Suricata version 1.1beta2 (rev b3f7e6a)
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:507) <Info> (SCPrintBuildInfo) -
+  - Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 CUDA PF_RING LIBCAP_NG
+  LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:521) <Info> (SCPrintBuildInfo) -
+  - 64-bits, Little-endian architecture
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:523) <Info> (SCPrintBuildInfo) -
+  - GCC version 4.4.5, C version 199901
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:529) <Info> (SCPrintBuildInfo) -
+  - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:532) <Info> (SCPrintBuildInfo) -
+  - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:535) <Info> (SCPrintBuildInfo) -
+  - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:538) <Info> (SCPrintBuildInfo) -
+  - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:541) <Info> (SCPrintBuildInfo) -
+  - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:545) <Info> (SCPrintBuildInfo) -
+  - compiled with -fstack-protector
+  [1840] 13/8/2011 -- 14:26:39 - (suricata.c:551) <Info> (SCPrintBuildInfo) -
+  - compiled with _FORTIFY_SOURCE=2
+
+Run Suricata:
+
+  suricata -c /etc/suricata/suricata.yaml\
+  --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow
+