From 8879b125d26e8db1a5633de5a9c692eb2d1c4f83 Mon Sep 17 00:00:00 2001 From: Ashlee Young Date: Wed, 9 Sep 2015 22:21:41 -0700 Subject: suricata checkin based on commit id a4bce14770beee46a537eda3c3f6e8e8565d5d0a Change-Id: I9a214fa0ee95e58fc640e50bd604dac7f42db48f --- ...with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt | 280 +++++++++++++++++++++ 1 file changed, 280 insertions(+) create mode 100644 framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt (limited to 'framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt') diff --git a/framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt b/framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt new file mode 100644 index 00000000..1d1cd220 --- /dev/null +++ b/framework/src/suricata/doc/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt @@ -0,0 +1,280 @@ +Autogenerated on 2012-01-11 +from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104 + + +Installation with CUDA and PF RING on Ubuntu server 11.04 + +THIS WOULD NOT WORK ON A VIRTUAL MACHINE! +This guide is written using: +Ubuntu Server 11.04 +Linux ubuntu 2.6.38-8-generic x86_64 GNU/Linux + +Pre installation requirements + + + apt-get update + apt-get upgrade + +To get the CUDA toolkit, enter: + + http://developer.nvidia.com/cuda-toolkit-40 + +Pick up the correct NVIDIA drivers for your card and system + + http://www.nvidia.com/Download/index.aspx?lang=en-us + +Go to your download directory +chmod the 2 *.run files that you just downloaded. +For example: + + chmod 655 cudatoolkit_4.0.17_linux_64_ubuntu10.10.run + chmod 655 NVIDIA-Linux-x86_64-280.13.run + + + sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \ + build-essential autoconf automake libtool libpcap-dev libnet1-dev \ + libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \ + make flex bison git + +Run the cuda toolkit installation package: + + sudo ./cudatoolkit_4.0.17_linux_64_ubuntu10.10.run + +Close all windows and as you are logged in press: + + Ctr+Alt+F1 + +Log in with your credentials + + sudo -i + +And enter your password +Stop the x server: + + /etc/init.d/gdm stop + +Uninstall xserver video drivers: + + apt-get remove --purge xserver-xorg-video-nouveau + +Go to the directory where you downloaded nvidia/cuda drivers. +Run the NVIDIA*******.run: + + ./NVIDIA********.run + +Ok and yes your way out. +At some point it will ask you to make a special configuration file to disable a +"nouveau" +driver that the system is currently using - say yes! +Reboot: + + shutdown -r now + +After reboot log in as you would normally do through the GUI +Log in as you would normally. +Go to shell: + + Ctrl+Alt+F1 + +Type in your credentials and pass + + sudo -i + +Stop the xserver again: + + /etc/init.d/gdm stop + +Run the NVIDIA driver again. +This time it would finish and be successful.... +Reboot: + + shutdown -r now + +After start you would notice that the display has much better resolution - it +is a good thing. +Log in as you would normally. +Because the 11.04 Ubuntu comes with gcc version 4.5 by default, you need to +install gcc 4.4 since you must use 4.4 for the cuda compilation: + + apt-get install gcc-4.4 gcc-4.4-base g++-4.4 + +Then we switch and make ubuntu use the gcc 4.4 by default: + + sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.5 40 -- + slave /usr/bin/g++ g++ /usr/bin/g++-4.5 + sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.4 60 -- + slave /usr/bin/g++ g++ /usr/bin/g++-4.4 + +Make sure that this is the case: + + sudo update-alternatives --config gcc + +"" + + update-alternatives --config gcc (as root) + +There are 2 choices for the alternative gcc (providing /usr/bin/gcc). + + + Selection Path Priority Status + ------------------------------------------------------------ + * 0 /usr/bin/gcc-4.4 60 auto mode + 1 /usr/bin/gcc-4.4 60 manual mode + 2 /usr/bin/gcc-4.5 40 manual mode + + Press enter to keep the current choice[*], or type selection number (as + root) + "" + + +PF_RING installation. + +Install pre-requisites: + + cd /opt + apt-get install subversion gobjc++-4.4-multilib gobjc++-4.4 + +Get the latest PF_RING: + + svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING + +Install PF_RING: + + cd /kernel + make && make install + sudo insmod ./pf_ring.ko + cd ../userland + make && make install + cd /lib + ./configure && make && make install + cd ../libpcap + ./configure && make && make install + cd ../examples + echo "options pf_ring transparent_mode=0 min_num_slots=32768 + enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf + +Check info: + + cat /proc/net/pf_ring/info + "" + cd ../kernel + cat /proc/net/pf_ring/info + PF_RING Version : 4.7.3 ($Revision: exported$) + Ring slots : 4096 + Slot version : 13 + Capture TX : Yes [RX+TX] + IP Defragment : No + Socket Mode : Standard + Transparent mode : Yes (mode 0) + Total rings : 0 + Total plugins : 0 + + "" + +Check functionality: + + ./pfcount -i eth0 + +You should see something even if you have no traffic at the moment: +"" +cd /opt/PF_RING/userland/examples +./pfcount -i eth0 +Using PF_RING v.4.7.3 +Capturing from eth0 [88:AE:1D:56:90:FA] + + 1. Device RX channels: 1 + 2. Polling threads: 1 ========================= + Absolute Stats: [0 pkts rcvd][0 pkts dropped] + Total Pkts=0/Dropped=0.0 % + 0 pkts - 0 bytes ========================= + +========================= +Absolute Stats: [0 pkts rcvd][0 pkts dropped] +Total Pkts=0/Dropped=0.0 % +0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] ========================= +Actual Stats: 0 pkts [1'000.32 ms][0.00 pkt/sec] ========================= +^CLeaving... ========================= +Absolute Stats: [0 pkts rcvd][0 pkts dropped] +Total Pkts=0/Dropped=0.0 % +0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] ========================= +Actual Stats: 0 pkts [629.37 ms][0.00 pkt/sec] ========================= + + cd /opt/PF_RING/userland/examples + +"" + +Suricata + +Go to directory of your choice and get Suricata: + + git clone git://phalanx.openinfosecfoundation.org/oisf.git + cd oisf/ + +Configure: + + ./autogen.sh + ./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda- + includes=/usr/local/cuda/include \ + --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring + +You should get at the end: +"" + + Suricata Configuration: + NFQueue support: no + IPFW support: no + PF_RING support: yes + Prelude support: no + Unit tests enabled: no + Debug output enabled: no + Debug validation enabled: no + CUDA enabled: yes + DAG enabled: no + Profiling enabled: yes + GCC Protect enabled: yes + GCC march native enabled: yes + GCC Profile enabled: no + Unified native time: no + Non-bundled htp: no + PCRE sljit: no + + +"" +Install: + + make && make install + ldconfig + +Verify: + + suricata --build-info + + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:622) (main) -- This is + Suricata version 1.1beta2 (rev b3f7e6a) + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:507) (SCPrintBuildInfo) - + - Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 CUDA PF_RING LIBCAP_NG + LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:521) (SCPrintBuildInfo) - + - 64-bits, Little-endian architecture + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:523) (SCPrintBuildInfo) - + - GCC version 4.4.5, C version 199901 + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:529) (SCPrintBuildInfo) - + - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1 + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:532) (SCPrintBuildInfo) - + - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2 + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:535) (SCPrintBuildInfo) - + - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4 + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:538) (SCPrintBuildInfo) - + - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8 + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:541) (SCPrintBuildInfo) - + - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:545) (SCPrintBuildInfo) - + - compiled with -fstack-protector + [1840] 13/8/2011 -- 14:26:39 - (suricata.c:551) (SCPrintBuildInfo) - + - compiled with _FORTIFY_SOURCE=2 + +Run Suricata: + + suricata -c /etc/suricata/suricata.yaml\ + --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow + -- cgit 1.2.3-korg