Autogenerated on 2012-01-11 from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104 Installation with CUDA and PF RING on Ubuntu server 11.04 THIS WOULD NOT WORK ON A VIRTUAL MACHINE! This guide is written using: Ubuntu Server 11.04 Linux ubuntu 2.6.38-8-generic x86_64 GNU/Linux Pre installation requirements apt-get update apt-get upgrade To get the CUDA toolkit, enter: http://developer.nvidia.com/cuda-toolkit-40 Pick up the correct NVIDIA drivers for your card and system http://www.nvidia.com/Download/index.aspx?lang=en-us Go to your download directory chmod the 2 *.run files that you just downloaded. For example: chmod 655 cudatoolkit_4.0.17_linux_64_ubuntu10.10.run chmod 655 NVIDIA-Linux-x86_64-280.13.run sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \ build-essential autoconf automake libtool libpcap-dev libnet1-dev \ libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \ make flex bison git Run the cuda toolkit installation package: sudo ./cudatoolkit_4.0.17_linux_64_ubuntu10.10.run Close all windows and as you are logged in press: Ctr+Alt+F1 Log in with your credentials sudo -i And enter your password Stop the x server: /etc/init.d/gdm stop Uninstall xserver video drivers: apt-get remove --purge xserver-xorg-video-nouveau Go to the directory where you downloaded nvidia/cuda drivers. Run the NVIDIA*******.run: ./NVIDIA********.run Ok and yes your way out. At some point it will ask you to make a special configuration file to disable a "nouveau" driver that the system is currently using - say yes! Reboot: shutdown -r now After reboot log in as you would normally do through the GUI Log in as you would normally. Go to shell: Ctrl+Alt+F1 Type in your credentials and pass sudo -i Stop the xserver again: /etc/init.d/gdm stop Run the NVIDIA driver again. This time it would finish and be successful.... Reboot: shutdown -r now After start you would notice that the display has much better resolution - it is a good thing. Log in as you would normally. Because the 11.04 Ubuntu comes with gcc version 4.5 by default, you need to install gcc 4.4 since you must use 4.4 for the cuda compilation: apt-get install gcc-4.4 gcc-4.4-base g++-4.4 Then we switch and make ubuntu use the gcc 4.4 by default: sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.5 40 -- slave /usr/bin/g++ g++ /usr/bin/g++-4.5 sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.4 60 -- slave /usr/bin/g++ g++ /usr/bin/g++-4.4 Make sure that this is the case: sudo update-alternatives --config gcc "" update-alternatives --config gcc (as root) There are 2 choices for the alternative gcc (providing /usr/bin/gcc). Selection Path Priority Status ------------------------------------------------------------ * 0 /usr/bin/gcc-4.4 60 auto mode 1 /usr/bin/gcc-4.4 60 manual mode 2 /usr/bin/gcc-4.5 40 manual mode Press enter to keep the current choice[*], or type selection number (as root) "" PF_RING installation. Install pre-requisites: cd /opt apt-get install subversion gobjc++-4.4-multilib gobjc++-4.4 Get the latest PF_RING: svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING Install PF_RING: cd /kernel make && make install sudo insmod ./pf_ring.ko cd ../userland make && make install cd /lib ./configure && make && make install cd ../libpcap ./configure && make && make install cd ../examples echo "options pf_ring transparent_mode=0 min_num_slots=32768 enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf Check info: cat /proc/net/pf_ring/info "" cd ../kernel cat /proc/net/pf_ring/info PF_RING Version : 4.7.3 ($Revision: exported$) Ring slots : 4096 Slot version : 13 Capture TX : Yes [RX+TX] IP Defragment : No Socket Mode : Standard Transparent mode : Yes (mode 0) Total rings : 0 Total plugins : 0 "" Check functionality: ./pfcount -i eth0 You should see something even if you have no traffic at the moment: "" cd /opt/PF_RING/userland/examples ./pfcount -i eth0 Using PF_RING v.4.7.3 Capturing from eth0 [88:AE:1D:56:90:FA] 1. Device RX channels: 1 2. Polling threads: 1 ========================= Absolute Stats: [0 pkts rcvd][0 pkts dropped] Total Pkts=0/Dropped=0.0 % 0 pkts - 0 bytes ========================= ========================= Absolute Stats: [0 pkts rcvd][0 pkts dropped] Total Pkts=0/Dropped=0.0 % 0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] ========================= Actual Stats: 0 pkts [1'000.32 ms][0.00 pkt/sec] ========================= ^CLeaving... ========================= Absolute Stats: [0 pkts rcvd][0 pkts dropped] Total Pkts=0/Dropped=0.0 % 0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] ========================= Actual Stats: 0 pkts [629.37 ms][0.00 pkt/sec] ========================= cd /opt/PF_RING/userland/examples "" Suricata Go to directory of your choice and get Suricata: git clone git://phalanx.openinfosecfoundation.org/oisf.git cd oisf/ Configure: ./autogen.sh ./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda- includes=/usr/local/cuda/include \ --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring You should get at the end: "" Suricata Configuration: NFQueue support: no IPFW support: no PF_RING support: yes Prelude support: no Unit tests enabled: no Debug output enabled: no Debug validation enabled: no CUDA enabled: yes DAG enabled: no Profiling enabled: yes GCC Protect enabled: yes GCC march native enabled: yes GCC Profile enabled: no Unified native time: no Non-bundled htp: no PCRE sljit: no "" Install: make && make install ldconfig Verify: suricata --build-info [1840] 13/8/2011 -- 14:26:39 - (suricata.c:622) (main) -- This is Suricata version 1.1beta2 (rev b3f7e6a) [1840] 13/8/2011 -- 14:26:39 - (suricata.c:507) (SCPrintBuildInfo) - - Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 CUDA PF_RING LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK [1840] 13/8/2011 -- 14:26:39 - (suricata.c:521) (SCPrintBuildInfo) - - 64-bits, Little-endian architecture [1840] 13/8/2011 -- 14:26:39 - (suricata.c:523) (SCPrintBuildInfo) - - GCC version 4.4.5, C version 199901 [1840] 13/8/2011 -- 14:26:39 - (suricata.c:529) (SCPrintBuildInfo) - - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1 [1840] 13/8/2011 -- 14:26:39 - (suricata.c:532) (SCPrintBuildInfo) - - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2 [1840] 13/8/2011 -- 14:26:39 - (suricata.c:535) (SCPrintBuildInfo) - - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4 [1840] 13/8/2011 -- 14:26:39 - (suricata.c:538) (SCPrintBuildInfo) - - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8 [1840] 13/8/2011 -- 14:26:39 - (suricata.c:541) (SCPrintBuildInfo) - - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16 [1840] 13/8/2011 -- 14:26:39 - (suricata.c:545) (SCPrintBuildInfo) - - compiled with -fstack-protector [1840] 13/8/2011 -- 14:26:39 - (suricata.c:551) (SCPrintBuildInfo) - - compiled with _FORTIFY_SOURCE=2 Run Suricata: suricata -c /etc/suricata/suricata.yaml\ --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow