aboutsummaryrefslogtreecommitdiffstats
path: root/framework/src/suricata/doc/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt
blob: 18ea5d1027e06f329f318b9710dba56aeb4cdcba (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

Autogenerated on 2012-11-29
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6


Installation with CUDA and PFRING on Scientific Linux 6

For setup and install you need to be root:
mkdir /root/src
cd /root/src

Pre installation requirements

Install the following packages, to make sure you have everything needed for the
installation:

  yum install mpfr-2.4.1-6.el6.x86_64 cpp-4.4.4-13.el6.x86_64 ppl-0.10.2-
  11.el6.x86_64 \
  cloog-ppl-0.15.7-1.2.el6.x86_64 gcc-4.4.4-13.el6.x86_64 kernel-devel-2.6.32-
  131.2.1.el6.x86_64 \
  pcre-devel-7.8-3.1.el6.x86_64 libpcap-devel-1.0.0-
  6.20091201git117cb5.el6.x86_64 \
  yum-plugin-priorities-1.1.26-11.el6.noarch yum-conf-sl6x-1-1.noarch libyaml-
  0.1.3-1.el6.rf.x86_64 \
  libyaml-devel-0.1.3-1.el6.rf.x86_64 libnet-1.1.2.1-2.2.el6.rf.x86_64 flex-
  2.5.35-8.el6.x86_64 \
  bison-2.4.1-5.el6.x86_64 gcc-c++-4.4.4-13.el6.x86_64


CUDA

Download and install NVIDIA CUDA drivers:

  wget http://us.download.nvidia.com/XFree86/Linux-x86_64/270.41.19/NVIDIA-
  Linux-x86_64-270.41.19.run
  chmod +x NVIDIA-Linux-x86_64-270.41.19.run
  ./NVIDIA-Linux-x86_64-270.41.19.run

You also need to download and install the CUDA toolkit for RHEL6 :

  wget http://developer.download.nvidia.com/compute/cuda/4_0/toolkit/
  cudatoolkit_4.0.17_linux_64_rhel6.0.run
  chmod +x cudatoolkit_4.0.17_linux_64_rhel6.0.run
  ./cudatoolkit_4.0.17_linux_64_rhel6.0.run

Make sure the kernel modules are loaded:

  /sbin/modprobe -r nouveau && /sbin/modprobe nvidia

To ensure the proper NVIDIA CUDA modules get loaded on reboot, add the above
line to your /etc/rc.local file.

PF_RING

Go to your download directory and get the latest PF_RING:

     svn export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ pfring-svn-
     latest

Compile and install
Next, enter the following commands for configuration and installation:

     cd pfring-svn-latest/kernel
     make && sudo make install
     cd ../userland/lib
     ./configure --prefix=/usr/local/pfring && make && sudo make install
     cd ../libpcap-1.1.1-ring
     ./configure --prefix=/usr/local/pfring && make && sudo make install
     cd ../tcpdump-4.1.1
     ./configure --prefix=/usr/local/pfring && make && sudo make install

Load the pf_ring kernel module:

  /sbin/modprobe pf_ring

To ensure the pf_ring module gets loaded on reboot, add the above line to your
/etc/rc.local file.

Suricata

Download and install Suricata:

  wget http://www.openinfosecfoundation.org/download/suricata-1.1beta2.tar.gz

And unpack it:

  tar -xvzf suricata-1.1beta2.tar.gz

Change to the unpacked directory:

  cd suricata-1.1beta2

Now compile and install Suricata with PF_RING and CUDA support:

  ./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-
  includes=/usr/local/cuda/include \
  --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring --with-libpfring-
  libraries=/usr/local/lib \
  --with-libpfring-includes=/usr/local/include --with-libpcap-libraries=/usr/
  local/lib --with-libpcap-includes=/usr/local/include
  make
  make install

Continue with the Basic_Setup
Next, you need to edit max-pending-packets in your /etc/suricata/suricata.yaml.
If you don't have one, download a generic one to get started:

  cd /etc/suricata
  wget https://rules.emergingthreatspro.com/open-nogpl/suricata/suricata-
  open.yaml

Edit your suricata-open.yaml file accordingly.
The number of packets allowed to be processed simultaneously can be whatever
you want but it is recommended that it be 4000 or more.
For example:

  max-pending-packets: 12288

Next make sure the following line is present in the multi pattern algorithm
section:

  mpm-algo: b2g_cuda


Rules

Read the information in Rule_Management_with_Oinkmaster
Add rules to suricata:

  cd /etc/suricata
  wget https://rules.emergingthreatspro.com/open-nogpl/suricata/
  emerging.rules.tar.gz
  tar -xvzf emerging.rules.tar.gz

Make sure your .yaml file includes the /etc/suricata/rules/emerging-*.rules
files (they may need to be uncommented).
Run Suricata as followed:

  cd /etc/suricata
  /usr/local/bin/suricata -c /etc/suricata/suricata.yaml\
  --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow


  touch /var/lock/subsys/local


References

PF_RING
http://www.ntop.org/products/pf_ring/