blob: 1d1cd22000562071c6737ee428c6bc0d3febeb0e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
|
Autogenerated on 2012-01-11
from - https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104
Installation with CUDA and PF RING on Ubuntu server 11.04
THIS WOULD NOT WORK ON A VIRTUAL MACHINE!
This guide is written using:
Ubuntu Server 11.04
Linux ubuntu 2.6.38-8-generic x86_64 GNU/Linux
Pre installation requirements
apt-get update
apt-get upgrade
To get the CUDA toolkit, enter:
http://developer.nvidia.com/cuda-toolkit-40
Pick up the correct NVIDIA drivers for your card and system
http://www.nvidia.com/Download/index.aspx?lang=en-us
Go to your download directory
chmod the 2 *.run files that you just downloaded.
For example:
chmod 655 cudatoolkit_4.0.17_linux_64_ubuntu10.10.run
chmod 655 NVIDIA-Linux-x86_64-280.13.run
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \
build-essential autoconf automake libtool libpcap-dev libnet1-dev \
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \
make flex bison git
Run the cuda toolkit installation package:
sudo ./cudatoolkit_4.0.17_linux_64_ubuntu10.10.run
Close all windows and as you are logged in press:
Ctr+Alt+F1
Log in with your credentials
sudo -i
And enter your password
Stop the x server:
/etc/init.d/gdm stop
Uninstall xserver video drivers:
apt-get remove --purge xserver-xorg-video-nouveau
Go to the directory where you downloaded nvidia/cuda drivers.
Run the NVIDIA*******.run:
./NVIDIA********.run
Ok and yes your way out.
At some point it will ask you to make a special configuration file to disable a
"nouveau"
driver that the system is currently using - say yes!
Reboot:
shutdown -r now
After reboot log in as you would normally do through the GUI
Log in as you would normally.
Go to shell:
Ctrl+Alt+F1
Type in your credentials and pass
sudo -i
Stop the xserver again:
/etc/init.d/gdm stop
Run the NVIDIA driver again.
This time it would finish and be successful....
Reboot:
shutdown -r now
After start you would notice that the display has much better resolution - it
is a good thing.
Log in as you would normally.
Because the 11.04 Ubuntu comes with gcc version 4.5 by default, you need to
install gcc 4.4 since you must use 4.4 for the cuda compilation:
apt-get install gcc-4.4 gcc-4.4-base g++-4.4
Then we switch and make ubuntu use the gcc 4.4 by default:
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.5 40 --
slave /usr/bin/g++ g++ /usr/bin/g++-4.5
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.4 60 --
slave /usr/bin/g++ g++ /usr/bin/g++-4.4
Make sure that this is the case:
sudo update-alternatives --config gcc
""
update-alternatives --config gcc (as root)
There are 2 choices for the alternative gcc (providing /usr/bin/gcc).
Selection Path Priority Status
------------------------------------------------------------
* 0 /usr/bin/gcc-4.4 60 auto mode
1 /usr/bin/gcc-4.4 60 manual mode
2 /usr/bin/gcc-4.5 40 manual mode
Press enter to keep the current choice[*], or type selection number (as
root)
""
PF_RING installation.
Install pre-requisites:
cd /opt
apt-get install subversion gobjc++-4.4-multilib gobjc++-4.4
Get the latest PF_RING:
svn --force export https://svn.ntop.org/svn/ntop/trunk/PF_RING/ PF_RING
Install PF_RING:
cd /kernel
make && make install
sudo insmod ./pf_ring.ko
cd ../userland
make && make install
cd /lib
./configure && make && make install
cd ../libpcap
./configure && make && make install
cd ../examples
echo "options pf_ring transparent_mode=0 min_num_slots=32768
enable_tx_capture=0" > /etc/modprobe.d/pf_ring.conf
Check info:
cat /proc/net/pf_ring/info
""
cd ../kernel
cat /proc/net/pf_ring/info
PF_RING Version : 4.7.3 ($Revision: exported$)
Ring slots : 4096
Slot version : 13
Capture TX : Yes [RX+TX]
IP Defragment : No
Socket Mode : Standard
Transparent mode : Yes (mode 0)
Total rings : 0
Total plugins : 0
""
Check functionality:
./pfcount -i eth0
You should see something even if you have no traffic at the moment:
""
cd /opt/PF_RING/userland/examples
./pfcount -i eth0
Using PF_RING v.4.7.3
Capturing from eth0 [88:AE:1D:56:90:FA]
1. Device RX channels: 1
2. Polling threads: 1 =========================
Absolute Stats: [0 pkts rcvd][0 pkts dropped]
Total Pkts=0/Dropped=0.0 %
0 pkts - 0 bytes =========================
=========================
Absolute Stats: [0 pkts rcvd][0 pkts dropped]
Total Pkts=0/Dropped=0.0 %
0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] =========================
Actual Stats: 0 pkts [1'000.32 ms][0.00 pkt/sec] =========================
^CLeaving... =========================
Absolute Stats: [0 pkts rcvd][0 pkts dropped]
Total Pkts=0/Dropped=0.0 %
0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec] =========================
Actual Stats: 0 pkts [629.37 ms][0.00 pkt/sec] =========================
cd /opt/PF_RING/userland/examples
""
Suricata
Go to directory of your choice and get Suricata:
git clone git://phalanx.openinfosecfoundation.org/oisf.git
cd oisf/
Configure:
./autogen.sh
./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-
includes=/usr/local/cuda/include \
--with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring
You should get at the end:
""
Suricata Configuration:
NFQueue support: no
IPFW support: no
PF_RING support: yes
Prelude support: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
CUDA enabled: yes
DAG enabled: no
Profiling enabled: yes
GCC Protect enabled: yes
GCC march native enabled: yes
GCC Profile enabled: no
Unified native time: no
Non-bundled htp: no
PCRE sljit: no
""
Install:
make && make install
ldconfig
Verify:
suricata --build-info
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:622) <Info> (main) -- This is
Suricata version 1.1beta2 (rev b3f7e6a)
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:507) <Info> (SCPrintBuildInfo) -
- Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 CUDA PF_RING LIBCAP_NG
LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:521) <Info> (SCPrintBuildInfo) -
- 64-bits, Little-endian architecture
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:523) <Info> (SCPrintBuildInfo) -
- GCC version 4.4.5, C version 199901
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:529) <Info> (SCPrintBuildInfo) -
- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:532) <Info> (SCPrintBuildInfo) -
- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:535) <Info> (SCPrintBuildInfo) -
- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:538) <Info> (SCPrintBuildInfo) -
- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:541) <Info> (SCPrintBuildInfo) -
- __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:545) <Info> (SCPrintBuildInfo) -
- compiled with -fstack-protector
[1840] 13/8/2011 -- 14:26:39 - (suricata.c:551) <Info> (SCPrintBuildInfo) -
- compiled with _FORTIFY_SOURCE=2
Run Suricata:
suricata -c /etc/suricata/suricata.yaml\
--pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow
|
