PF_RING6.0.2 compile and install on Redhat6.3x86 _ 64

This article describes in detail the compilation and installation of PF_RING in Linux. PF_RING version: 6.0.2 (Latest Version) Official Website: release (x86_64) GCC version: GCC Preface

This document describes the compilation and installation of PF_RING in Linux.

PF_RING version: 6.0.2 (Latest Version)

Http://www.ntop.org/products/pf_ring/

Download URL: http://sourceforge.net/projects/ntop/files/PF_RING/

Linux: RedHat 6.3 (x86_64)

GCC version: GCC 4.4.6

Download PF_RING

1) Check whether PF_RING is installed

If you have installed pf_ring, you may need to execute: rmmodpf_ring

If you are not sure whether to install pf_ring, run modinfopf_ring.

2) download the latest version of PF_RING from the download URL:

PF_RING-6.0.2.tar.gz 2014-09-24 21.9 MB

Upload to the/opt directory of the server where Redhat 6.3 is installed.

Log on to the server as a root user:

# Cd/opt

# Tar zxf PF_RING-6.0.2.tar.gz

# Cd PF_RING-6.0.2

Compile and install PF_RING

1) Compile the pf_ring Kernel File

Enter the kernel module directory:

Cd/opt/PF_RING-6.0.2/kernel

Compile the pf_ring kernel module:

Make & make install

The directory where the PF_RING kernel module is installed in RHEL 6.3:

/Lib/modules/2.6.32-279. el6.x86 _ 64/kernel/net/pf_ring

Load the pf_ring kernel module:

Modprobe pf_ringtransparent_mode = 1

Or

Insmod /Kernel/pf_ring.ko [transparent_mode = 0 | 1 | 2] [min_num_slots = x] [enable_tx_capture = 1 | 0] [enable_ip_defrag = 1 | 0] [quick_mode = 1 | 0]

 

Check whether the pf_ring kernel module is loaded:

Lsmod | greppf_ring

View the load information:

Cat/proc/net/pf_ring/info

Delete the pf_ring kernel module:

Rmmd pf_ring

2) Compile the pf_ring Development Library

Go to the/opt/PF_RING-6.0.2/userland/lib directory to compile the pf_ring Library:

# Cd/opt/PF_RING-6.0.2/userland/lib

#./Configure -- prefix =/opt/pfring

Error: checkingif libnuma is present... no

Please install libnuma-dev in order to usePF_RING

Solution: You need to install the libnuma-dev library. You can find the numactl *. rpm package from the CD or ISO image and run the rpm-ivh command to install it.

# Make & make intall

Note: The compiled pf_ring library and header file can be found in/opt/pfring.

Note: The missing lib/pf_ring.h header file can be found in/usr/include/linux/pf_ring.h, or in the/opt/PF_RING-6.0.2/kernel/linux directory.

3) Compile the libpcap library that supports PF_RING.

# Cd/opt/PF_RING-6.0.2/userland/libpcap

#./Configure -- prefix =/opt/pfring/

# Make & make install

Note: Modify the source code and set the kernel ring buffer of pf_ring to 10 MB. The default value is 2 MB.

Source: userland/libpcap-1.1.1-ring/pcap-linux.c

Function: int activate_mmap (pcap_t * handle );

Code snippet:

3310 if (handle-> opt. buffer_size = 0 ){

3311/* by defaultrequest 2 M for the ring buffer */

3312 handle-> opt. buffer_size = 2*1024*1024;

3313}

Note: The compiled libpcap library and header file can be found in/opt/pfring.

4) Compile the pf_ring sample code

# Cd/opt/PF_RING-6.0.2/userland/examples

# Make

#./Alldevs

1. lan (PF_RING)

2. USB mon1 (USB bus number 1)

3. any (Pseudo-device that captures on allinterfaces)

4. lo (No description available)

There are some practical PF_RING tools in this directory: pfcount and pfsend.

5) Compile and install the drivers supported by PF_RING.

* Use ethtool to view the network card model, for example, ethtool-I eth0.

# Lspci | grep Ethernet

* Go To The driver directory. Note that the non-zero copy driver is used here:

Cd/opt/PF_RING-6.0.2/drivers/PF_RING_aware/non-ZC-drivers/intel

* Compile the NIC supported by PF_RING:

# Cd e1000/e1000-8.0.35/src

# Make & make install

Where to install the NIC Driver in Redhat 6.3:

/Lib/modules/2.6.32-279. el6.x86 _ 64/kernel/drivers/net/e1000/e1000.ko

* Uninstall and install the PF_RING DRIVER:

Uninstall the driver: # rmmod e1000

Install the driver: # modprobe e1000

View the driver: # ethtol-I eth0

Note: When the communications network card also uses this driver, be sure to perform on-site operations. If you use ssh to remotely uninstall the driver, the network will not be connected.

Note: We recommend that you use different drivers for the collected network card and the network card used for communication.

Note: To set the NIC name and MAC address, compile the following file:

/Etc/udev/rules. d/70-persistent-net.rules

The command for compiling and installing PF_RING is as follows (it does not need to be executed as a root user ):

# Compile the kernel

Cd/opt/PF_RING-6.0.2/kernel

Make & sudo make install

# Compile the PF_RING Library

Cd ../userland/lib

./Configure-prefix =/usr/local/pfring & make & sudo make install

# Compile the libpcap library

Cd./libpcap-1.1.1-ring

./Configure-prefix =/usr/local/pfring & make & sudo make install

# Compile TCPDUMP

Cd./tcpdump-4.1.1

./Configure-prefix =/usr/local/pfring & make & sudo make install

# Update a dynamic library

Sudo ldconfig

# Loading Module

Sudo modprobe pf_ring

# Escalate to root permission and execute

Modinfo pf_ring & cat/proc/net/pf_ring/info

# Increase the consumption rate of the ixgbe Module

Rmmod ixgbe
Modprobe ixgbe InterruptThrottleRate = 4000

# To meet the needs of high-speed networks, we need to increase the number of ring slots

Rmmod pf_ring
Modprobe pf_ring transparent_mode = 1 min_num_slots = 65534 enable_tx_capture = 0

 

Use PF_RING

If you use libpcap that supports PF_RING, add the # define HAVE_PF_RING definition or add-DHAVE_PF_RING in the header file of the application.

If you use PF_RINGAPI to write code directly, you do not need to add the above definition.

For pf_ringapi, read the userguide.pdf file in the docdirectory or read the pfcount code in examples in the userland directory.

....

 

For more details, refer to the highlights on the next page.: Http://www.linuxidc.com/Linux/2014-11/109580p2.htm