转载:Installing PF RING and nProbe on Fedora Core 4 (FC4)-阿里云开发者社区

开发者社区> 开发与运维> 正文
登录阅读全文

转载:Installing PF RING and nProbe on Fedora Core 4 (FC4)

简介:
原文: 

Installing PF RING and nProbe on Fedora Core 4 (FC4)

## Install FC4. 
## Install FC4 updates. 

## Download Source for FC kernel 
Download source RPM for kernel running on system ("unname -r" will give 
you current version) 
(rpm contains vanilla kernel and FC patches). 

* Instructions below are taken the from Fedora Core Release Notes about 
kernel compiling 
Check there for definitive information (NMJ). 

- Install src with command "rpm -Uvh kernel-<version>.src.rpm" where version 
is the 
version from "uname -r" 

- Add Fedora patches to vanilla kernel 
cd /usr/src/redhat/SPECS 
rpmbuild -bp --target $(arch) kernel-2.6.spec 

- Move kernel to /usr/src 
mv /usr/src/redhat/BUILD/kernel-<version>/kernel-<version> /usr/src (Note: 
the two kernel-<version>s 

cd /usr/src 
ln -s ./linux-<version> linux 
cd /usr/src/linux 

## Installing PF_RING patches into kernel source 
Download PF_RING
CVSROOT=:pserver:anonymous[at]cvs.ntop.org:/export/home/ntop;export CVSROOT 
mkdir <directory to store PF_RING files> 
cd <directory to store PF_RING files> 
cvs login (password is "ntop") 
cvs checkout PF_RING 
cd PF_RING 

- Edit mkpatch.sh so Kernel version variables equal FC4 kernel version 
created above. 
i.e. if "uname -r" returns "2.6.14-1.1656_FC4", then: 
VERSION=2 
PATCHLEVEL=6 
SUBLEVEL=14 
EXTRAVERSION="-1.1656_FC4-PF_RING
- Run "mkpatch.sh" 
- Copy the compressed patch file created by mkpatch.sh in the directory 
"workspace" 
(i.e. linux-2.6.14-1.1656_FC4-PF_RING) to /usr/src 
- Run "zcat <patch file> | patch --dry-run -p0" to test for errors 
- Run "zcat <patch file> | patch -p0" to apply patches 

## Build Kernel 
* With exception of enabling PF_RING, Instructions below are taken the 
from Fedora 
Core Release Notes about kernel compiling. Check there for definitive 
information. 

cd /usr/src/linux 
Edit Makefile to set VERSION, PATCHLEVEL, and EXTRAVERSION 
Run "make menuconfig" 
Enable PF_RING under "Networking->Networking options". 
Enable 64 GB memory support under "Processor type and features->High 
Memory Support" 

make 
make modules_install 
make install (to install kernel in /boot and make compressed ram image 
(unique to FC)) 

Edit /boot/grub/grub.conf, set default time out to 10 seconds and change 
the default boot to the new kernel. 

Reboot and test that system boots new kernel successfully. You can always 
reboot and select the old 
kernel from the grub loader menu if the new kernel doesn't work. 

## Build PF_RING enabled libpcap 
- Copy /usr/src/linux/include/linux/ring.h to /usr/include/linux 
(For some reason this doesn't get done when compiling the kernel). 

- Compile libpfring (This is one of those new steps that was not 
documented). 
cd PF_RING/userland/libpfring 
make 
cp libpfring.a /usr/local/lib 
cp pfring.h /usr/local/include 

- Get version of libpcap specified version of PF_RING 
(Do an directory listing of PF_RING/userland to find version of libpcap 
to get 
It's currently 0.9.4, get it at http://www.tcpdump.org ). 
Untar libpcap source in PF_RING/userland 

- Copy pcap-int.h and pcap-linux.c from 
PF_RING/userland/libpcap<VERSION>-ring to directory 
PF_RING/userland/libpcap<VERSION>. 

- Use the following configure command to make sure libpcap can find the 
ring libraries 
./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" 

- Build libpcap 
make 
make install 
(default install is into /usr/local/include and /usr/local/lib) 

- cd back to PF_RING/userland/pcount. Make and run pcount to test to test 
if libpcap is working. 
You won't see any output until you stop the program with <CTRL-C>. 
[root[at]nmj-test libpfring]# ./pcount 
Capturing from eth0 
(Wait a bit, and hit <CTRL-C>. You should see the following): 
========================= 
Absolute Stats: [19 pkts rcvd][0 pkts dropped] 
Total Pkts=19/Dropped=0.0 % 
19 pkts [7.8 pkt/sec] - 5159 bytes [0.02 Mbit/sec] 
========================= 
Actual Stats: 19 pkts [-1402903.2 ms][-0.0 pkt/sec] 
========================= 
[root[at]nmj-test pcount]# 

## Compile nProbe to use libpcap. 
- Untar nProbe 
- Run "autogen.sh" (generates configure stuff, don't know why) 
- ./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib 
-lpfring" 
(again adding -lpfring is NOT documented). 

## Test running nprobe 
Watch the syslog file by running "tail -f /var/log/messages" 
Run nprobe 
Look for the following messages in to appear in /var/log/messages: 
Jan 27 14:15:47 nmj-test kernel: RING: successfully allocated 1024 KB 
[tot_mem=598076][order=8] 
Jan 27 14:15:47 nmj-test kernel: RING: allocated 7181 slots 
[slot_len=146][tot_mem=1048576] 
Jan 27 14:15:47 nmj-test kernel: device eth0 entered promiscuous mode 

## Other things you may want to consider to maximize performance. 
- Disable X (you can always start it by running the "startx" command). 
Edit /etc/inittab and comment out inittab entry that starts. 
- Disable graphical boot status 
Edit /boot/grub/grub.conf and remove "rhgb" option from grub.conf 
entries 
- Shutdown all unnecessary services 
- Review Firewall settings 

## Check the archives for ntop-misc mailing list, there is an e-mail about 
on how to 
make libpcap a shared library so it can be used with other applications 
that use libpcap 

(ethereal, snort). 

本文转自xiaotie博客园博客,原文链接http://www.cnblogs.com/xiaotie/archive/2006/04/20/379700.html如需转载请自行联系原作者


xiaotie 集异璧实验室(GEBLAB)

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
开发与运维
使用钉钉扫一扫加入圈子
+ 订阅

集结各类场景实战经验,助你开发运维畅行无忧

其他文章
最新文章
相关文章