Monday, May 21, 2012

Compiling PF_RING Intel Drivers

I've been meaning to play around with PF_RING but never really managed to get its patched drivers compiled. I'm running Arch Linux which has a 3.3 kernel at the moment. A while ago Luca Deri himself mentioned in a bug report of mine that the drivers are only meant to be compiled on 2.6.x kernels. So today I installed a Debian Squeeze which has a 2.6.32 kernel in VirtualBox and tried compiling the Intel drivers in there. Again I got an error but this time it was a different error message. Something like this:

error: ‘struct dev_pm_info’ has no member named ‘runtime_auto’
 
I found this thread that suggested making with make CFLAGS_EXTRA=-DDISABLE_PM. I tried the suggestion and it worked.

Unfortunately, the only PF_RING aware NIC I currently have access to is a Broadcom-based one. I haven't managed to compile those drivers yet.
Posted by at 8:14 AM 0 comments
Labels: , , , ,

Wednesday, April 25, 2012

Compiling "vomit"

I just needed to compile vomit (the man page is here) which is utility for converting G.711 data into a wave file. I ran into several problems (I'm using gcc 4.7.0, with libevent 2.0.18-1 from Arch's core repository, and libnet 1.1.5-2 from the community repo). In file pcapu.c, in function pcap_cb there is this line:
fprintf(stderr, __FUNCTION__": ! add\n");
There are several ways to fix this, but I shamelessly commented it out!

Then there are several references to struct libnet_ip_hdr, which does not exist in recent libnet versions. I simply changed them all to struct libnet_ipv4_hdr.

And finally, in vomit.c, there are references to event_gotsig and event_sigcb symbols which have been removed from libevent for some time. Again, since their use didn't seem too crucial to me, I commented them out.

Perhaps a little bit crude, but it worked for me!
Posted by at 5:24 PM 0 comments
Labels: , , ,

Tuesday, March 27, 2012

libnids: I get nothing!

libnids is a library that emulates the IP stack of Linux 2.0.x. It offers IP defragmentation, TCP stream assembly and TCP port scan detection.

The first thing I attempted with it, naturally, was running the sample program, printatll.c. It's supposed to print out all TCP data. Problem was, it outputed nothing for me. I even added a printf to the first line of tcp_callback function and found out it is never called.

I was perplexed. I looked for a mailing list but found none. So I wrote to libnids's principal programmer, Rafal Wojtczuk, who kindly helped me with my problem. He suggested that probably I need to disable outgoing packet checksumming. I added these lines before the call to nids_run() and everything worked out!
struct nids_chksum_ctl *ctl =
  (struct nids_chksum_ctl *) malloc(sizeof(struct nids_chksum_ctl));
ctl->netaddr = 0;
ctl->mask = 0;
ctl->action = NIDS_DONT_CHKSUM;
nids_register_chksum_ctl(ctl, 1);
Apparently checksumming was somehow failing and stopping libnids to consider the TCP connection established (or something along those lines!). A big thanks to Rafal for his help.
Posted by at 3:56 PM 0 comments
Labels:
Subscribe to: Posts (Atom)