Project

General

Profile

Installation with CUDA and PF RING on Ubuntu server 12.04

THIS WOULD NOT WORK ON A VIRTUAL MACHINE!

This guide is written using:
Ubuntu Server 12.04
Linux ubuntu64LTS 3.2.0-25-generic x86_64 GNU/Linux

Pre installation requirements

apt-get update
apt-get upgrade

To get the CUDA toolkit, enter:

http://developer.nvidia.com/cuda-toolkit-40

Pick up the correct NVIDIA drivers for your card and system

http://www.nvidia.com/Download/index.aspx?lang=en-us

Go to your download directory
chmod the 2 *.run files that you just downloaded.

For example:

chmod 655 cudatoolkit_4.0.17_linux_64_ubuntu10.10.run 
chmod 655 NVIDIA-Linux-x86_64-280.13.run
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \ 
build-essential autoconf automake libtool libpcap-dev libnet1-dev \ 
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \ 
make flex bison git

Run the cuda toolkit installation package:

sudo ./cudatoolkit_4.0.17_linux_64_ubuntu10.10.run

Close all windows and as you are logged in press:

Ctr+Alt+F1

Log in with your credentials

sudo -i

And enter your password

Stop the x server:

/etc/init.d/gdm stop

Uninstall xserver video drivers:

apt-get remove --purge xserver-xorg-video-nouveau

Go to the directory where you downloaded nvidia/cuda drivers.
Run the NVIDIA*******.run:

./NVIDIA********.run

Ok and yes your way out.
At some point it will ask you to make a special configuration file to disable a "nouveau"
driver that the system is currently using - say yes!

Reboot:

shutdown -r now

After reboot log in as you would normally do through the GUI
Log in as you would normally.

Go to shell:

Ctrl+Alt+F1

Type in your credentials and pass

sudo -i

Stop the xserver again:

/etc/init.d/gdm stop

Run the NVIDIA driver again.
This time it would finish and be successful....

Reboot:

shutdown -r now

After start you would notice that the display has much better resolution - it is a good thing.

Log in as you would normally.
Because on the 11.04 Ubuntu comes with gcc version 4.5 by default, you need to install gcc 4.4 since you must use 4.4 for the cuda compilation (on Ubuntu 11.04 that is):

apt-get install gcc-4.4 gcc-4.4-base g++-4.4

Then we switch and make ubuntu use the gcc 4.4 by default:

sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.5 40 --slave /usr/bin/g++ g++ /usr/bin/g++-4.5 
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.4 60 --slave /usr/bin/g++ g++ /usr/bin/g++-4.4

Make sure that this is the case:

sudo update-alternatives --config gcc

""

update-alternatives --config gcc (as root)

There are 2 choices for the alternative gcc (providing /usr/bin/gcc).


  Selection    Path              Priority   Status 
------------------------------------------------------------ 
* 0            /usr/bin/gcc-4.4   60        auto mode 
  1            /usr/bin/gcc-4.4   60        manual mode 
  2            /usr/bin/gcc-4.5   40        manual mode 

Press enter to keep the current choice[*], or type selection number  (as root)
"" 

PF_RING installation.

Install pre-requisites:

cd /opt 
apt-get install subversion gobjc++-4.4-multilib gobjc++-4.4

Go to your download directory and get the latest PF_RING (not as root):

git clone https://github.com/ntop/PF_RING.git
cd PF_RING/kernel/

Compile and install

Next, enter the following commands for configuration and installation:

make && sudo make install
cd ../userland/lib
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../libpcap
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../tcpdump-4.1.1
./configure --prefix=/usr/local/pfring && make && sudo make install
sudo ldconfig
sudo modprobe pf_ring transparent_mode=0 min_num_slots=65534

To check if you have everything you need, enter:

sudo modinfo pf_ring
cat /proc/net/pf_ring/info

Check info:

cat /proc/net/pf_ring/info

PF_RING Version          : 6.1.1 (dev:250a67fe1082121ac511a19ebc3fe1fc5f494bfe)
Total rings              : 16

Standard (non DNA/ZC) Options
Ring slots               : 65534
Slot version             : 16
Capture TX               : Yes [RX+TX]
IP Defragment            : No
Socket Mode              : Standard
Total plugins            : 0
Cluster Fragment Queue   : 10498
Cluster Fragment Discard : 0

Check functionality:

cd ../examples
sudo make
sudo ./pfcount -i eth0

You should see something even if you have no traffic at the moment:


root@suricata:/home/pevman/PF_RING/userland/examples# ./pfcount -i eth2
Using PF_RING v.6.1.1
Capturing from eth2 [00:E0:ED:19:E3:E0][ifIndex: 3]
# Device RX channels: 16
# Polling threads:    1
Dumping statistics on /proc/net/pf_ring/stats/18292-eth2.65
=========================
Absolute Stats: [365327 pkts rcvd][0 pkts dropped]
Total Pkts=365327/Dropped=0.0 %
365'327 pkts - 393'044'378 bytes
=========================

=========================
Absolute Stats: [698940 pkts rcvd][0 pkts dropped]
Total Pkts=698940/Dropped=0.0 %
698'940 pkts - 743'089'679 bytes [698'881.99 pkt/sec - 5'944.22 Mbit/sec]
=========================
Actual Stats: 333613 pkts [1'000.08 ms][333'585.31 pps/2.80 Gbps]
=========================

=========================
Absolute Stats: [1061709 pkts rcvd][0 pkts dropped]
Total Pkts=1061709/Dropped=0.0 %
1'061'709 pkts - 1'133'908'787 bytes [530'814.68 pkt/sec - 4'535.29 Mbit/sec]
=========================
Actual Stats: 362769 pkts [1'000.06 ms][362'744.69 pps/3.13 Gbps]
=========================

=========================
Absolute Stats: [1420415 pkts rcvd][0 pkts dropped]
Total Pkts=1420415/Dropped=0.0 %
1'420'415 pkts - 1'513'666'964 bytes [473'437.26 pkt/sec - 4'036.15 Mbit/sec]
=========================
Actual Stats: 358706 pkts [1'000.06 ms][358'681.60 pps/3.04 Gbps]
=========================

^CLeaving...
=========================
Absolute Stats: [1441779 pkts rcvd][0 pkts dropped]
Total Pkts=1441779/Dropped=0.0 %
1'441'779 pkts - 1'535'812'041 bytes [470'959.67 pkt/sec - 4'013.40 Mbit/sec]
=========================
Actual Stats: 21364 pkts [61.15 ms][349'393.25 pps/2.90 Gbps]
=========================

root@suricata:/home/pevman/PF_RING/userland/examples# 
root@suricata:/home/pevman/PF_RING/userland/examples# 
root@suricata:/home/pevman/PF_RING/userland/examples# 
root@suricata:/home/pevman/PF_RING/userland/examples# 
root@suricata:/home/pevman/PF_RING/userland/examples# cat /proc/net/pf_ring/info
PF_RING Version          : 6.1.1 (dev:250a67fe1082121ac511a19ebc3fe1fc5f494bfe)
Total rings              : 16

Standard (non DNA/ZC) Options
Ring slots               : 65534
Slot version             : 16
Capture TX               : Yes [RX+TX]
IP Defragment            : No
Socket Mode              : Standard
Total plugins            : 0
Cluster Fragment Queue   : 10498
Cluster Fragment Discard : 0
root@suricata:/home/pevman/PF_RING/userland/examples#

Suricata

Go to directory of your choice and get Suricata:

git clone git://phalanx.openinfosecfoundation.org/oisf.git 
cd oisf/
git clone https://github.com/OISF/libhtp.git -b 0.5.x

Configure:

./autogen.sh 
./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-includes=/usr/local/cuda/include \ 
--with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring -with-libpfring-includes=/usr/local/pfring/include \
--with-libpfring-libraries=/usr/local/pfring/lib

You should get at the end:
""

Suricata Configuration: 
  NFQueue support:          no 
  IPFW support:             no 
  PF_RING support:          yes 
  Prelude support:          no 
  Unit tests enabled:       no 
  Debug output enabled:     no 
  Debug validation enabled: no 
  CUDA enabled:             yes 
  DAG enabled:              no 
  Profiling enabled:        yes 
  GCC Protect enabled:      yes 
  GCC march native enabled: yes 
  GCC Profile enabled:      no 
  Unified native time:      no 
  Non-bundled htp:          no 
  PCRE sljit:               no 


""

Install:

make && make install 
ldconfig

Verify:

suricata --build-info 

Run Suricata:

suricata -c /etc/suricata/suricata.yaml\ 
--pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow