Installation with CUDA and PF RING on Ubuntu server 12.04¶
THIS WOULD NOT WORK ON A VIRTUAL MACHINE!
This guide is written using:
Ubuntu Server 12.04
Linux ubuntu64LTS 3.2.0-25-generic x86_64 GNU/Linux
Pre installation requirements¶
apt-get update apt-get upgrade
To get the CUDA toolkit, enter:
http://developer.nvidia.com/cuda-toolkit-40
Pick up the correct NVIDIA drivers for your card and system
http://www.nvidia.com/Download/index.aspx?lang=en-us
Go to your download directory
chmod the 2 *.run files that you just downloaded.
For example:
chmod 655 cudatoolkit_4.0.17_linux_64_ubuntu10.10.run chmod 655 NVIDIA-Linux-x86_64-280.13.run
sudo apt-get -y install libpcre3 libpcre3-dbg libpcre3-dev \ build-essential autoconf automake libtool libpcap-dev libnet1-dev \ libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0 \ make flex bison git
Run the cuda toolkit installation package:
sudo ./cudatoolkit_4.0.17_linux_64_ubuntu10.10.run
Close all windows and as you are logged in press:
Ctr+Alt+F1
Log in with your credentials
sudo -i
And enter your password
Stop the x server:
/etc/init.d/gdm stop
Uninstall xserver video drivers:
apt-get remove --purge xserver-xorg-video-nouveau
Go to the directory where you downloaded nvidia/cuda drivers.
Run the NVIDIA*******.run:
./NVIDIA********.run
Ok and yes your way out.
At some point it will ask you to make a special configuration file to disable a "nouveau"
driver that the system is currently using - say yes!
Reboot:
shutdown -r now
After reboot log in as you would normally do through the GUI
Log in as you would normally.
Go to shell:
Ctrl+Alt+F1
Type in your credentials and pass
sudo -i
Stop the xserver again:
/etc/init.d/gdm stop
Run the NVIDIA driver again.
This time it would finish and be successful....
Reboot:
shutdown -r now
After start you would notice that the display has much better resolution - it is a good thing.
Log in as you would normally.
Because on the 11.04 Ubuntu comes with gcc version 4.5 by default, you need to install gcc 4.4 since you must use 4.4 for the cuda compilation (on Ubuntu 11.04 that is):
apt-get install gcc-4.4 gcc-4.4-base g++-4.4
Then we switch and make ubuntu use the gcc 4.4 by default:
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.5 40 --slave /usr/bin/g++ g++ /usr/bin/g++-4.5 sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.4 60 --slave /usr/bin/g++ g++ /usr/bin/g++-4.4
Make sure that this is the case:
sudo update-alternatives --config gcc
""
update-alternatives --config gcc (as root)
There are 2 choices for the alternative gcc (providing /usr/bin/gcc).
Selection Path Priority Status ------------------------------------------------------------ * 0 /usr/bin/gcc-4.4 60 auto mode 1 /usr/bin/gcc-4.4 60 manual mode 2 /usr/bin/gcc-4.5 40 manual mode Press enter to keep the current choice[*], or type selection number (as root) ""
PF_RING installation.¶
Install pre-requisites:
cd /opt apt-get install subversion gobjc++-4.4-multilib gobjc++-4.4
Go to your download directory and get the latest PF_RING (not as root):
git clone https://github.com/ntop/PF_RING.git
cd PF_RING/kernel/
Compile and install
Next, enter the following commands for configuration and installation:
make && sudo make install
cd ../userland/lib
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../libpcap
./configure --prefix=/usr/local/pfring && make && sudo make install
cd ../tcpdump-4.1.1
./configure --prefix=/usr/local/pfring && make && sudo make install
sudo ldconfig
sudo modprobe pf_ring transparent_mode=0 min_num_slots=65534
To check if you have everything you need, enter:
sudo modinfo pf_ring
cat /proc/net/pf_ring/info
Check info:
cat /proc/net/pf_ring/info
PF_RING Version : 6.1.1 (dev:250a67fe1082121ac511a19ebc3fe1fc5f494bfe) Total rings : 16 Standard (non DNA/ZC) Options Ring slots : 65534 Slot version : 16 Capture TX : Yes [RX+TX] IP Defragment : No Socket Mode : Standard Total plugins : 0 Cluster Fragment Queue : 10498 Cluster Fragment Discard : 0
Check functionality:
cd ../examples
sudo make
sudo ./pfcount -i eth0
You should see something even if you have no traffic at the moment:
root@suricata:/home/pevman/PF_RING/userland/examples# ./pfcount -i eth2 Using PF_RING v.6.1.1 Capturing from eth2 [00:E0:ED:19:E3:E0][ifIndex: 3] # Device RX channels: 16 # Polling threads: 1 Dumping statistics on /proc/net/pf_ring/stats/18292-eth2.65 ========================= Absolute Stats: [365327 pkts rcvd][0 pkts dropped] Total Pkts=365327/Dropped=0.0 % 365'327 pkts - 393'044'378 bytes ========================= ========================= Absolute Stats: [698940 pkts rcvd][0 pkts dropped] Total Pkts=698940/Dropped=0.0 % 698'940 pkts - 743'089'679 bytes [698'881.99 pkt/sec - 5'944.22 Mbit/sec] ========================= Actual Stats: 333613 pkts [1'000.08 ms][333'585.31 pps/2.80 Gbps] ========================= ========================= Absolute Stats: [1061709 pkts rcvd][0 pkts dropped] Total Pkts=1061709/Dropped=0.0 % 1'061'709 pkts - 1'133'908'787 bytes [530'814.68 pkt/sec - 4'535.29 Mbit/sec] ========================= Actual Stats: 362769 pkts [1'000.06 ms][362'744.69 pps/3.13 Gbps] ========================= ========================= Absolute Stats: [1420415 pkts rcvd][0 pkts dropped] Total Pkts=1420415/Dropped=0.0 % 1'420'415 pkts - 1'513'666'964 bytes [473'437.26 pkt/sec - 4'036.15 Mbit/sec] ========================= Actual Stats: 358706 pkts [1'000.06 ms][358'681.60 pps/3.04 Gbps] ========================= ^CLeaving... ========================= Absolute Stats: [1441779 pkts rcvd][0 pkts dropped] Total Pkts=1441779/Dropped=0.0 % 1'441'779 pkts - 1'535'812'041 bytes [470'959.67 pkt/sec - 4'013.40 Mbit/sec] ========================= Actual Stats: 21364 pkts [61.15 ms][349'393.25 pps/2.90 Gbps] ========================= root@suricata:/home/pevman/PF_RING/userland/examples# root@suricata:/home/pevman/PF_RING/userland/examples# root@suricata:/home/pevman/PF_RING/userland/examples# root@suricata:/home/pevman/PF_RING/userland/examples# root@suricata:/home/pevman/PF_RING/userland/examples# cat /proc/net/pf_ring/info PF_RING Version : 6.1.1 (dev:250a67fe1082121ac511a19ebc3fe1fc5f494bfe) Total rings : 16 Standard (non DNA/ZC) Options Ring slots : 65534 Slot version : 16 Capture TX : Yes [RX+TX] IP Defragment : No Socket Mode : Standard Total plugins : 0 Cluster Fragment Queue : 10498 Cluster Fragment Discard : 0 root@suricata:/home/pevman/PF_RING/userland/examples#
Suricata¶
Go to directory of your choice and get Suricata:
git clone git://phalanx.openinfosecfoundation.org/oisf.git cd oisf/ git clone https://github.com/OISF/libhtp.git -b 0.5.x
Configure:
./autogen.sh ./configure --enable-gccprotect --enable-profiling --enable-cuda --with-cuda-includes=/usr/local/cuda/include \ --with-cuda-libraries=/usr/local/cuda/lib64 --enable-pfring -with-libpfring-includes=/usr/local/pfring/include \ --with-libpfring-libraries=/usr/local/pfring/lib
You should get at the end:
""
Suricata Configuration: NFQueue support: no IPFW support: no PF_RING support: yes Prelude support: no Unit tests enabled: no Debug output enabled: no Debug validation enabled: no CUDA enabled: yes DAG enabled: no Profiling enabled: yes GCC Protect enabled: yes GCC march native enabled: yes GCC Profile enabled: no Unified native time: no Non-bundled htp: no PCRE sljit: no
""
Install:
make && make install ldconfig
Verify:
suricata --build-info
Run Suricata:
suricata -c /etc/suricata/suricata.yaml\ --pfring-int=eth0 --pfring-cluster-id=99 --pfring-cluster-type=cluster_flow