[Bro] Using native PF_RING plugin with broctl

James Lay jlay at slave-tothe-box.net
Mon Feb 27 12:49:52 PST 2017

On 2017-02-27 12:47, Seth Hall wrote:
>> On Feb 27, 2017, at 2:19 PM, Gary Faulkner <gfaulkner.nsm at gmail.com> 
>> wrote:
>> When you built Bro did you also configure/make/make install the 
>> pf_ring
>> plugin? My recollection is that the plugins are not automatically 
>> built
>> when you build bro. They should be in the
>> <path-to-bro-source>/aux/plugins/ in the source tree. They typically
>> install into <path-to-bro>/lib/bro/plugins/.
> Are there people out there that are using the pf_ring plugin to
> successfully load balance traffic?  I just checked the source to that
> plugin and I don't see where it sets up a load balanced ring. (I
> haven't worked on this plugin at all)
>   .Seth
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

 From my install notes:
git clone https://github.com/ntop/PF_RING.git

cd PF_RING/kernel
sudo make install

cd PF_RING/userland/lib
./configure --prefix=/opt/pfring
sudo make install

cd ../libpcap
./configure --prefix=/opt/pfring
sudo make install

cd ../tcpdump
./configure --prefix=/opt/pfring
sudo make install

modprobe pf_ring enable_tx_capture=1 min_num_slots=32768

./configure --prefix=/opt/bro --with-pcap=/opt/pfring

pf_ring plugin
cd aux/plugins/pf_ring
./configure --bro-dist=../../.. --with-pfring=/opt/pfring 
sudo make install

1 worker from node.cfg:



PF_RING Version          : 6.5.0 
Total rings              : 9

Standard (non ZC) Options
Ring slots               : 4096
Slot version             : 16
Capture TX               : Yes [RX+TX]
IP Defragment            : No
Socket Mode              : Standard
Total plugins            : 0
Cluster Fragment Queue   : 19736
Cluster Fragment Discard : 0


More information about the Bro mailing list