转载:Installing PF RING and nProbe on Fedora Core 4 (FC4)Installing PF RING and nProbe on Fedora Core 4 (FC4)

原文： 

## Install FC4. 

## Install FC4 updates. 

## <b>Download</b> Source for FC kernel 

- <b>Download</b> source RPM for kernel running on system ("unname -r" will give 

you current version) 

(rpm contains vanilla kernel and FC patches). 

* Instructions below are taken the from Fedora Core Release Notes about 

kernel compiling 

Check there for definitive information (NMJ). 

- Install src with command "rpm -Uvh kernel-&lt;version&gt;.src.rpm" where version 

is the 

version from "uname -r" 

- Add Fedora patches to vanilla kernel 

cd /usr/src/redhat/SPECS 

rpmbuild -bp --target $(arch) kernel-2.6.spec 

- Move kernel to /usr/src 

mv /usr/src/redhat/BUILD/kernel-&lt;version&gt;/kernel-&lt;version&gt; /usr/src (Note: 

the two kernel-&lt;version&gt;s 

cd /usr/src 

ln -s ./linux-&lt;version&gt; linux 

cd /usr/src/linux 

## Installing <b>PF_RING</b> patches into kernel source 

- <b>Download</b> <b>PF_RING</b>: 

CVSROOT=:pserver:anonymous[at]cvs.ntop.org:/export/home/ntop;export CVSROOT 

mkdir &lt;directory to store <b>PF_RING</b> files&gt; 

cd &lt;directory to store <b>PF_RING</b> files&gt; 

cvs login (password is "ntop") 

cvs checkout <b>PF_RING</b> 

cd <b>PF_RING</b> 

- Edit mkpatch.sh so Kernel version variables equal FC4 kernel version 

created above. 

i.e. if "uname -r" returns "2.6.14-1.1656_FC4", then: 

VERSION=2 

PATCHLEVEL=6 

SUBLEVEL=14 

EXTRAVERSION="-1.1656_FC4-<b>PF_RING</b>" 

- Run "mkpatch.sh" 

- Copy the compressed patch file created by mkpatch.sh in the directory 

"workspace" 

(i.e. linux-2.6.14-1.1656_FC4-<b>PF_RING</b>) to /usr/src 

- Run "zcat &lt;patch file&gt; | patch --dry-run -p0" to test for errors 

- Run "zcat &lt;patch file&gt; | patch -p0" to apply patches 

## Build Kernel 

* With exception of enabling <b>PF_RING</b>, Instructions below are taken the 

from Fedora 

Core Release Notes about kernel compiling. Check there for definitive 

information. 

Edit Makefile to set VERSION, PATCHLEVEL, and EXTRAVERSION 

Run "make menuconfig" 

Enable <b>PF_RING</b> under "Networking-&gt;Networking options". 

Enable 64 GB memory support under "Processor type and features-&gt;High 

Memory Support" 

make 

make modules_install 

make install (to install kernel in /boot and make compressed ram image 

(unique to FC)) 

Edit /boot/grub/grub.conf, set default time out to 10 seconds and change 

the default boot to the new kernel. 

Reboot and test that system boots new kernel successfully. You can always 

reboot and select the old 

kernel from the grub loader menu if the new kernel doesn't work. 

## Build <b>PF_RING</b> enabled libpcap 

- Copy /usr/src/linux/include/linux/ring.h to /usr/include/linux 

(For some reason this doesn't get done when compiling the kernel). 

- Compile libpfring (This is one of those new steps that was not 

documented). 

cd <b>PF_RING</b>/userland/libpfring 

cp libpfring.a /usr/local/lib 

cp pfring.h /usr/local/include 

- Get version of libpcap specified version of <b>PF_RING</b> 

(Do an directory listing of <b>PF_RING</b>/userland to find version of libpcap 

to get 

Untar libpcap source in <b>PF_RING</b>/userland 

- Copy <b>pcap</b>-int.h and <b>pcap</b>-linux.c from 

<b>PF_RING</b>/userland/libpcap&lt;VERSION&gt;-ring to directory 

<b>PF_RING</b>/userland/libpcap&lt;VERSION&gt;. 

- Use the following configure command to make sure libpcap can find the 

ring libraries 

./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" 

- Build libpcap 

make install 

(default install is into /usr/local/include and /usr/local/lib) 

- cd back to <b>PF_RING</b>/userland/pcount. Make and run pcount to test to test 

if libpcap is working. 

You won't see any output until you stop the program with &lt;CTRL-C&gt;. 

[root[at]nmj-test libpfring]# ./pcount 

Capturing from eth0 

(Wait a bit, and hit &lt;CTRL-C&gt;. You should see the following): 

========================= 

Absolute Stats: [19 pkts rcvd][0 pkts dropped] 

Total Pkts=19/Dropped=0.0 % 

19 pkts [7.8 pkt/sec] - 5159 bytes [0.02 Mbit/sec] 

Actual Stats: 19 pkts [-1402903.2 ms][-0.0 pkt/sec] 

[root[at]nmj-test pcount]# 

## Compile nProbe to use libpcap. 

- Untar nProbe 

- Run "autogen.sh" (generates configure stuff, don't know why) 

- ./configure CPPFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib 

-lpfring" 

(again adding -lpfring is NOT documented). 

## Test running nprobe 

Watch the syslog file by running "tail -f /var/log/messages" 

Run nprobe 

Look for the following messages in to appear in /var/log/messages: 

Jan 27 14:15:47 nmj-test kernel: RING: successfully allocated 1024 KB 

[tot_mem=598076][order=8] 

Jan 27 14:15:47 nmj-test kernel: RING: allocated 7181 slots 

[slot_len=146][tot_mem=1048576] 

Jan 27 14:15:47 nmj-test kernel: device eth0 entered promiscuous mode 

## Other things you may want to consider to maximize performance. 

- Disable X (you can always start it by running the "startx" command). 

Edit /etc/inittab and comment out inittab entry that starts. 

- Disable graphical boot status 

Edit /boot/grub/grub.conf and remove "rhgb" option from grub.conf 

entries 

- Shutdown all unnecessary services 

- Review Firewall settings 

## Check the archives for ntop-misc mailing list, there is an e-mail about 

on how to 

make libpcap a shared library so it can be used with other applications 

that use libpcap 

(ethereal, snort). 

本文转自xiaotie博客园博客，原文链接http://www.cnblogs.com/xiaotie/archive/2006/04/20/379700.html如需转载请自行联系原作者

xiaotie 集异璧实验室(GEBLAB)