Building with pfring support

CHANGELOG

@@ -10,6 +10,10 @@
   - Added missing ssh.ver from spigraph
   - EXPERIMENTAL: Multi cluster search (issue #97)
   - Fixed CSV not equal search queries with range fields (issue #132)
+  - BREAKING: To specify install dir with ./easybutton-build.sh  use --dir
+    for example: ./easybutton-build.sh --dir /nids/moloch
+  - Can build with PFRING now, easybutton-build.sh has --pfring
+    or easybutton-single.sh asks
 
 0.9.0 2013/08/26
   - 32bit fix for lpd/fpd

configure

@@ -659,6 +659,7 @@ ac_subst_files=''
 ac_user_opts='
 enable_option_checking
 enable_dependency_tracking
+with_pfring
 with_libpcap
 with_libnids
 with_yara
@@ -1298,6 +1299,7 @@ Optional Features:
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-pfring=DIR use pfring build directory
   --with-libpcap=DIR use libpcap build directory
   --with-libnids=DIR use libnids build directory
   --with-yara=DIR use yara build directory
@@ -3790,6 +3792,51 @@ fi
 
 
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pfring" >&5
+$as_echo_n "checking for pfring... " >&6; }
+
+# Check whether --with-pfring was given.
+if test "${with_pfring+set}" = set; then :
+  withval=$with_pfring;  case "$withval" in
+  yes|no)
+     { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+     ;;
+  *)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
+$as_echo "$withval" >&6; }
+    if test -f $withval/userland/libpcap/pcap.h -a -f $withval/userland/libpcap/libpcap.a; then
+      owd=`pwd`
+      if cd $withval; then
+        withval=`pwd`;
+        cd $owd;
+      fi
+
+      PCAP_CFLAGS="-I$withval"
+      PCAP_LIBS="$withval/userland/libpcap/libpcap.a $withval/userland/lib/libpfring.a"
+    elif test -f $withval/userland/libpcap/include/pcap.h -a -f $withval/userland/libpcap/lib/libpcap.a; then
+      owd=`pwd`
+      if cd $withval; then
+        withval=`pwd`;
+        cd $owd;
+      fi
+
+      PCAP_CFLAGS="-I$withval/userland/libpcap/include"
+      PCAP_LIBS="$withval/userland/libpcap/lib/libpcap.a $withval/userland/lib/libpfring.a"
+    else
+      as_fn_error $? "pcap.h or libpcap.a not found in $withval" "$LINENO" 5
+    fi
+    ;;
+esac
+else
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libpcap" >&5
 $as_echo_n "checking for libpcap... " >&6; }
 
@@ -3828,7 +3875,9 @@ $as_echo "$withval" >&6; }
 esac
 else
 
-  if test -f ${prefix}/include/pcap.h; then
+  if test "x$PCAP_LIBS" != "x"; then
+      BLAHBLAH=1
+  elif test -f ${prefix}/include/pcap.h; then
      PCAP_CFLAGS="-I${prefix}/include"
      PCAP_LIBS="-L${exec_prefix}/lib -lpcap"
   elif test -f /usr/include/pcap/pcap.h; then

configure.ac

@@ -18,6 +18,43 @@ AC_CHECK_LIB(uuid, main,,AC_MSG_ERROR(please install uuid library))
 AC_CHECK_LIB(magic, main,,AC_MSG_ERROR(please install magic library))
 
 
+dnl Checks for pfring
+AC_MSG_CHECKING(for pfring)
+AC_ARG_WITH(pfring,
+[  --with-pfring=DIR use pfring build directory],
+[ case "$withval" in
+  yes|no)
+     AC_MSG_RESULT(no)
+     ;;
+  *)
+  AC_MSG_RESULT($withval)
+    if test -f $withval/userland/libpcap/pcap.h -a -f $withval/userland/libpcap/libpcap.a; then
+      owd=`pwd`
+      if cd $withval; then
+        withval=`pwd`;
+        cd $owd;
+      fi
+
+      PCAP_CFLAGS="-I$withval"
+      PCAP_LIBS="$withval/userland/libpcap/libpcap.a $withval/userland/lib/libpfring.a"
+    elif test -f $withval/userland/libpcap/include/pcap.h -a -f $withval/userland/libpcap/lib/libpcap.a; then
+      owd=`pwd`
+      if cd $withval; then
+        withval=`pwd`;
+        cd $owd;
+      fi
+
+      PCAP_CFLAGS="-I$withval/userland/libpcap/include"
+      PCAP_LIBS="$withval/userland/libpcap/lib/libpcap.a $withval/userland/lib/libpfring.a"
+    else
+      AC_ERROR(pcap.h or libpcap.a not found in $withval)
+    fi
+    ;;
+esac ], [
+AC_MSG_RESULT(no) ])
+AC_SUBST(PCAP_CFLAGS)
+AC_SUBST(PCAP_LIBS)
+
 dnl Checks for libpcap
 AC_MSG_CHECKING(for libpcap)
 AC_ARG_WITH(libpcap,
@@ -51,7 +88,9 @@ AC_ARG_WITH(libpcap,
     fi
     ;;
 esac ], [
-  if test -f ${prefix}/include/pcap.h; then
+  if test "x$PCAP_LIBS" != "x"; then
+      BLAHBLAH=1
+  elif test -f ${prefix}/include/pcap.h; then
      PCAP_CFLAGS="-I${prefix}/include"
      PCAP_LIBS="-L${exec_prefix}/lib -lpcap"
   elif test -f /usr/include/pcap/pcap.h; then

easybutton-build.sh

@@ -14,11 +14,32 @@ YARA=1.7
 GEOIP=1.4.8
 PCAP=1.3.0
 NIDS=1.24
+PFRING=5.6.1
 
 TDIR="/data/moloch"
-if [ "$#" -gt 0 ]; then
-    TDIR="$1"
-fi
+DOPFRING=0
+
+while :
+do
+  case $1 in
+  -p | --pf_ring | --pfring)
+    DOPFRING=1
+    shift
+    ;;
+  -d | --dir)
+    TDIR=$2
+    shift 2
+    ;;
+  -*)
+    echo "Unknown option '$1'"
+    exit 1
+    ;;
+  *)
+    break
+    ;;
+  esac
+done
+
 
 # Installing dependencies
 echo "MOLOCH: Installing Dependencies"
@@ -73,26 +94,43 @@ if [ -f "/usr/bin/libtoolize" ]; then
 fi
 (cd GeoIP-$GEOIP ; ./configure --enable-static; make)
 
-# libpcap
-if [ ! -f "libpcap-$PCAP.tar.gz" ]; then
-  wget http://www.tcpdump.org/release/libpcap-$PCAP.tar.gz
+if [ $DOPFRING -eq 1 ]; then
+    # pfring
+    echo "PFRING";
+    if [ ! -f "PF_RING-$PFRING.tar.gz" ]; then
+      wget -O PF_RING-$PFRING.tar.gz http://sourceforge.net/projects/ntop/files/PF_RING/PF_RING-$PFRING.tar.gz/download
+    fi
+    tar zxf PF_RING-$PFRING.tar.gz
+    (cd PF_RING-$PFRING; make)
+
+    PFRINGDIR=`pwd`/PF_RING-$PFRING
+    PCAPDIR=$PFRINGDIR/userland/libpcap
+    PCAPBUILD="--with-pfring=$PFRINGDIR"
+else
+    echo "NOT PFRING";
+    # libpcap
+    if [ ! -f "libpcap-$PCAP.tar.gz" ]; then
+      wget http://www.tcpdump.org/release/libpcap-$PCAP.tar.gz
+    fi
+    tar zxf libpcap-$PCAP.tar.gz
+    (cd libpcap-$PCAP; ./configure --disable-libglib; make)
+    PCAPDIR=`pwd`/libpcap-$PCAP
+    PCAPBUILD="--with-libpcap=$PCAPDIR"
 fi
-tar zxf libpcap-$PCAP.tar.gz
-(cd libpcap-$PCAP; ./configure --disable-libglib; make)
 
 # libnids
 if [ ! -f "libnids-$NIDS.tar.gz" ]; then
   wget http://downloads.sourceforge.net/project/libnids/libnids/$NIDS/libnids-$NIDS.tar.gz
 fi
 tar zxf libnids-$NIDS.tar.gz
-( cd libnids-$NIDS; ./configure --enable-static --disable-libnet --with-libpcap=../libpcap-$PCAP --disable-libglib; make)
+( cd libnids-$NIDS; ./configure --enable-static --disable-libnet --with-libpcap=$PCAPDIR --disable-libglib; make)
 
 
 # Now build moloch
 echo "MOLOCH: Building capture"
 cd ..
-echo "./configure --prefix=$TDIR --with-libpcap=thirdparty/libpcap-$PCAP --with-libnids=thirdparty/libnids-$NIDS --with-yara=thirdparty/yara-$YARA --with-GeoIP=thirdparty/GeoIP-$GEOIP --with-glib2=thirdparty/glib-$GLIB"
-./configure --prefix=$TDIR --with-libpcap=thirdparty/libpcap-$PCAP --with-libnids=thirdparty/libnids-$NIDS --with-yara=thirdparty/yara-$YARA --with-GeoIP=thirdparty/GeoIP-$GEOIP --with-glib2=thirdparty/glib-$GLIB
+echo "./configure --prefix=$TDIR $PCAPBUILD --with-libnids=thirdparty/libnids-$NIDS --with-yara=thirdparty/yara-$YARA --with-GeoIP=thirdparty/GeoIP-$GEOIP --with-glib2=thirdparty/glib-$GLIB"
+./configure --prefix=$TDIR $PCAPBUILD --with-libnids=thirdparty/libnids-$NIDS --with-yara=thirdparty/yara-$YARA --with-GeoIP=thirdparty/GeoIP-$GEOIP --with-glib2=thirdparty/glib-$GLIB
 make
 
 exit 0

easybutton-singlehost.sh

@@ -88,8 +88,18 @@ if [ $JAVA_VAL -ne 0 ]; then
     fi
 fi
 
+echo -n "Use pfring? ('yes' enables) [no] "
+read USEPFRING
+PFRING=""
+if [ -n "$USEPFRING" -a "x$USEPFRING" = "xyes" ]; then 
+    echo "MOLOCH - Using pfring - Make sure to install the kernel modules"
+    sleep 1
+    PFRING="--pfring"
+fi
+
 # Building thirdparty libraries and moloch
-./easybutton-build.sh "$TDIR"
+echo ./easybutton-build.sh --dir "$TDIR" $PFRING
+./easybutton-build.sh --dir "$TDIR" $PFRING
 if [ $? -ne 0 ]; then
   exit 1
 fi
@@ -153,8 +163,10 @@ if [ ! -f "GeoIP.dat" ]; then
   gunzip GeoIP.dat.gz
 fi
 
-wget http://www.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
-gunzip GeoIPASNum.dat.gz
+if [ ! -f "GeoIPASNum.dat" ]; then
+  wget http://www.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
+  gunzip GeoIPASNum.dat.gz
+fi