Manualshelf

Pseries Installation Guide

ManualsBrandsForce10 Networks ManualsNetwork CardPSeries 100-00055-01
51525354555657585960
P-Series Installation and Operation Guide, version 2.3.1.2 55
The P-Series Network Interface Card Compiler (pnic-Compiler) produces user-defined firmware for the
appliances. The user-defined input is a set of signature-based rules in Snort syntax, and compilation
directives. The output of the compiler is a Xilinx bit file and ASCII mapping files that map specified
signatures to internal configuration registers. The configuration registers are used to disable/enable rules or
block packets.
Creating Rules Files
Store rules files in a pnic-compiler sub-directory — for example pnic-compiler/rules. Force10
recommends not storing rules files elsewhere because this increases the length of the firmware file name.
Rules Capacity
The maximum rules capacity for the P10 is approximatly 14000 static rules or 200 dynamic rules. The
space required for a static rule depends upon its complexity.
Compiling Rules
Note: The pnic-Compiler is managed with GNU make.
To complile rules:
Chapter 8 Compiling Rules
Step Task
1 Change directory to pnic-compiler.
2 Enter the command gmake. This command invokes the configuration script, the pnic-Compiler, and the
Xilinx compiler, in succession. Entering time gmake invokes the same processes, but this command
measures the compilation time as well.
3 The script prompts you for a number of compilation options. Refer to Table 8 for a description of each
option, and enter a response for each.