Compiling rules, Creating rules files, Rules capacity – Force10 Networks PSeries 100-00055-01 User Manual

P-Series Installation and Operation Guide, version 2.3.1.2

55

The P-Series Network Interface Card Compiler (pnic-Compiler) produces user-defined firmware for the
appliances. The user-defined input is a set of signature-based rules in Snort syntax, and compilation
directives. The output of the compiler is a Xilinx bit file and ASCII mapping files that map specified
signatures to internal configuration registers. The configuration registers are used to disable/enable rules or
block packets.

Creating Rules Files

Store rules files in a pnic-compiler sub-directory — for example pnic-compiler/rules. Force10
recommends not storing rules files elsewhere because this increases the length of the firmware file name.

Rules Capacity

The maximum rules capacity for the P10 is approximatly 14000 static rules or 200 dynamic rules. The
space required for a static rule depends upon its complexity.

Compiling Rules

Note: The pnic-Compiler is managed with GNU make.

To complile rules:

Chapter 8

Compiling Rules

Step

Task

1

Change directory to pnic-compiler.

2

Enter the command

gmake. This command invokes the configuration script, the pnic-Compiler, and the

Xilinx compiler, in succession. Entering

time gmake invokes the same processes, but this command

measures the compilation time as well.

3

The script prompts you for a number of compilation options. Refer to

Table 8

for a description of each

option, and enter a response for each.