[Discussion] Suricata with PF_RING 4.7

• Previous message (by thread): [Discussion] Suricata with PF_RING 4.7
• Next message (by thread): [Discussion] Suricata with PF_RING 4.7
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09/17/2011 10:09 PM, Mohsen Saeedi wrote:
> What is AF_PACKET? I didn't hear about it.

It's an alternative packet acquisition method. It's faster than pcap it
seems, more like pf_ring. I haven't seen benchmarks yet though.

If you compile the git version [1], pass --enable-af-packet to
./configure and then start Suricata with --af-packet=eth0.

Cheers,
Victor

[1]
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation_from_GIT

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

• Previous message (by thread): [Discussion] Suricata with PF_RING 4.7
• Next message (by thread): [Discussion] Suricata with PF_RING 4.7
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]