[Oisf-devel] Is it possible to set pfring filter
Chris Wakelin
c.d.wakelin at reading.ac.uk
Wed Sep 14 12:19:37 UTC 2011
If you use PF_RING-enabled libpcap then "-F" should work.
You can also do clustering by setting environment variables
PCAP_PF_RING_CLUSTER_ID=99 and PCAP_PF_RING_USE_CLUSTER_PER_FLOW=yes but
would presumably need to run multiple instances of Suricata to benefit.
Best Wishes,
Chris
On 14/09/2011 13:08, Victor Julien wrote:
> Does PF_RING have something similar to bpf that we could support?
>
> On 09/14/2011 02:06 PM, Will Metcalf wrote:
>> Currently this isn't possible.
>>
>> Regards,
>>
>> Will
>>
>> On Wed, Sep 14, 2011 at 4:29 AM, Delta Yeh <delta.yeh at gmail.com> wrote:
>>> Hi,
>>> As we know, we can use -F option to set bpf filter.
>>> Is there a way to set pfring filter ?
>>>
>>>
>>> BR,
>>> DeltaY
>>> _______________________________________________
>>> Oisf-devel mailing list
>>> Oisf-devel at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>>
>> _______________________________________________
>> Oisf-devel mailing list
>> Oisf-devel at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>
>
>
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list