[Oisf-devel] Is it possible to set pfring filter
Will Metcalf
william.metcalf at gmail.com
Thu Sep 15 18:41:13 UTC 2011
I think that having BPF support would be very nice. I'm not familiar
with nfgrep based on the link though, it sounds like perhaps you can
accomplish something similar with PF_RING plug-ins and filters?!?!
Although the filters are built at compile time.
https://svn.ntop.org/svn/ntop/trunk/PF_RING/doc/UsersGuide.pdf
Regards,
Will
On Thu, Sep 15, 2011 at 10:48 AM, Victor Julien <victor at inliniac.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/15/2011 05:20 PM, Luca Deri wrote:
>> Will I leverage the pcap implementation, thus if you use
>> libpcap-over-pf_ring you have BPF. This because I didn't want to
>> merge into PF_RING the BPF code that should belong to pcap.
>
> I always assumed the actual filtering was done in the kernel. Is that
> not how it works?
>
>> This said having native BPF support on libpfring seems to be
>> desirable (at least according to your needs). Is this something I
>> should put on my todo list?
>
> Some form of filtering would be very nice. BPF is the standard, but
> something like nfgrep
> (http://home.regit.org/2011/08/pablo-neira-ayuso-nfgrep-traffic-classification-for-netfilteriptables/)
> would be nice too.
>
> Cheers,
> Victor
>
> - --
> - ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> - ---------------------------------------------
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk5yHmYACgkQiSMBBAuniMf0tQCfZH+tTZLxjBiLwa5PsJuXjvgw
> GhkAn0Qf7rPyWL/Jx+ZShBCrhXXeGrV+
> =cwrE
> -----END PGP SIGNATURE-----
>
More information about the Oisf-devel
mailing list