[Oisf-users] Suricata and BPF filters

Victor Julien victor at inliniac.net
Tue May 29 13:42:43 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/29/2012 03:35 PM, Peter Bates wrote:
> 
> Hello all
> 
> I'm trying the following with Suricata (cloned from git earlier
> today)
> 
> suricata -c /etc/suricata/suricata.yaml --af-packet=eth6 
> --runmode=workers -F /etc/suricata/bpf
> 
> The contents of the BPF is:
> 
> net (144.82.114.0/23) or host (193.60.236.98 or 91.233.244.102 or 
> 74.207.249.7 or 50.116.35.158 or 23.21.71.54 or 128.61.240.94 or 
> 50.62.12.103 or 82.141.230.155 or 194.98.50.137)
> 
> - which I've used as the -F argument to Snort and which appears to 
> work okay but with Suricata I'm definitely seeing hits that do not 
> match the above.
> 
> Is there something wrong with my BPF list or am I missing
> something?

BPF is not yet supported for af_packet:
https://redmine.openinfosecfoundation.org/issues/440

- -- 
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/E0lMACgkQiSMBBAuniMektQCfUJXqB4mu/MEE3VLHmzpsqk1A
QZgAn2QHpW8EnnjfbRyYkuTA2CU3U7KQ
=elbh
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list