[Oisf-users] Suricata and pf_ring packet dissection

sukbir singh shai_mus at hotmail.com
Sun Sep 15 17:42:08 UTC 2013

Dear Victor,                  Thank you for the in depth explanation. I have also gone to read on the pf_ring documentation on this int pfring_recv(pfring *ring, u_char** buffer, u_int buffer_len, struct pfring_pkthdr *hdr,u_int8_t wait_for_incoming_packet) .
1. Another thing can I say the pf_ring u_char** buffer is what your p is ? 2. What does this represent  PacketGetFromQueueOrAlloc(); as I see you do a copy rite  ? 
 3.When say loop is referring to pfring_recv function right?  What actually you are doing in PfringProcessPacket ? 
4. What about this GET_PKT_DIRECT_DATA and I saw this function  memcpy(p->ext_pkt, GET_PKT_DIRECT_DATA(p), GET_PKT_DIRECT_MAX_SIZE(p)); ?
5.  In short can I say that you get the buffer and do all the operatives first before your dissect process?
Sorry I have been traversing and kind of lost.Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130916/3579ef31/attachment-0002.html>

More information about the Oisf-users mailing list