[Oisf-users] Suricata and pf_ring packet dissection
sukbir singh
shai_mus at hotmail.com
Sun Sep 15 17:42:08 UTC 2013
Dear Victor, Thank you for the in depth explanation. I have also gone to read on the pf_ring documentation on this int pfring_recv(pfring *ring, u_char** buffer, u_int buffer_len, struct pfring_pkthdr *hdr,u_int8_t wait_for_incoming_packet) .
1. Another thing can I say the pf_ring u_char** buffer is what your p is ? 2. What does this represent PacketGetFromQueueOrAlloc(); as I see you do a copy rite ?
3.When say loop is referring to pfring_recv function right? What actually you are doing in PfringProcessPacket ?
4. What about this GET_PKT_DIRECT_DATA and I saw this function memcpy(p->ext_pkt, GET_PKT_DIRECT_DATA(p), GET_PKT_DIRECT_MAX_SIZE(p)); ?
5. In short can I say that you get the buffer and do all the operatives first before your dissect process?
Sorry I have been traversing and kind of lost.Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130916/3579ef31/attachment-0002.html>
More information about the Oisf-users
mailing list