[Oisf-users] AF_Packet Mode vs. NFQUEUE Mode
Eric Leblond
eric at regit.org
Fri Nov 13 13:37:51 UTC 2015
Hello Leonard,
On Fri, 2015-11-13 at 07:08 -0600, Leonard Jacobs wrote:
> What happens if the interfaces are bridged when using AF_Packet mode?
> Does that cause problems since this mode performs its own copy-mode
> between interfaces?
That would cause a duplication of packets:
* Bridge forward packets from iface 1 to 2
* Suricata see packets on iface 1 and copy packets on iface 2
> In NFQUEUE IPS mode, are the interfaces supposed to be bridged? Will
> IPTables not function properly without the interfaces being bridged?
No bridge needed. Using it is even the buggiest setup that can be done
(currently unexplained packets loss in that mode).
BR,
> Thanks.
>
> Leonard Jacobs
>
>
>
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/supp
> ort/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-u
> sers
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfeven
> ts.net
--
Eric Leblond <eric at regit.org>
Blog: https://home.regit.org/
More information about the Oisf-users
mailing list