[Oisf-users] Suricata, traffic not passing (PF_RING)
Romagnoli Andrea
andrea.romagnoli at it.telecomitalia.it
Tue Jul 5 07:28:00 UTC 2016
> PF_RING based IPS is not yet supported. See
> https://redmine.openinfosecfoundation.org/issues/1726
>
> You can used AF_PACKET, NETMAP or NFQ on linux.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
Thank you very much Victor, we definitely missed that information!
Best Regards,
Andrea
> Slightly less than two cents:
>
> +1 AF_Packet - if speed is a priority and you want to be on the cutting
> edge of the Suricata experience.
> +1 Netmap - if you intend to do quite a bit of customizations and a little
> legwork to get it running.
> +1 NFQ - if you want something you probably already understand, have worked
> with, and boasts the most clear documentation.
>
> --
> Marcus Eagan
>
Thank you Marcus, it's the first way we are trying open-source IPS, so that's a really useful information!
We already tried AF_PACKET, now we are going to try Netmap and NFQ.
Do you have some specific hint before we start digging into Netmap?
Best Regards,
Andrea
More information about the Oisf-users
mailing list