[Oisf-users] Suricata, traffic not passing (PF_RING)

Romagnoli Andrea andrea.romagnoli at it.telecomitalia.it
Tue Jul 5 07:28:00 UTC 2016


> PF_RING based IPS is not yet supported. See
> https://redmine.openinfosecfoundation.org/issues/1726
>
> You can used AF_PACKET, NETMAP or NFQ on linux.
> 
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> 

Thank you very much Victor, we definitely missed that information!

Best Regards,
Andrea

> Slightly less than two cents:
> 
> +1 AF_Packet - if speed is a priority and you want to be on the cutting
> edge of the Suricata experience.
> +1 Netmap - if you intend to do quite a bit of customizations and a little
> legwork to get it running.
> +1 NFQ - if you want something you probably already understand, have worked
> with, and boasts the most clear documentation.
> 
> -- 
> Marcus Eagan
> 

Thank you Marcus, it's the first way we are trying open-source IPS, so that's a really useful information!
We already tried AF_PACKET, now we are going to try Netmap and NFQ.
Do you have some specific hint before we start digging into Netmap?

Best Regards,
Andrea




More information about the Oisf-users mailing list