[Oisf-users] A question about bpf filter under suricata 4.1.2
Eric Leblond
eric at regit.org
Fri Feb 1 13:09:44 UTC 2019
Hi,
On Fri, 2019-02-01 at 11:58 +0000, Carlos Lopez wrote:
> Hi all,
>
> I am seeing a strange problem with BPF filters under Suricata 4.1.2.
> Using the following bpf filter works without problem under tcpdump:
>
> not host 10.1.53.70 and (vlan 10 or vlan 11)
>
> But using same filter in Suricata in pcap, bpf-filter section it
> doesn't works. Suricata doesn't see any packet ... Any idea why?
Multi vlan filtering is not working with regular BPF. You need to
switch to eBPF to do so but this is far more complicated to implement.
BR,
--
Eric
>
> Regards,
> C. L. Martinez
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list