[Oisf-users] A question about bpf filter under suricata 4.1.2
Carlos Lopez
clopmz at outlook.com
Sun Feb 3 08:32:06 UTC 2019
Thanks Eric. I am using RHEL 7.6 and according to release notes, eBPF is supported in this release ... Is it possible to use eBPF compiling Suricata with eBPF support?
Regards,
C. L. Martinez
On 01/02/2019, 14:09, "Eric Leblond" <eric at regit.org> wrote:
Hi,
On Fri, 2019-02-01 at 11:58 +0000, Carlos Lopez wrote:
> Hi all,
>
> I am seeing a strange problem with BPF filters under Suricata 4.1.2.
> Using the following bpf filter works without problem under tcpdump:
>
> not host 10.1.53.70 and (vlan 10 or vlan 11)
>
> But using same filter in Suricata in pcap, bpf-filter section it
> doesn't works. Suricata doesn't see any packet ... Any idea why?
Multi vlan filtering is not working with regular BPF. You need to
switch to eBPF to do so but this is far more complicated to implement.
BR,
--
Eric
>
> Regards,
> C. L. Martinez
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Eric Leblond <eric at regit.org>
More information about the Oisf-users
mailing list