Snort mailing list archives
Re: PATCH 1/1]: DAQ pcaprr module
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 29 Apr 2011 10:03:55 -0400
Thanks for contributing. Please follow the guidelines here: http://www.snort.org/snort-downloads/external-daq/ Then send us a tarball and we'll add it to the above page. Russ On Fri, Apr 29, 2011 at 9:33 AM, Jeff Murphy <jeff.murphy () gmail com> wrote:
We use Endace DAG cards in our sensors along with regen taps. Those cards don't work with the bonding driver, so merging the two streams from a regen tap isn't possible (unless we use a different tap or fix the drivers to work together). The attached patch creates a new module in the os-daq-modules directory called "pcaprr.c". This module will open multiple devices and then make round-robin reads from the device list (much like the bonding driver would if it worked with the DAG driver). Modifications made against DAQ 0.5 code. Example use: /usr/sbin/snort --daq-dir=/usr/lib64/daq --daq pcaprr -i dag0:4,dag1:4 I've been running this DAQ code for ~3 weeks now. jeff ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Joel Esler (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Michael Altizer (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)