Snort mailing list archives
Re: PATCH 1/1]: DAQ pcaprr module
From: Russ Combs <rcombs () sourcefire com>
Date: Fri, 29 Apr 2011 10:52:57 -0400
Thanks! On Fri, Apr 29, 2011 at 10:41 AM, Jeff Murphy <jeff.murphy () gmail com> wrote:
Attached. Here's a suggested blurb (based on the Napatech blurb), feel free to edit PCAPRR External DAQ PCAPRR can be used to read from multiple network interfaces in cases where those interfaces can not be bonded together (e.g. when using Endace cards). To build this requires libpcap library. This is *NOT* a Sourcefire used or produced module, and support questions should be directed to Jeff Murphy <jcmurphy () jeffmurphy org>. On Apr 29, 2011, at 10:03 AM, Russ Combs wrote: Thanks for contributing. Please follow the guidelines here: http://www.snort.org/snort-downloads/external-daq/ Then send us a tarball and we'll add it to the above page. Russ On Fri, Apr 29, 2011 at 9:33 AM, Jeff Murphy <jeff.murphy () gmail com>wrote:We use Endace DAG cards in our sensors along with regen taps. Those cards don't work with the bonding driver, so merging the two streams from a regen tap isn't possible (unless we use a different tap or fix the drivers to work together). The attached patch creates a new module in the os-daq-modules directory called "pcaprr.c". This module will open multiple devices and then make round-robin reads from the device list (much like the bonding driver would if it worked with the DAG driver). Modifications made against DAQ 0.5 code. Example use: /usr/sbin/snort --daq-dir=/usr/lib64/daq --daq pcaprr -i dag0:4,dag1:4 I've been running this DAQ code for ~3 weeks now. jeff ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Joel Esler (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Michael Altizer (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Jeff Murphy (Apr 29)
- Re: PATCH 1/1]: DAQ pcaprr module Russ Combs (Apr 29)